Skip to content

(fix-deps): Fixing dependabot alerts #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jun 23, 2022
Merged

(fix-deps): Fixing dependabot alerts #108

merged 8 commits into from
Jun 23, 2022

Conversation

gratestas
Copy link
Contributor

Upgraded the version of several packages w.r.t. dependabot's suggestion.

  • node-forge ^0.10.0 to ^1.3.0
  • lodash ^4.7.20 to ^4.7,21
  • ejs ^2.6.1 to ^3.1.7

Also, in forked repo enabled security updates and merged several resulted PRs.

dependabot bot and others added 8 commits June 23, 2022 13:31
@dependabot @gratestas
chore(deps-dev): bump @typescript-eslint/utils from 5.27.1 to 5.29.0
24d561d 
Bumps [@typescript-eslint/utils](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/utils) from 5.27.1 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/utils)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/utils"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @gratestas
chore(deps): bump actions/checkout from 2 to 3
cc395e3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @gratestas
chore(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
58a0104 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v2.3.1...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @gratestas
chore(deps): bump actions/setup-node from 2.5.1 to 3.3.0
ffcc019 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.5.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v2.5.1...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @gratestas
chore(deps): bump github/codeql-action from 1 to 2
c9b162e 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@gratestas
ci: upgraded node-forge package
aeda597
@gratestas
ci: upgraded lodash package
8a0d196
@gratestas
ci: upgraded ejs package
6c4c3a4
@gratestas gratestas added dependencies Pull requests that update a dependency file Type: Security Patch🛡️ labels Jun 23, 2022
@gratestas gratestas requested review from alcercu and jaybuidl June 23, 2022 11:21
@netlify
Copy link

netlify bot commented Jun 23, 2022
edited
Loading

Deploy Preview for kleros-v2 ready!

Name Link
🔨 Latest commit 6c4c3a4
🔍 Latest deploy log https://app.netlify.com/sites/kleros-v2/deploys/62b44cc86ef916000884db5f
😎 Deploy Preview https://deploy-preview-108--kleros-v2.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@qlty-cloud-legacy
Copy link

Code Climate has analyzed commit 6c4c3a4 and detected 0 issues on this pull request.

View more on Code Climate.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@gratestas gratestas mentioned this pull request Jun 23, 2022
Closed
@jaybuidl jaybuidl merged commit 05938a7 into master Jun 23, 2022
@jaybuidl jaybuidl added this to the prealpha-3 milestone Jun 23, 2022
@jaybuidl jaybuidl deleted the fix-deps branch November 7, 2022 20:00
Params10 pushed a commit that referenced this pull request Feb 3, 2023
@jaybuidl
Merge pull request #108 from kleros/fix-deps
76a9c35 
(fix-deps): Fixing dependabot alerts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaybuidl jaybuidl jaybuidl approved these changes

@alcercu alcercu Awaiting requested review from alcercu

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file Type: Security Patch🛡️

Projects

None yet

Milestone

prealpha-3

Development

Successfully merging this pull request may close these issues.

2 participants

@gratestas @jaybuidl