Skip to content

(fix-deps): Fixing dependabot alerts #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Jun 23, 2022
Merged

(fix-deps): Fixing dependabot alerts #108

merged 8 commits into from
Jun 23, 2022

Conversation

gratestas
Copy link
Contributor

Upgraded the version of several packages w.r.t. dependabot's suggestion.

  • node-forge ^0.10.0 to ^1.3.0
  • lodash ^4.7.20 to ^4.7,21
  • ejs ^2.6.1 to ^3.1.7

Also, in forked repo enabled security updates and merged several resulted PRs.

dependabot bot and others added 8 commits June 23, 2022 13:31
Bumps [@typescript-eslint/utils](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/utils) from 5.27.1 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/utils)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/utils"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Verified

This commit was signed with the committer’s verified signature.
jaybuidl jaybuidl
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v2.3.1...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Verified

This commit was signed with the committer’s verified signature.
jaybuidl jaybuidl
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.5.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v2.5.1...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@gratestas gratestas added dependencies Pull requests that update a dependency file Type: Security Patch🛡️ labels Jun 23, 2022
@gratestas gratestas requested review from jaybuidl and alcercu June 23, 2022 11:21
@netlify
Copy link

netlify bot commented Jun 23, 2022

Deploy Preview for kleros-v2 ready!

Name Link
🔨 Latest commit 6c4c3a4
🔍 Latest deploy log https://app.netlify.com/sites/kleros-v2/deploys/62b44cc86ef916000884db5f
😎 Deploy Preview https://deploy-preview-108--kleros-v2.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@codeclimate
Copy link

codeclimate bot commented Jun 23, 2022

Code Climate has analyzed commit 6c4c3a4 and detected 0 issues on this pull request.

View more on Code Climate.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@jaybuidl jaybuidl merged commit 05938a7 into master Jun 23, 2022
@jaybuidl jaybuidl added this to the prealpha-3 milestone Jun 23, 2022
@jaybuidl jaybuidl deleted the fix-deps branch November 7, 2022 20:00
Params10 pushed a commit that referenced this pull request Feb 3, 2023
(fix-deps): Fixing dependabot alerts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file Type: Security Patch🛡️
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants