8000 [Snyk] Security upgrade vite from 5.2.8 to 5.2.14 by abdulrahman305 · Pull Request #23 · abdulrahman305/gritql · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[Snyk] Security upgrade vite from 5.2.8 to 5.2.14 #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade vite from 5.2.8 to 5.2.14 #23

wants to merge 29 commits into from

Conversation

abdulrahman305
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • crates/wasm-bindings/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
low severity Cross-site Scripting (XSS)
SNYK-JS-VITE-8022916		   184  
medium severity Information Exposure
SNYK-JS-VITE-8023174		   159  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

abdulrahman305 and others added 29 commits May 15, 2024 13:58
@abdulrahman305
Set up CI with Azure Pipelines
5df341c 
[skip ci]
@abdulrahman305
Merge branch 'getgrit:main' into main
b193413
@abdulrahman305
Merge branch 'getgrit:main' into main
b55f36b
@abdulrahman305
Merge branch 'getgrit:main' into main
dc8fa6f
@abdulrahman305
Create generator-generic-ossf-slsa3-publish.yml
1d0f25e
@abdulrahman305
Create rust.yml
060abf0
@snyk-bot
fix: upgrade tree-sitter-cli from 0.20.8 to 0.22.6
4d8a25a 
Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/b84198ce-387f-40a2-9108-81dc921da607?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade tree-sitter-cli from 0.20.8 to 0.22.6
265555a 
Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/d0d88628-ed6d-4d56-9934-a879dc24a83e?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade com.github.javaparser:javaparser-core from 3.5.9 to 3.26.0
10b6721 
Snyk has created this PR to upgrade com.github.javaparser:javaparser-core from 3.5.9 to 3.26.0.

See this package in maven:
com.github.javaparser:javaparser-core

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/47526198-b676-4801-836f-ec896130d73a?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade tree-sitter-cli from 0.20.8 to 0.22.6
7a24a23 
Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/895a58f8-8171-4c0f-bb16-aab6ad6b61ae?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade tree-sitter-cli from 0.20.8 to 0.22.6
783265b 
Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/3c076cc9-3c6f-4d40-bdb5-c379022d47e1?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: resources/language-metavariables/tree-sitter-sql/docs/Gemfile & …
4091067 
…resources/language-metavariables/tree-sitter-sql/docs/Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-REXML-7577227
- https://snyk.io/vuln/SNYK-RUBY-REXML-7577228
@abdulrahman305
Merge branch 'getgrit:main' into main
e0c6ab3
@abdulrahman305
Merge pull request #6 from abdulrahman305/snyk-fix-39f4eaa93b1f0c30ef…
f5108aa 
…ecea48ac9d59fe

[Snyk] Security upgrade jekyll from 4.3.2 to 4.3.3
@abdulrahman305
Merge pull request #5 from abdulrahman305/snyk-upgrade-96379ce5535129…
9d743a6 
…01a3abb2b5f908a609

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6
@abdulrahman305
Merge pull request #3 from abdulrahman305/snyk-upgrade-09b55833c0da45…
a8cde46 
…eb87f9d8f79eb514a6

[Snyk] Upgrade com.github.javaparser:javaparser-core from 3.5.9 to 3.26.0
@abdulrahman305
Merge pull request #4 from abdulrahman305/snyk-upgrade-1d5567d5cc7343…
c8581b1 
…dd46bf44323c08875c

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6
@abdulrahman305
Merge pull request #2 from abdulrahman305/snyk-upgrade-8819b597134cef…
502ac0e 
…3e03ff4099f0941f0e

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6
@abdulrahman305
Merge pull request #1 from abdulrahman305/snyk-upgrade-cb0647b3e9bd1a…
384685c 
…2d83df2ddf4111877c

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6
@snyk-bot
fix: upgrade tree-sitter-cli from 0.20.8 to 0.22.6
a00c3a8 
Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/ce505a2d-919f-4785-b479-681dd77f596b?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade tree-sitter-cli from 0.20.8 to 0.22.6
c80d1ae 
Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/3cc1ceb4-cc01-4dbf-82c1-5606d7ec4907?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade tree-sitter-cli from 0.20.8 to 0.22.6
19cd9d6 
Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/de2a14d4-1968-488a-b7fa-2587f42c7fed?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade nan from 2.17.0 to 2.20.0
8f5b674 
Snyk has created this PR to upgrade nan from 2.17.0 to 2.20.0.

