chore(deps): update dependency dayjs to v1.11.20#3699
Open
renovate[bot] wants to merge 1 commit intodevelopfrom
Open
chore(deps): update dependency dayjs to v1.11.20#3699renovate[bot] wants to merge 1 commit intodevelopfrom
renovate[bot] wants to merge 1 commit intodevelopfrom
Conversation
renovate
Bot
force-pushed
the
renovate/dayjs-1.x-lockfile
branch
3 times, most recently
from
b4629c3 to
1f99895
Compare
renovate
Bot
force-pushed
the
renovate/dayjs-1.x-lockfile
branch
from
1f99895 to
eaeafc0
Compare
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Duplication | 0 |
TIP This summary will be updated as you push new changes. Give us feedback
renovate
Bot
force-pushed
the
renovate/dayjs-1.x-lockfile
branch
from
eaeafc0 to
30e9dc4
Compare
renovate
Bot
force-pushed
the
renovate/dayjs-1.x-lockfile
branch
from
30e9dc4 to
95c800b
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Security review (automation): PR #3699
Scope: Diff updates web/package-lock.json only—dayjs 1.11.19 → 1.11.20 with matching npm resolved URL and Subresource Integrity hash.
Findings: No medium, high, or critical issues identified in this change.
- Application security: No added or modified application code; no new attacker-controlled sinks, auth paths, or escaping surfaces introduced by the diff.
- Supply chain: Same official registry artifact pattern (
registry.npmjs.org); integrity field updated for the new tarball, which supports verification on install. - Advisory check: Public databases (e.g. Snyk) list no direct CVEs for
dayjs@1.11.20; release notes describe bug fixes (locale /updateLocalemerge behavior), not security advisories.
Conclusion: No high-confidence vulnerability introduced or exposed by this PR. Prior automation assessment threads are cleared in favor of this review.
Sent by Cursor Automation: Find vulnerabilities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.11.19→1.11.20Release Notes
iamkun/dayjs (dayjs)
v1.11.20Compare Source
Bug Fixes
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.