Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ticket 3221 - Dependabot critical vulnerability fixes #273

Merged
merged 12 commits into from
Jun 7, 2024
Merged

Ticket 3221 - Dependabot critical vulnerability fixes #273

merged 12 commits into from
Jun 7, 2024

Commits on Jun 7, 2024

  1. solved loader-utils critical vunerability

    @Aman-Hundal
    Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    af7a9d3 View commit details
    Browse the repository at this point in the history

  2. Bump minimist, mkdirp, http-server, karma, handlebars and protractor 

    Bumps [minimist](https://github.com/minimistjs/minimist) to 1.2.8 and updates ancestor dependencies [minimist](https://github.com/minimistjs/minimist), [mkdirp](https://github.com/isaacs/node-mkdirp), [http-server](https://github.com/http-party/http-server), [karma](https://github.com/karma-runner/karma), [handlebars](https://github.com/handlebars-lang/handlebars.js) and [protractor](https://github.com/angular/protractor). These dependencies need to be updated together.


Updates `minimist` from 1.2.0 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.0...v1.2.8)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6)

Updates `http-server` from 0.11.1 to 14.1.1
- [Release notes](https://github.com/http-party/http-server/releases)
- [Commits](http-party/http-server@0.11.1...v14.1.1)

Updates `karma` from 3.1.4 to 6.4.3
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](karma-runner/karma@v3.1.4...v6.4.3)

Updates `handlebars` from 4.1.0 to 4.7.8
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.1.0...v4.7.8)

Updates `protractor` from 5.4.2 to 5.4.4
- [Release notes](https://github.com/angular/protractor/releases)
- [Changelog](https://github.com/angular/protractor/blob/5.4.4/CHANGELOG.md)
- [Commits](angular/protractor@5.4.2...5.4.4)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
- dependency-name: mkdirp
  dependency-type: indirect
- dependency-name: http-server
  dependency-type: direct:development
- dependency-name: karma
  dependency-type: direct:development
- dependency-name: handlebars
  dependency-type: indirect
- dependency-name: protractor
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    0b32fff View commit details
    Browse the repository at this point in the history

  3. Added commit from dependabot PR252 to fix critical vunerabiltiies

    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    b030908 View commit details
    Browse the repository at this point in the history

  4. Added commit from dependabot PR267 to fix critical vunerabiltiies

    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    5aabc63 View commit details
    Browse the repository at this point in the history

  5. Added commit from dependabot PR249 to fix critical vunerabiltiies

    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    5ff22a7 View commit details
    Browse the repository at this point in the history

  6. Added commit from dependabot PR251 to fix critical vunerabiltiies

    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    107ec2d View commit details
    Browse the repository at this point in the history

  7. Bump json-schema and jsprim in /web 

    Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together.

Updates `json-schema` from 0.2.3 to 0.4.0
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `jsprim` from 1.4.1 to 1.4.2
- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)
- [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
- dependency-name: jsprim
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    cbb5346 View commit details
    Browse the repository at this point in the history

  8. Added commit from dependabot PR157 to fix critical vunerabiltiies

    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    fd03f23 View commit details
    Browse the repository at this point in the history

  9. Bump set-value and union-value in /web 

    Bumps [set-value](https://github.com/jonschlinkert/set-value) and [union-value](https://github.com/jonschlinkert/union-value). These dependencies needed to be updated together.

Updates `set-value` from 2.0.0 to 2.0.1
- [Commits](jonschlinkert/set-value@2.0.0...2.0.1)

Updates `union-value` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/jonschlinkert/union-value/releases)
- [Commits](jonschlinkert/union-value@1.0.0...1.0.1)

---
updated-dependencies:
- dependency-name: set-value
  dependency-type: indirect
- dependency-name: union-value
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    b8294cd View commit details
    Browse the repository at this point in the history

  10. Bump mixin-deep from 1.3.1 to 1.3.2 

    Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](jonschlinkert/mixin-deep@1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    a9efd72 View commit details
    Browse the repository at this point in the history

  11. Bump lodash from 4.17.11 to 4.17.21 in /web 

    Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.11...4.17.21)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot @Aman-Hundal
    dependabot[bot] authored and Aman-Hundal committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    3677819 View commit details
    Browse the repository at this point in the history

  12. Merge pull request #272 from bcgov/dev-AH-FOIMOD3221-FINAL 

    Ticket 3221 - Dependabot critical vulnerability fixes
    @Aman-Hundal
    Aman-Hundal authored Jun 7, 2024
    Configuration menu
    Copy the full SHA
    9a67e6f View commit details
    Browse the repository at this point in the history