See this package in npm:
nan

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/de2a14d4-1968-488a-b7fa-2587f42c7fed?utm_source=github&utm_medium=referral&page=upgrade-pr
@abdulrahman305
Merge branch 'getgrit:main' into main
4e27727
@abdulrahman305
Merge pull request #11 from abdulrahman305/snyk-upgrade-e6809ff00fc07…
560b54f 
…b98dc676ee3436d1bf3

[Snyk] Upgrade nan from 2.17.0 to 2.20.0
@abdulrahman305
Merge pull request #9 from abdulrahman305/snyk-upgrade-1ce720ab311cbe…
903a434 
…fef6fcd6e517520858

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6
@abdulrahman305
Merge pull request #8 from abdulrahman305/snyk-upgrade-d917d6369100a0…
df134ca 
…890d792cd0f9e308ce

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6
@abdulrahman305
Merge pull request #7 from abdulrahman305/snyk-upgrade-966bbe873fca6c…
d5df4b3 
…714f3403eab54a6a50

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6
@snyk-bot
fix: crates/wasm-bindings/package.json to reduce vulnerabilities
dc8c8ba 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-VITE-8022916
- https://snyk.io/vuln/SNYK-JS-VITE-8023174
@korbit-ai Korbit AI
Copy link
korbit-ai bot commented Sep 20, 2024

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

  • To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
  • You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
  • On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
  • Lastly, to learn more, check out our Docs.

@codeautopilot CodeAutopilot
Copy link
codeautopilot bot commented Sep 20, 2024

Your organization has reached the subscribed usage limit. You can upgrade your account by purchasing a subscription at Stripe payment link

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 100.67%

Have feedback or need help?
Discord
Documentation
support@codeautopilot.com

@socket-security Socket Security
Copy link

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: npm/@esbuild/android-arm64@0.20.2, npm/@esbuild/android-arm@0.20.2, npm/@esbuild/android-x64@0.20.2, npm/@esbuild/darwin-arm64@0.20.2, npm/@esbuild/darwin-x64@0.20.2, npm/@esbuild/freebsd-arm64@0.20.2, npm/@esbuild/freebsd-x64@0.20.2, npm/@esbuild/linux-arm64@0.20.2, npm/@esbuild/linux-arm@0.20.2, npm/@esbuild/linux-ia32@0.20.2, npm/@esbuild/linux-loong64@0.20.2, npm/@esbuild/linux-mips64el@0.20.2, npm/@esbuild/linux-ppc64@0.20.2, npm/@esbuild/linux-riscv64@0.20.2, npm/@esbuild/linux-s390x@0.20.2, npm/@esbuild/linux-x64@0.20.2, npm/@esbuild/netbsd-x64@0.20.2, npm/@esbuild/openbsd-x64@0.20.2, npm/@esbuild/sunos-x64@0.20.2, npm/@esbuild/win32-arm64@0.20.2, npm/@esbuild/win32-ia32@0.20.2, npm/@esbuild/win32-x64@0.20.2, npm/@rollup/rollup-android-arm-eabi@4.14.1, npm/@rollup/rollup-android-arm64@4.14.1, npm/@rollup/rollup-darwin-arm64@4.14.1, npm/@rollup/rollup-darwin-x64@4.14.1, npm/@rollup/rollup-linux-arm-gnueabihf@4.14.1, npm/@rollup/rollup-linux-arm64-gnu@4.14.1, npm/@rollup/rollup-linux-arm64-musl@4.14.1, npm/@rollup/rollup-linux-powerpc64le-gnu@4.14.1, npm/@rollup/rollup-linux-riscv64-gnu@4.14.1, npm/@rollup/rollup-linux-s390x-gnu@4.14.1, npm/@rollup/rollup-linux-x64-gnu@4.14.1, npm/@rollup/rollup-linux-x64-musl@4.14.1, npm/@rollup/rollup-win32-arm64-msvc@4.14.1, npm/@rollup/rollup-win32-ia32-msvc@4.14.1, npm/@rollup/rollup-win32-x64-msvc@4.14.1, npm/@types/estree@1.0.5, npm/esbuild@0.20.2 87E0 , npm/fsevents@2.3.3, npm/nanoid@3.3.7, npm/picocolors@1.0.0, npm/postcss@8.4.38, npm/rollup@4.14.1, npm/source-map-js@1.2.0, npm/vite@5.2.8, npm/web-tree-sitter-wasm-bindgen@0.20.8, npm/web-tree-sitter@0.20.8

View full report↗︎

@gitauto-ai gitauto-ai bot added the gitauto label Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
gitauto
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abdulrahman305 @snyk-bot
0