Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade @travi/admin.travi.org-components from 1.0.26 to 1.0.27 #3412

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

travi
Copy link
Member

@travi travi commented Apr 6, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
Information Exposure
SNYK-JS-NODEFETCH-2342118
No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9
Denial of Service
SNYK-JS-NODEFETCH-674311
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @travi/admin.travi.org-components The new version differs by 250 commits.
  • cc39903 fix(deps): update dependency material-ui to v0.20.2
  • 28e77bc chore(deps): update dependency npm-run-all2 to v5.0.2
  • 889f4fa chore(deps): update dependency jsdom to v21.1.2
  • 51955e9 chore(deps): update dependency glob to v9.3.5
  • 6dd6c06 chore(deps): update dependency enzyme-adapter-react-16 to v1.15.8
  • 42b42a7 chore(deps): update dependency commitlint-config-travi to v1.4.49
  • 4b41991 chore(deps): update dependency @ travi/babel-preset to v3.0.122
  • 67ccf84 chore(deps): update dependency @ travi/any to v2.1.10
  • 2c0f501 chore(action): update actions/setup-node digest to 1a4442c
  • e1c3b09 chore(action): update actions/checkout digest to f43a0e5
  • 135119a chore(deps): replace dependency npm-run-all with npm-run-all2 5.0.0
  • f141da7 chore(deps): update dependency rimraf to v4
  • b46b07e chore(deps): update dependency node-sass to v8
  • 96edf62 chore(deps): update dependency mocha to v10
  • 5333595 chore(deps): update dependency jsdom to v21
  • 4bce935 chore(deps): update dependency husky to v8
  • cf4362a chore(deps): update dependency glob to v9
  • 4c45344 chore(deps): update dependency cpy-cli to v4
  • 91bf5d0 chore(action): update actions/setup-node action to v3
  • e06465b chore(action): update actions/checkout action to v3
  • c14dbed chore(deps): update dependency node-sass to v7.0.3
  • 5bfc6b3 chore(deps): update dependency node-sass to v7 [security]
  • 36eea96 chore(deps): update dependency sass-loader to v10.4.1
  • e9b403f chore(deps): update dependency rollup to v2.79.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants