dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Activity

[Snyk] Fix for 1 vulnerabilities #54

Merged
argoyle merged 2 commits from snyk-fix-cb04cc74ca2b1868c36a17ab3c481cd0 into master 2019-11-02 17:01:03 +00:00
Conversation 3 Commits 2 Files Changed 2
+3061 -2781
argoyle commented 2019-11-02 01:01:17 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

Description

This Merge Request fixes one or more vulnerable packages in the yarn dependencies of this project.
See the Snyk test report for more details.

Snyk Project: unboundsoftware/dancefinder/dancefinder-app:package.json

Snyk Organization: argoyle

Lockfile

If you are using package-lock.json or yarn.lock, please re-lock your dependencies and push an updated lockfile before merging this Merge Request.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Title Issue ID Breaking Change
medium severity Cross-site Scripting (XSS) SNYK-JS-VUETIFY-474604 Yes

You can read more about Snyk's upgrade and patch logic in Snyk's documentation.

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Stay secure,
The Snyk team

Note: You are seeing this because you or someone else with access to this repository has authorised Snyk to open Fix Merge Requests. To review the settings for this Snyk project please go to the project settings page.

#### Description This Merge Request fixes one or more vulnerable packages in the `yarn` dependencies of this project. See the [Snyk test report](https://app.snyk.io/org/argoyle/test/gitlab/fdbefbeb-8f1c-483c-917e-152c9523c009/master..snyk-fix-cb04cc74ca2b1868c36a17ab3c481cd0) for more details. #### Snyk Project: [unboundsoftware/dancefinder/dancefinder-app:package.json](https://app.snyk.io/org/argoyle/project/fdbefbeb-8f1c-483c-917e-152c9523c009) #### Snyk Organization: [argoyle](https://app.snyk.io/org/argoyle) #### Lockfile If you are using `package-lock.json` or `yarn.lock`, please re-lock your dependencies and push an updated lockfile before merging this Merge Request. #### Changes included in this Merge Request - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Title | Issue ID | Breaking Change :-------------------------:|:-------------------------|:-------------------------|:-------------------------| ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | Cross-site Scripting (XSS) | [SNYK-JS-VUETIFY-474604](https://snyk.io/vuln/SNYK-JS-VUETIFY-474604) | Yes You can read more about Snyk's upgrade and patch logic in [Snyk's documentation](https://snyk.io/docs/using-snyk/). Check the changes in this Merge Request to ensure they won't cause issues with your project. Stay secure, The Snyk team _**Note**: You are seeing this because you or someone else with access to this repository has authorised Snyk to open Fix Merge Requests. To review the settings for this Snyk project please go to the [project settings page](https://app.snyk.io/org/argoyle/project/fdbefbeb-8f1c-483c-917e-152c9523c009/settings)._ [//]: # (snyk:metadata:{"type":"auto","packageManager":"yarn","vulns":["SNYK-JS-VUETIFY-474604"],"patch":[],"upgrade":["SNYK-JS-VUETIFY-474604"],"isBreakingChange":true,"env":"prod","dependencies":[{"name":"vuetify","from":"1.5.0","to":"2.1.9"}],"prType":"fix"})
argoyle commented 2019-11-02 16:50:57 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 1 commit

Compare with previous version

added 1 commit <ul><li>088ff521 - chore: upgrade packages</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefinder-app/merge_requests/5/diffs?diff_id=61271072&start_sha=ab0518004b8ee72ce1670760cfffb1ce6ed15911)
argoyle (Migrated from gitlab.com) scheduled this pull request to auto merge when all checks succeed 2019-11-02 16:51:13 +00:00
argoyle (Migrated from gitlab.com) canceled auto merging this pull request when all checks succeed 2019-11-02 16:51:16 +00:00
argoyle (Migrated from gitlab.com) scheduled this pull request to auto merge when all checks succeed 2019-11-02 16:51:19 +00:00
argoyle commented 2019-11-02 17:01:03 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

mentioned in commit c02168f02c

mentioned in commit c02168f02c52bbda7e21f21dcb198c23d43a6217
argoyle commented 2019-11-02 17:01:03 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

merged

merged
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#54
Delete Branch "snyk-fix-cb04cc74ca2b1868c36a17ab3c481cd0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?