Skip to content

address vulnerabilities (rollup, babel)#89

Merged
yen-tt merged 2 commits intomainfrom
dev/bump-test-site-rollup
Jan 6, 2025
Merged

address vulnerabilities (rollup, babel)#89
yen-tt merged 2 commits intomainfrom
dev/bump-test-site-rollup

Conversation

@yen-tt
Copy link
Copy Markdown
Collaborator

@yen-tt yen-tt commented Jan 3, 2025
edited
Loading

addressed:

J=VULN-39404&VULN-38484

@yen-tt yen-tt requested a review from a team as a code owner January 3, 2025 19:26
@yen-tt yen-tt changed the title test-site: address rollup vulnerabilities address vulnerabilities (rollup, babel) Jan 3, 2025
@yen-tt
Copy link
Copy Markdown
Collaborator Author

yen-tt commented Jan 3, 2025
edited
Loading

CC-BY-4.0 license is approved for caniuse-lite dependency for this usage. Updated license exception in sempgrep for this repo.

@semgrep-app
Copy link
Copy Markdown

semgrep-app Bot commented Jan 6, 2025

Legal Risk
The following dependencies were released under a license that is currently prohibited by your organization. Merging is blocked until this is resolved.
Recommendation:
Reach out to your security team or Semgrep admin to address this issue. In special cases, exceptions may be made for dependencies with violating licenses, however, the general recommendation is to avoid using a dependency under such a license

CC-BY-4.0
caniuse-lite 1.0.30001690
caniuse-lite 1.0.30001690

@yen-tt yen-tt merged commit 1a85e51 into main Jan 6, 2025
@yen-tt yen-tt deleted the dev/bump-test-site-rollup branch January 6, 2025 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nbramblett nbramblett nbramblett approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yen-tt @nbramblett