Skip to content

New dependencies #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

New dependencies #23

wants to merge 2 commits into from

Conversation

@ethomson
Copy link
Owner

@ethomson ethomson commented Sep 24, 2024

No description provided.

@ghost
Copy link

ghost commented Sep 24, 2024

Minder Vulnerability Report ⚠️

Minder found vulnerable dependencies in this PR. Either push an updated version or accept the proposed changes. Note that accepting the changes will include Minder as a co-author of this PR.

Vulnerability scan of f265c2eb:

  • 🐞 vulnerable packages: 2
  • 🛠 fixes available for: 2
Package Version #Vulnerabilities #Fixes Patch
micromatch 4.0.5 1 1 4.0.8
micromatch 4.0.5 1 1 4.0.8

Summary of vulnerabilities found

Minder found the following vulnerabilities in this PR:
Ecosystem Name Version Vulnerability ID Summary Introduced Fixed
npm micromatch 4.0.5 GHSA-952p-6rrq-rcjv Regular Expression Denial of Service (ReDoS) in micromatch 0 4.0.8
npm micromatch 4.0.5 GHSA-952p-6rrq-rcjv Regular Expression Denial of Service (ReDoS) in micromatch 0 4.0.8

ghost
ghost suggested changes Sep 24, 2024
View reviewed changes
package-lock.json
Comment on lines +1914 to +1919
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
Copy link

@ghost ghost Sep 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
"node_modules/micromatch": {
"version": "4.0.5",
4.0.5
"version": "4.0.8",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
"integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",

package-lock.json
Comment on lines +1914 to +1919
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
Copy link

@ghost ghost Sep 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
"node_modules/micromatch": {
"version": "4.0.5",
4.0.5
"version": "4.0.8",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
"integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",

@ghost
Copy link

ghost commented Sep 24, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: ethomson

Trusty Score: 3.4

Scoring details
Component Score
User activity 6.1
Repository activity 0.7
From activity
Package activity 3.4
Provenance 5
Malicious false
Trust-summary 2.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ethomson