Closed andrewmkrug closed 6 months ago
github-actions[bot]
commented
7 months ago Hi andrewmkrug! Thank you for contributing to Dashy! โจ
When updating dependencies, take a moment to verify that there are not security issues associated with any added or modified packages. If adding a new dependency, ensure that it is totally necessary, and check the packages size is not too large, as this will increase overall bundle size.
I'm a bot, and this is an automated comment ๐ค
github-actions[bot]
commented
7 months ago yarn.lock changes
netlify[bot]
commented
7 months ago | Name | Link |
|---|---|
| Latest commit | f61be13745fec25f55ed3be2b37837ec254f4768 |
| Latest deploy log | https://app.netlify.com/sites/peppy-choux-edbc1e/deploys/66031639276166000802b59d |
| Deploy Preview | https://deploy-preview-143--peppy-choux-edbc1e.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
socket-security[bot]
commented
7 months ago New and removed dependencies detected. Learn more about Socket for GitHub โ๏ธ
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/cookie@0.6.0 | None | 0 |
23.7 kB | dougwilson |
| npm/express@4.19.2 | environment, filesystem, network Transitive: eval, unsafe | +35 |
1.01 MB | wesleytodd |
๐ฎ Removed packages: npm/express@4.18.1
github-actions[bot]
commented
6 months ago This PR is stale because it has been open 6 weeks with no activity. Either remove the stale label or comment below with a short update, otherwise this PR will be closed in 5 days.
github-actions[bot]
commented
6 months ago This pull request was automatically closed because it has been stalled for over 6 weeks with no activity.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - yarn.lock #### Note for [zero-installs](https://yarnpkg.com/features/zero-installs) users If you are using the Yarn feature [zero-installs](https://yarnpkg.com/features/zero-installs) that was introduced in Yarn V2, note that this PR does not update the `.yarn/cache/` directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run `yarn` to update the contents of the `./yarn/cache` directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged. #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **591/1000****Why?** Recently disclosed, Has a fix available, CVSS 6.1 | Open Redirect
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: