Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: fixes some npm audit vulnerabilities #60

Merged
merged 1 commit into from
Jan 31, 2022
Merged

Chore: fixes some npm audit vulnerabilities #60

merged 1 commit into from
Jan 31, 2022

Conversation

lalaps[bot]
Copy link
Contributor

@lalaps lalaps bot commented Jan 30, 2022
edited by pustovitDmytro

This PR fixes some of found vulnerabilities.

Fixed 2 of 5 npm vulnerabilities.
3 issues left.
Success Rate: 40.0%

Vulnerabilities:

Inefficient Regular Expression Complexity in chalk/ansi-regex
Library: ansi-regex
Affected versions: >2.1.1 <5.0.1
Severity: moderate
Fix: ❌ true
Root Libraries:

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Library: node-fetch
Affected versions: <2.6.7
Severity: high
Fix: ✔️ true
Root Libraries:

  • ✔️ danger 0.0.2 - 3.4.6 || 10.4.1 - 10.8.0. Fixed in true

You can wait for the next updates with a full fix or merge immediately.
In case of closing this PR, it will be recreated. If that's undesired, modify config.

This change is Reviewable

@lalaps lalaps bot requested a review from pustovitDmytro as a code owner January 30, 2022 01:12
@lalaps lalaps bot added dependencies Pull requests that update a dependency file security labels Jan 30, 2022
@lalaps lalaps bot mentioned this pull request Jan 30, 2022
Open
@sonarcloud
Copy link

sonarcloud bot commented Jan 30, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@pustovitDmytro
Copy link
Owner

Warnings
⚠️

Only owner can change system files [package-lock.json], please provide issue instead
Messages
📖

lalaps[bot] login already contributed 2 times
📖 Changed Files in this PR:
  • package-lock.json

Generated by 🚫 dangerJS against ccf084a

@pustovitDmytro pustovitDmytro merged commit a2bb84b into master Jan 31, 2022
pustovitDmytro pushed a commit that referenced this pull request Feb 28, 2022
@semantic-release-bot
Chore: (release) add version 2.0.3 [skip ci]
fcf9bea 
## [2.0.3](v2.0.2...v2.0.3) (2022-02-28)

### Chore

* fixes some npm audit vulnerabilities (#60) ([a2bb84b](a2bb84b)), closes [#60](#60)
* fixes some npm audit vulnerabilities (#61) ([f695d18](f695d18)), closes [#61](#61)
* Lock file maintenance (#49) ([8222546](8222546)), closes [#49](#49)
* Lock file maintenance (#57) ([d623e46](d623e46)), closes [#57](#57)
* Lock file maintenance (#63) ([62a54cd](62a54cd)), closes [#63](#63)
* Update dependency nanoid to 3.1.31 [SECURITY] (#56) ([107d4e9](107d4e9)), closes [#56](#56)
* Update dependency node-fetch to 2.6.7 [SECURITY] (#59) ([e94c7f3](e94c7f3)), closes [#59](#59)

### Docs

* help Ukraine 🇺🇦 ([c54b0c1](c54b0c1))
@pustovitDmytro
Copy link
Owner

🎉 This PR is included in version 2.0.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pustovitDmytro pustovitDmytro Awaiting requested review from pustovitDmytro pustovitDmytro is a code owner

Assignees

@pustovitDmytro pustovitDmytro

Labels
dependencies Pull requests that update a dependency file released security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@pustovitDmytro