Using @dependabot's dependencyabot[bot] feature to reduce the number of security vulnerabilities #46
+1,394
−5,278
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [json5](https://github.com/json5/json5) from 2.1.1 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.1.1...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.7.4 to 7.25.7. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.7/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) --- updated-dependencies: - dependency-name: decode-uri-component dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together. Updates `ansi-regex` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v4.1.0...v4.1.1) Updates `ansi-regex` from 3.0.0 to 4.1.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
…787f004 Bump ansi-regex
…verse-7.25.7 Bump @babel/traverse from 7.7.4 to 7.25.7
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.7 to 1.5.10. - [Commits](unshiftio/url-parse@1.5.7...1.5.10) --- updated-dependencies: - dependency-name: url-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [fsevents](https://github.com/fsevents/fsevents) from 1.2.9 to 1.2.13. - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.2.9...v1.2.13) --- updated-dependencies: - dependency-name: fsevents dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
…1.2.13 Bump fsevents from 1.2.9 to 1.2.13
…e-1.5.10 Bump url-parse from 1.5.7 to 1.5.10
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: qs dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [ws](https://github.com/websockets/ws) from 5.2.3 to 5.2.4. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.3...5.2.4) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [braces](https://github.com/micromatch/braces) to 3.0.3 and updates ancestor dependency [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest). These dependencies need to be updated together. Updates `braces` from 2.3.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.3) Updates `jest` from 24.9.0 to 29.7.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v29.7.0/packages/jest) --- updated-dependencies: - dependency-name: braces dependency-type: indirect - dependency-name: jest dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together. Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: json-schema dependency-type: indirect - dependency-name: jsprim dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.6. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.2...v6.12.6) --- updated-dependencies: - dependency-name: ajv dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
…8db22d76 Bump json-schema and jsprim
Bump ws from 5.2.3 to 5.2.4
Bumps [yargs-parser](https://github.com/yargs/yargs-parser) to 13.1.2 and updates ancestor dependency [ts-jest](https://github.com/kulshekhar/ts-jest). These dependencies need to be updated together. Updates `yargs-parser` from 13.1.1 to 13.1.2 - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md) - [Commits](https://github.com/yargs/yargs-parser/commits) Updates `ts-jest` from 24.2.0 to 29.2.5 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v24.2.0...v29.2.5) --- updated-dependencies: - dependency-name: yargs-parser dependency-type: indirect - dependency-name: ts-jest dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
…cc7d425 Bump braces and jest
Bump json5 from 2.1.1 to 2.2.3
Bump qs from 6.5.2 to 6.5.3
…i-component-0.2.2 Bump decode-uri-component from 0.2.0 to 0.2.2
Bump ajv from 6.10.2 to 6.12.6
…a0c11211 Bump yargs-parser and ts-jest
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I used @dependabot's feature dependabot[bot] and it seems to have reduced it to 5 vulnerabilities (2 high, 3 critical) on my local computer. Hope this can help you!