Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gh-pages from 3.2.3 to 5.0.0 #185

Closed
wants to merge 2 commits into from
Closed

[Snyk] Security upgrade gh-pages from 3.2.3 to 5.0.0 #185

wants to merge 2 commits into from

Conversation

riddhi-desai
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • react/package.json
    • react/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-GHPAGES-3042993		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gh-pages The new version differs by 32 commits.
  • f729b97 5.0.0
  • 51534c7 Log changes
  • ace063b Merge pull request #438 from Vicropht/patch-1
  • 58e54be Merge pull request #459 from tschaub/dependabot/npm_and_yarn/async-3.2.4
  • 2189df3 Bump async from 2.6.4 to 3.2.4
  • 051846e Merge pull request #454 from tschaub/dependabot/npm_and_yarn/email-addresses-5.0.0
  • 5c91c67 Merge pull request #455 from tschaub/dependabot/github_actions/actions/setup-node-3
  • fe0ad83 Merge pull request #453 from tschaub/dependabot/github_actions/actions/checkout-3
  • b89287d Merge pull request #445 from Nezteb/patch-1
  • e890bd1 Bump email-addresses from 3.0.1 to 5.0.0
  • f041e67 Bump actions/setup-node from 1 to 3
  • ca63d1d Bump actions/checkout from 2 to 3
  • f323e23 Merge pull request #452 from tschaub/updates
  • bdc342b Stop testing on 12, start testing on 18
  • 90ee644 Dependabot config
  • e1374b3 Update dependencies and always return a promise
  • fc04b25 Use set for unique dirs
  • 2ebfb74 Update docs to clarify project site configuration
  • a634d5e Remove quotation marks
  • ef1c90d 4.0.0
  • 147a527 Log changes
  • cdb8820 Merge pull request #432 from tschaub/updates
  • d66679c Stop testing on Node 10
  • 4430720 Updated dev dependencies and formatting

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@riddhi-desai riddhi-desai requested a review from a team as a code owner September 19, 2023 13:14
@codacy-production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.00%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (766ebb6) 324 313 96.61%
Head commit (1b725b4) 324 (+0) 313 (+0) 96.61% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#185) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@codecov
Copy link

codecov bot commented Sep 19, 2023
edited
Loading

Codecov Report

Merging #185 (1b725b4) into main (a7683fc) will decrease coverage by 0.03%.
The diff coverage is n/a.

❗ Current head 1b725b4 differs from pull request most recent head 9fc230d. Consider uploading reports for the commit 9fc230d to get more accurate results

@@            Coverage Diff             @@
##             main     #185      +/-   ##
==========================================
- Coverage   94.07%   94.04%   -0.03%     
==========================================
  Files          31       31              
  Lines         405      403       -2     
  Branches      101      101              
==========================================
- Hits          381      379       -2     
  Misses         12       12              
  Partials       12       12

see 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@sb-benohe sb-benohe closed this Jan 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sb-prateekkeerthi sb-prateekkeerthi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@riddhi-desai @sb-benohe @sb-prateekkeerthi @snyk-bot