[Snyk] Fix for 1 vulnerabilities #2449
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Remove wdio/sync dependency * Refactor hooks to async * Make function async
* update page * fix formatting * update changelog and version * update lockfile Co-authored-by: Ben Siggery <[email protected]>
…2036) Co-authored-by: Ashley Watson-Nolan <[email protected]>
… no props/attributes are given (#2039)
* Fix storybook deploy * set concurrency for unit tests
* Fix storybook deploy * Update version
…2044) * Use gh-pages dependency to deploy storybook * Fix dep version * Update yarn.lock
* The initial files for the new f-mfa component as created by the yeoman generator * Fixed up lint issue in test * Used the term `sut` for the tests * Updated the documentation Co-authored-by: billy.oliver <[email protected]>
…ependencies (#2028) * [email protected] (and others) - Move components to peerDependencies * Minor: Undo f-form update * [email protected] - Add required attributes * [email protected] - Add required attributes * Minor: Update changelogs * [email protected] + [email protected] - Disable HTML5 form validation Co-authored-by: Xander Marjoram <[email protected]>
… of the theme (#2049) * minor update to the `disappearingWhite` theme * Renamed "disappearingWhite" into "whiteSeamless" Co-authored-by: Anastasiya Tyshkavets <[email protected]>
* [email protected] (and other molecules) - Add Node 16 support * Remove lerna + fix storybook sass * Remove lerna dependency
#2051) * Add node 16 support to pages * Stop testing dependants * Update changelog
…isms (#2050) * Add node 16 support to organisms * Update changelog * Fix storybook * Remove console log
…vices (#2052) * Add node 16 support to services * Pull master + fix changelog
…ferences from component package.json + Update checkout max bundle size #globalconfig (#2054) * Update f-wdio-utils * Update date * Update f-checkout bundlewatch size * Fix changelog entry
…e dependencies (#2056) * Update to node 16 compatible dependencies * Update devDep for f-mega-modal in f-searchbox
…sted / analysed by Bundlewatch (#2057) * Ensure dependants are built / served / tested * Update storybook version * Add comments to turborepo commands
…ble deps (#2061) * Update f-account-info to have node 16 compatible deps * Update yarn.lock
…ES6 (#2060) * Fix generator and MFA tests * Update generator changelog * Update date on changelog
…le version of f-services #trival #globalconfig (#2062) * Update DSV team components to use Node 16 compatible deps * Update Changelog * Update bundlewatch maxSize * Refactor f-user-messge to use new f-services * Add changelog and version bump
…ompatible. (#2066) * Update f-takeawaypay-activation to node 16 compatible dependencies * Update yarn.lock
…le. (#2065) * Update f-restaurant-card to use node 16 compatible dependencies * Update yarn.lock * Update date in changelog
* Added the new mfa template and applied the required css as per the figma design + Add in GB translations + fixed-up/prepared unit tests * Extended wait time from 10 to 30 + wrapped content * Made some ccs tweak and inc. the correct icon * Updated deps * Update ver * Update CHANGELOG.md * [email protected] - PR comments and match designs more closely * [email protected] - Replace v-html with component interpolation * Minor: PR comment Co-authored-by: billy.oliver <[email protected]> Co-authored-by: Xander Marjoram <[email protected]>
…e with Node 16 (#2068) * Update more deps to be compatible with Node 16 * Import CSS from deps to fix broken CSS
…ge (#2300) Co-authored-by: Chris <[email protected]>
…ges and their dependants for PR's. (#2310) * ci(pie-monorepo): update WebDriverIO tests to only run against changed packages * update chromedriver * update changelog
* [email protected] - Add `position: fixed;` to fix z-index * Add more items
