Using @dependabot's dependencyabot[bot] feature to reduce the number of security vulnerabilities#46
Open
quanngynx wants to merge 31 commits intoLona:masterfrom
Open
Using @dependabot's dependencyabot[bot] feature to reduce the number of security vulnerabilities#46quanngynx wants to merge 31 commits intoLona:masterfrom
quanngynx wants to merge 31 commits intoLona:masterfrom
Conversation
Bumps [json5](https://github.com/json5/json5) from 2.1.1 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.1.1...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.7.4 to 7.25.7. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.7/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) --- updated-dependencies: - dependency-name: decode-uri-component dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together. Updates `ansi-regex` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v4.1.0...v4.1.1) Updates `ansi-regex` from 3.0.0 to 4.1.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…787f004 Bump ansi-regex
…verse-7.25.7 Bump @babel/traverse from 7.7.4 to 7.25.7
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.7 to 1.5.10. - [Commits](unshiftio/url-parse@1.5.7...1.5.10) --- updated-dependencies: - dependency-name: url-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fsevents](https://github.com/fsevents/fsevents) from 1.2.9 to 1.2.13. - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.2.9...v1.2.13) --- updated-dependencies: - dependency-name: fsevents dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…1.2.13 Bump fsevents from 1.2.9 to 1.2.13
…e-1.5.10 Bump url-parse from 1.5.7 to 1.5.10
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: qs dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [ws](https://github.com/websockets/ws) from 5.2.3 to 5.2.4. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.3...5.2.4) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [braces](https://github.com/micromatch/braces) to 3.0.3 and updates ancestor dependency [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest). These dependencies need to be updated together. Updates `braces` from 2.3.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.3) Updates `jest` from 24.9.0 to 29.7.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v29.7.0/packages/jest) --- updated-dependencies: - dependency-name: braces dependency-type: indirect - dependency-name: jest dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together. Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: json-schema dependency-type: indirect - dependency-name: jsprim dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.6. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.2...v6.12.6) --- updated-dependencies: - dependency-name: ajv dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…8db22d76 Bump json-schema and jsprim
Bump ws from 5.2.3 to 5.2.4
Bumps [yargs-parser](https://github.com/yargs/yargs-parser) to 13.1.2 and updates ancestor dependency [ts-jest](https://github.com/kulshekhar/ts-jest). These dependencies need to be updated together. Updates `yargs-parser` from 13.1.1 to 13.1.2 - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md) - [Commits](https://github.com/yargs/yargs-parser/commits) Updates `ts-jest` from 24.2.0 to 29.2.5 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v24.2.0...v29.2.5) --- updated-dependencies: - dependency-name: yargs-parser dependency-type: indirect - dependency-name: ts-jest dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…cc7d425 Bump braces and jest
Bump json5 from 2.1.1 to 2.2.3
Bump qs from 6.5.2 to 6.5.3
…i-component-0.2.2 Bump decode-uri-component from 0.2.0 to 0.2.2
Bump ajv from 6.10.2 to 6.12.6
…a0c11211 Bump yargs-parser and ts-jest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I used @dependabot's feature dependabot[bot] and it seems to have reduced it to 5 vulnerabilities (2 high, 3 critical) on my local computer. Hope this can help you!