Expensify / App

Welcome to New Expensify: a complete re-imagination of financial collaboration, centered around chat. Help us build the next generation of Expensify by sharing feedback and contributing to the code.
https://new.expensify.com
MIT License
3.51k stars 2.86k forks source link

[Snyk] Upgrade electron-serve from 1.1.0 to 1.2.0 #32975

Closed melvin-bot[bot] closed 7 months ago

melvin-bot[bot] commented 10 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade electron-serve from 1.1.0 to 1.2.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **1 version** ahead of your current version. - The recommended version was released **a month ago**, on 2023-11-01.
Release notes
Package name: electron-serve from electron-serve GitHub release notes
Commit messages
Package name: electron-serve Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/expensify/project/9535b87d-14b8-434b-873d-3a25a2cba0bc?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/expensify/project/9535b87d-14b8-434b-873d-3a25a2cba0bc/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/expensify/project/9535b87d-14b8-434b-873d-3a25a2cba0bc/settings/integration?pkg=electron-serve&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
Upwork Automation - Do Not Edit
  • Upwork Job URL: https://www.upwork.com/jobs/~0118909f664c166734
  • Upwork Job ID: 1734952532676071424
  • Last Price Increase: 2023-12-13
melvin-bot[bot] commented 10 months ago

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.
melvin-bot[bot] commented 10 months ago

Job added to Upwork: https://www.upwork.com/jobs/~0118909f664c166734

melvin-bot[bot] commented 10 months ago

Triggered auto assignment to Contributor Plus for review of internal employee PR - @thesahindia (Internal)

melvin-bot[bot] commented 9 months ago

This issue has not been updated in over 15 days. @thesahindia eroding to Monthly issue.

P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!

melvin-bot[bot] commented 7 months ago

@thesahindia, this Monthly task hasn't been acted upon in 6 weeks; closing.

If you disagree, feel encouraged to reopen it -- but pick your least important issue to close instead.