Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

fix(security): update all vulnerable dependencies #2360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kittaakos merged 1 commit into main from fix-secutiry-issues
Feb 14, 2024

Conversation

@kittaakos
Copy link
Contributor

@kittaakos kittaakos commented Feb 8, 2024

Motivation

Fix all security issues reported by Dependabot and yarn audit.

Change description

Resolutions:

  • nano@^10.1.3,
  • msgpackr@^1.10.1,
  • axios@^1.6.7

Other information

Fixes:

Ref: nrwl/nx#20493
Ref: eclipse-theia/theia#13365

Reviewer checklist

  • PR addresses a single concern.
  • The PR has no duplicates (please search among the Pull Requests before creating one)
  • PR title and description are properly filled.
  • Docs have been added / updated (for bug fixes / features)

martin-eden reacted with thumbs up emoji 
Resolutions:
 - `nano@^10.1.3`,
 - `msgpackr@^1.10.1`,
 - `axios@^1.6.7`
Fixes:
 - [GHSA-wf5p-g6vw-rhxx](GHSA-wf5p-g6vw-rhxx) (`CVE-2023-45857`)
 - [GHSA-jchw-25xp-jwwc](GHSA-jchw-25xp-jwwc) (`CVE-2023-26159`)
 - [GHSA-7hpj-7hhx-2fgx](GHSA-7hpj-7hhx-2fgx) (`CVE-2023-52079`)
Ref: nrwl/nx#20493
Ref: eclipse-theia/theia#13365
Signed-off-by: Akos Kitta <a.kitta@arduino.cc>
@kittaakos kittaakos added topic: security Related to the protection of user data type: imperfection Perceived defect in any part of project labels Feb 8, 2024
@kittaakos kittaakos marked this pull request as ready for review February 8, 2024 11:24
Copy link

@rhpco rhpco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Love4yzp reacted with hooray emoji
@kittaakos kittaakos merged commit 316e0fd into main Feb 14, 2024
@kittaakos kittaakos deleted the fix-secutiry-issues branch February 14, 2024 08:31
@per1234 per1234 added the topic: infrastructure Related to project infrastructure label Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davegarthsimpson davegarthsimpson davegarthsimpson approved these changes

+1 more reviewer

@rhpco rhpco rhpco approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

topic: infrastructure Related to project infrastructure topic: security Related to the protection of user data type: imperfection Perceived defect in any part of project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /