Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: fixes some npm audit vulnerabilities #91

Merged
merged 1 commit into from
Feb 2, 2022
Merged

Chore: fixes some npm audit vulnerabilities #91

merged 1 commit into from
Feb 2, 2022

Conversation

lalaps[bot]
Copy link
Contributor

@lalaps lalaps bot commented Feb 2, 2022
edited by pustovitDmytro
Loading

This PR fixes some of found vulnerabilities.

Fixed 5 of 8 npm vulnerabilities.
3 issues left.
Success Rate: 62.5%

Vulnerabilities:

Inefficient Regular Expression Complexity in chalk/ansi-regex
Library: ansi-regex
Affected versions: >2.1.1 <5.0.1
Severity: moderate
Fix: ❌ true
Root Libraries:

json-schema is vulnerable to Prototype Pollution
Library: json-schema
Affected versions: <0.4.0
Severity: moderate
Fix: ✔️ true
Root Libraries:

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Library: node-fetch
Affected versions: <2.6.7
Severity: high
Fix: ✔️ true
Root Libraries:

Uncontrolled Resource Consumption in trim-off-newlines
Library: trim-off-newlines
Affected versions: <1.0.3
Severity: moderate
Fix: ✔️ true
Root Libraries:

You can wait for the next updates with a full fix or merge immediately.
In case of closing this PR, it will be recreated. If that's undesired, modify config.

This change is Reviewable

@lalaps lalaps bot requested a review from pustovitDmytro as a code owner February 2, 2022 01:07
@lalaps lalaps bot added dependencies Pull requests that update a dependency file security labels Feb 2, 2022
@lalaps lalaps bot mentioned this pull request Feb 2, 2022
Open
@sonarcloud
Copy link

sonarcloud bot commented Feb 2, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@pustovitDmytro
Copy link
Owner

Warnings
⚠️

Only owner can change system files [package-lock.json], please provide issue instead
Messages
📖

lalaps[bot] login already contributed 3 times
📖 Changed Files in this PR:
  • package-lock.json

Generated by 🚫 dangerJS against 25944c4

@pustovitDmytro pustovitDmytro merged commit 1f623d2 into master Feb 2, 2022
@pustovitDmytro pustovitDmytro deleted the lalaps/npm-force-partial-fix branch February 2, 2022 10:05
pustovitDmytro pushed a commit that referenced this pull request Feb 4, 2022
@semantic-release-bot
Chore: (release) add version 2.1.1 [skip ci]
f118925 
## [2.1.1](v2.1.0...v2.1.1) (2022-02-04)

### Chore

* fixes some npm audit vulnerabilities (#90) ([acde82f](acde82f)), closes [#90](#90)
* fixes some npm audit vulnerabilities (#91) ([1f623d2](1f623d2)), closes [#91](#91)
* Update devDependencies (non-major) (#61) ([d66c55c](d66c55c)), closes [#61](#61)
* Update devDependencies (non-major) (major) (#68) ([a46a805](a46a805)), closes [#68](#68)

### Upgrade

* Update dependency myrmidon to v1.7.2 (#93) ([19f1652](19f1652)), closes [#93](#93)
@pustovitDmytro
Copy link
Owner

🎉 This PR is included in version 2.1.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pustovitDmytro pustovitDmytro Awaiting requested review from pustovitDmytro pustovitDmytro is a code owner

Assignees

@pustovitDmytro pustovitDmytro

Labels
dependencies Pull requests that update a dependency file released security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pustovitDmytro