Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: fixes some npm audit vulnerabilities #59

Merged
merged 1 commit into from
Jan 31, 2022
Merged

Chore: fixes some npm audit vulnerabilities #59

merged 1 commit into from
Jan 31, 2022

Conversation

lalaps[bot]
Copy link
Contributor

@lalaps lalaps bot commented Jan 30, 2022
edited by pustovitDmytro
Loading

This PR fixes some of found vulnerabilities.

Fixed 2 of 5 npm vulnerabilities.
3 issues left.
Success Rate: 40.0%

Vulnerabilities:

Inefficient Regular Expression Complexity in chalk/ansi-regex
Library: ansi-regex
Affected versions: >2.1.1 <5.0.1
Severity: moderate
Fix: ❌ true
Root Libraries:

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Library: node-fetch
Affected versions: <2.6.7
Severity: high
Fix: ✔️ true
Root Libraries:

  • ✔️ danger 0.0.2 - 3.4.6 || 10.4.1 - 10.8.0. Fixed in true

You can wait for the next updates with a full fix or merge immediately.
In case of closing this PR, it will be recreated. If that's undesired, modify config.

This change is Reviewable

@lalaps lalaps bot requested a review from pustovitDmytro as a code owner January 30, 2022 01:11
@lalaps lalaps bot added dependencies Pull requests that update a dependency file security labels Jan 30, 2022
@lalaps lalaps bot mentioned this pull request Jan 30, 2022
Open
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@pustovitDmytro
Copy link
Owner

Warnings
⚠️

Only owner can change system files [package-lock.json], please provide issue instead
Messages
📖

lalaps[bot] login already contributed 2 times
📖 Changed Files in this PR:
  • package-lock.json

Generated by 🚫 dangerJS against 2afed80

@pustovitDmytro pustovitDmytro merged commit 40d5a30 into master Jan 31, 2022
pustovitDmytro pushed a commit that referenced this pull request Feb 9, 2022
@semantic-release-bot
Chore: (release) add version 1.1.8 [skip ci]
ff570be 
## [1.1.8](v1.1.7...v1.1.8) (2022-02-09)

### Chore

* fixes some npm audit vulnerabilities (#59) ([40d5a30](40d5a30)), closes [#59](#59)
* Lock file maintenance ([726a007](726a007))
* Lock file maintenance (#45) ([4b1a5a2](4b1a5a2)), closes [#45](#45)
* Update dependency node-fetch to 2.6.7 [SECURITY] (#53) ([50a008a](50a008a)), closes [#53](#53)
* Update devDependencies (non-major) (#47) ([5d0ec54](5d0ec54)), closes [#47](#47)
* Update devDependencies (non-major) (#48) ([725c88d](725c88d)), closes [#48](#48)

### Upgrade

* Update dependency winston-transport to v4.5.0 (#61) ([9fc8d1c](9fc8d1c)), closes [#61](#61)
@pustovitDmytro
Copy link
Owner

🎉 This PR is included in version 1.1.8 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pustovitDmytro pustovitDmytro Awaiting requested review from pustovitDmytro pustovitDmytro is a code owner

Assignees

@pustovitDmytro pustovitDmytro

Labels
dependencies Pull requests that update a dependency file released security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pustovitDmytro