Skip to content

Npm package updates caught via Dependabot #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Npm package updates caught via Dependabot #87

wants to merge 9 commits into from

Conversation

@clin1234
Copy link
Contributor

@clin1234 clin1234 commented Apr 20, 2024

No description provided.

Charlie Lin and others added 7 commits August 1, 2021 11:23
Create codeql-analysis.yml
79a4de8
Create npm_audit.yml
a9d22df
Fix title
8bef306
Update npm_audit.yml
537e3a9
@dependabot
Bump the npm_and_yarn group across 1 directory with 4 updates
9559161 
Bumps the npm_and_yarn group with 4 updates in the / directory: [semver](https://github.com/npm/node-semver), [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse), [tough-cookie](https://github.com/salesforce/tough-cookie) and [word-wrap](https://github.com/jonschlinkert/word-wrap).


Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `@babel/traverse` from 7.17.3 to 7.24.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse)

Updates `tough-cookie` from 4.0.0 to 4.1.3
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.0.0...v4.1.3)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
Merge branch 'hieunc229:master' into npm_audit-1
e92046a
@clin1234
Merge pull request #17 from clin1234/dependabot/npm_and_yarn/npm_and_…
4813b95 
…yarn-649290fc7b

Bump the npm_and_yarn group across 1 directory with 4 updates
@github-advanced-security
Copy link

github-advanced-security bot commented Apr 20, 2024

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@clin1234
Minor change in npm_audit.yml
e0b0630 
Silences a GH Action deprecation warning about outdated Node versions.
@hieunc229 hieunc229 mentioned this pull request Apr 26, 2024
Open
@hieunc229
Copy link
Owner

hieunc229 commented Apr 26, 2024

Appreciate for the contribution @clin1234.

This PR doesn't have a description, and I'm not familiar with codeql or npm_audit. Can you explain what it does, why we need it and how do we use it? Thank you

@clin1234
Copy link
Contributor Author

clin1234 commented Apr 29, 2024

Sorry for the delay; the npm_audit.yml is for Github's Depdendabot to generate pull requests for outdated packages that are vulnerable. Also contains npm package dependencies updates that I caught in my fork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@clin1234 @hieunc229