Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(dep): [Snyk] Security upgrade pnpm from 8.15.9 to 9.14.4 #3329

Closed
wants to merge 1 commit into from
Closed

build(dep): [Snyk] Security upgrade pnpm from 8.15.9 to 9.14.4 #3329

wants to merge 1 commit into from

Conversation

swirlds-automation
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Untrusted Search Path
SNYK-JS-PNPM-8496388		   683  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@swirlds-automation swirlds-automation requested a review from a team as a code owner December 12, 2024 06:27
@github-actions GitHub Actions
Copy link

Test Results

0 files   -  20  0 suites   - 260   0s ⏱️ - 41m 37s
0 tests  - 612  0 ✅  - 606  0 💤  - 4  0 ❌  - 2 
0 runs   - 757  0 ✅  - 749  0 💤  - 6  0 ❌  - 2 

Results for commit 474d1d7. ± Comparison against base commit b5e747f.

@quiet-node
fix: package.json & package-lock.json to reduce vulnerabilities
133f1cd 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PNPM-8496388

Signed-off-by: Logan Nguyen <[email protected]>
@quiet-node quiet-node force-pushed the snyk-fix-7f5f5a70ffb52dacb17e07a4e15685f7 branch from 474d1d7 to 133f1cd Compare December 12, 2024 17:54
@quiet-node quiet-node added the dependencies Pull requests that update a dependency file label Dec 12, 2024
@quiet-node quiet-node added this to the 0.63.0 milestone Dec 12, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@quiet-node quiet-node changed the title [Snyk] Security upgrade pnpm from 8.15.9 to 9.14.4 build(dep): [Snyk] Security upgrade pnpm from 8.15.9 to 9.14.4 Dec 12, 2024
@quiet-node
Copy link
Member

duplicated #3332

@quiet-node quiet-node closed this Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@swirlds-automation swirlds-automation

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
0.63.0
Development

Successfully merging this pull request may close these issues.
2 participants
@swirlds-automation @quiet-node