* Bump decode-uri-component from 0.2.0 to 0.2.2 Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) --- updated-dependencies: - dependency-name: decode-uri-component dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump word-wrap from 1.2.3 to 1.2.5 Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.5. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump protobufjs from 6.11.3 to 6.11.4 Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 6.11.3 to 6.11.4. - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/protobufjs/protobuf.js/commits) --- updated-dependencies: - dependency-name: protobufjs dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump semver from 5.7.1 to 5.7.2 Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump vite from 2.9.13 to 2.9.16 Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 2.9.13 to 2.9.16. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v2.9.16/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v2.9.16/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> * Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/decode-uri-component-0.2.2' into dependabot-updates * [email protected] - Package updates * Add ua-parser-js resolution --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [email protected] - Various package updates * Try not upgrading so far * Use latest browserslist-db * Jest 26 * Update snapshot * [email protected] - Package bump * Update yarn.lock * Revert yarn.lock
* Update chromedriver and ignore engines * fix f-loyalty builds * update to chromedriver 118
* Changed - Added translations (which also enables) for corporate ordering links for ES & IT. * Minor - Reverted yarn.lock * Bumped version to minor rather than patch --------- Co-authored-by: Billy Oliver <[email protected]>
* Added Self-Exclusion Page * Fixes to option period * Added localizations and code consolidation * Added store and api files * Fixed store and api call * Fixed store and api call * Fixed selectedOption names * Self-exclusion refinement * Added Notifications * Fixed translations for GB and NZ * Mocked API * Updated component version * Build fixed * Setup unit tests * Add f-wdio-utils * Add components test * Added all tenants * Added show notification, removed Close Alert * Increment chromedriver version * Update chromedriver and ignore engines * fix f-loyalty builds * update to chromedriver 118 * Fix alias * Added test-id to the component * Changed test-id to the component * Changed text, added go back alert, privacy statement link * Update packages/components/pages/f-self-exclusion/CHANGELOG.md Co-authored-by: Ashley Watson-Nolan <[email protected]> * Updated from comments * skip failing auto-generated tests * Updated error alert to display GET request error --------- Co-authored-by: Maxim Vasilev <[email protected]> Co-authored-by: Panayot Tolev <[email protected]> Co-authored-by: Ben Siggery <[email protected]> Co-authored-by: Ashley Watson-Nolan <[email protected]>
…uctive size (#2373) * Changed f-button version and buttonSize values * Added changelog * Updated version * Added yarn.lock * [email protected] - Re-add yarn.lock --------- Co-authored-by: Xander Marjoram <[email protected]>
…#2374) * ### Changed - Added translations (which also enables) for 'Become a courier' links for AU & NZ. * minor - Adjusted date * Updated Chromedriver to v119.0.1 * Updated Chromedriver to v119.0.1 --------- Co-authored-by: Billy Oliver <[email protected]>
…duce vulnerabilities (#2338) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 Co-authored-by: snyk-bot <[email protected]>
…lnerabilities (#2339) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Ashley Watson-Nolan <[email protected]>
…ties (#2340) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 Co-authored-by: snyk-bot <[email protected]>
) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 Co-authored-by: snyk-bot <[email protected]>
…e vulnerabilities (#2396) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962463 - https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 Co-authored-by: snyk-bot <[email protected]>
* Prop changes * Version update * Removed console.log * fix(f-checkout): issue with jest transpiling axios * Changed prop authToken value for required to true * Updated prop table --------- Co-authored-by: Ben Siggery <[email protected]>
…hen in error state #trivial (#2420) * Added f-spinner component to hide form before form is loaded * Updated version * Changed prop name and removed f-spinner * Removed unused import * Changed variable name and entry in changelog * Self Exclusion design changes * Changelog updated * Self Exclusion fine tunings --------- Co-authored-by: Panayot Tolev <[email protected]>
* Added navigation * Increment version --------- Co-authored-by: Panayot Tolev <[email protected]>
* [email protected] - Add address alert * [email protected] - Add new prop
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-6240864
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed
With an upgrade:
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.81, Score Version: V5
SNYK-JS-IP-6240864
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)