Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vulnerable packages #5535

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Update vulnerable packages #5535

wants to merge 8 commits into from
+1,291 −944

Conversation

devsecopskallie
Copy link

@devsecopskallie devsecopskallie commented Oct 16, 2024
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)

What does this PR do?

Where should the reviewer start?

How should this be manually tested?

@devsecopskallie devsecopskallie requested a review from a team as a code owner October 16, 2024 19:42
@CLAassistant
Copy link

CLAassistant commented Oct 16, 2024
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 3 committers have signed the CLA.

✅ devsecopskallie
❌ snyk-bot
❌ dependabot[bot]
You have signed the CLA already but the status is still pending? Let us recheck it.

snyk-bot and others added 6 commits October 17, 2024 18:58
@snyk-bot
fix: ts-binary-wrapper/package.json & ts-binary-wrapper/package-lock.…
c814b79 
…json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
@devsecopskallie
Merge pull request #2 from devsecopskallie/snyk-fix-53aff01adb0a55ff3…
1d16f49 
…df689d6f4f4cc91

[Snyk] Security upgrade @sentry/node from 7.36.0 to 7.75.0
@dependabot
chore(deps): bump lodash in /test/acceptance/workspaces/yarn-v2
018762f 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.0 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.0...4.17.21)

---
updated-dependencies:
- dependency-name: lodash
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@devsecopskallie
Merge pull request #4 from devsecopskallie/dependabot/npm_and_yarn/te…
f9c0061 
…st/acceptance/workspaces/yarn-v2/lodash-4.17.21

chore(deps): bump lodash from 4.17.0 to 4.17.21 in /test/acceptance/workspaces/yarn-v2
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
4bef3c2 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-SHESCAPE-5734237
- https://snyk.io/vuln/SNYK-JS-SHESCAPE-5849592
@devsecopskallie
Merge pull request #8 from devsecopskallie/snyk-fix-f81cf75975322289d…
425ce64 
…83b02932747c5d5

[Snyk] Fix for 3 vulnerabilities
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@devsecopskallie @CLAassistant @snyk-bot