Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update dependencies #8408

Merged
merged 20 commits into from
May 1, 2024
Merged

update dependencies #8408

merged 20 commits into from
May 1, 2024

Conversation

Vadman97
Copy link
Member

@Vadman97 Vadman97 commented May 1, 2024
edited
Loading

Summary

  • adds script for tracking security fixes
  • pulls in dependabot alerts

How did you test this change?

local deploy
https://www.loom.com/share/3833e19ca0384d0e87d6a8644ff23c6c

Are there any deployment considerations?

no

Does this work require review from our design team?

no

Vadman97 and others added 8 commits April 30, 2024 17:45
@Vadman97
add scripts to track security fixes
902f4e6
@dependabot @Vadman97
Bump github.com/aws/aws-sdk-go-v2 from 1.26.0 to 1.26.1 in /backend
a4a11e1 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.26.0 to 1.26.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.26.0...v1.26.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump github.com/aws/aws-sdk-go-v2/service/s3 in /backend
9daf91c 
Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.53.0 to 1.53.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.53.0...service/s3/v1.53.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump github.com/bradleyfalzon/ghinstallation/v2 in /backend
5c4611e 
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](bradleyfalzon/ghinstallation@v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump github.com/aws/aws-sdk-go-v2/config in /backend
9270956 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.7 to 1.27.11.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.27.7...config/v1.27.11)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump the go_modules group across 3 directories with 1 update
7eb40c0 
Bumps the go_modules group with 1 update in the /e2e/go directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 1 update in the /sdk/highlight-go directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 1 update in the /sdk/highlightinc-highlight-datasource directory: [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.22.0...v0.23.0)

Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.22.0...v0.23.0)

Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump the go_modules group across 4 directories with 1 update
1e9c546 
Bumps the go_modules group with 1 update in the /e2e/go directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 1 update in the /e2e/nextjs/go-service directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 1 update in the /sdk/highlight-go directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 1 update in the /sdk/highlightinc-highlight-datasource directory: [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.22.0...v0.23.0)

Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.22.0...v0.23.0)

Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.22.0...v0.23.0)

Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@Vadman97
go mod tidy
cc336ba
@Vadman97 Vadman97 requested review from mayberryzane and a team May 1, 2024 00:49
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 1, 2024
edited
Loading

🦋 Changeset detected

Latest commit: b77c594

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

💥 An error occurred when fetching the changed packages and changesets in this PR 
Some errors occurred when validating the changesets config:
The package or glob expression "rrdom" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.
The package or glob expression "rrdom-nodejs" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.
The package or glob expression "rrweb" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.
The package or glob expression "rrweb-player" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.
The package or glob expression "rrweb-snapshot" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.
The package or glob expression "@rrweb/types" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.
The package or glob expression "@rrweb/web-extension" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.
The package or glob expression "rrvideo" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.

dependabot bot added 11 commits April 30, 2024 17:49
@dependabot @Vadman97
Bump @types/sanitize-html from 2.6.2 to 2.11.0
e8dd584 
Bumps [@types/sanitize-html](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sanitize-html) from 2.6.2 to 2.11.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sanitize-html)

---
updated-dependencies:
- dependency-name: "@types/sanitize-html"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump @graphql-codegen/named-operations-object from 2.1.0 to 3.0.0
0c9d8f2 
Bumps [@graphql-codegen/named-operations-object](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/named-operations-object) from 2.1.0 to 3.0.0.
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/named-operations-object/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/named-operations-object@3.0.0/packages/plugins/typescript/named-operations-object)

---
updated-dependencies:
- dependency-name: "@graphql-codegen/named-operations-object"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump sonner from 1.4.3 to 1.4.41
c81388c 
Bumps [sonner](https://github.com/emilkowalski/sonner) from 1.4.3 to 1.4.41.
- [Release notes](https://github.com/emilkowalski/sonner/releases)
- [Commits](emilkowalski/sonner@v1.4.3...v.1.4.41)

---
updated-dependencies:
- dependency-name: sonner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump happy-dom from 14.3.8 to 14.7.1
f39261c 
Bumps [happy-dom](https://github.com/capricorn86/happy-dom) from 14.3.8 to 14.7.1.
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v14.3.8...v14.7.1)

---
updated-dependencies:
- dependency-name: happy-dom
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump sass-loader from 13.3.1 to 14.2.1
cfb1fc8 
Bumps [sass-loader](https://github.com/webpack-contrib/sass-loader) from 13.3.1 to 14.2.1.
- [Release notes](https://github.com/webpack-contrib/sass-loader/releases)
- [Changelog](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md)
- [Commits](webpack-contrib/sass-loader@v13.3.1...v14.2.1)

---
updated-dependencies:
- dependency-name: sass-loader
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump the pip group across 1 directory with 2 updates
6245101 
Bumps the pip group with 2 updates in the /sdk/highlight-py directory: [gunicorn](https://github.com/benoitc/gunicorn) and [sqlparse](https://github.com/andialbrecht/sqlparse).


Updates `gunicorn` from 21.2.0 to 22.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@21.2.0...22.0.0)

Updates `sqlparse` from 0.4.4 to 0.5.0
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.4.4...0.5.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-type: indirect
  dependency-group: pip
- dependency-name: sqlparse
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump actions/upload-artifact from 3 to 4
6e73bb6 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump actions/setup-java from 3 to 4
5843640 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump dopplerhq/cli-action from 2 to 3
4d9715d 
Bumps [dopplerhq/cli-action](https://github.com/dopplerhq/cli-action) from 2 to 3.
- [Release notes](https://github.com/dopplerhq/cli-action/releases)
- [Commits](DopplerHQ/cli-action@v2...v3)

---
updated-dependencies:
- dependency-name: dopplerhq/cli-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump actions/checkout from 3 to 4
bddaf7b 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Vadman97
Bump mikepenz/action-junit-report from 3 to 4
5239f67 
Bumps [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) from 3 to 4.
- [Release notes](https://github.com/mikepenz/action-junit-report/releases)
- [Commits](mikepenz/action-junit-report@v3...v4)

---
updated-dependencies:
- dependency-name: mikepenz/action-junit-report
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 1, 2024
edited
Loading

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines Covered Coverage Threshold Status
482 413 86% 0% 🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: b77c594 by action🐍

@Vadman97 Vadman97 merged commit 30a0e0a into main May 1, 2024
35 checks passed
@Vadman97 Vadman97 deleted the vadim/add-security-scripts branch May 1, 2024 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mayberryzane mayberryzane mayberryzane approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Vadman97 @mayberryzane