Closed andrewmkrug closed 5 months ago
github-actions[bot]
commented
6 months ago Hi andrewmkrug! Thank you for contributing to Dashy! โจ
When updating dependencies, take a moment to verify that there are not security issues associated with any added or modified packages. If adding a new dependency, ensure that it is totally necessary, and check the packages size is not too large, as this will increase overall bundle size.
I'm a bot, and this is an automated comment ๐ค
github-actions[bot]
commented
6 months ago yarn.lock changes
socket-security[bot]
commented
6 months ago New and removed dependencies detected. Learn more about Socket for GitHub โ๏ธ
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/axios@0.28.1 | network Transitive: environment, filesystem | +3 |
983 kB | jasonsaayman |
| npm/follow-redirects@1.15.6 | network | 0 |
29.4 kB | rubenverborgh |
๐ฎ Removed packages: npm/axios@0.27.2, npm/follow-redirects@1.15.1
netlify[bot]
commented
6 months ago | Name | Link |
|---|---|
| Latest commit | 2feb40b692bb5759b96b90e6d8603f1f37d9698f |
| Latest deploy log | https://app.netlify.com/sites/peppy-choux-edbc1e/deploys/6621702ba25b6e000823b2ce |
| Deploy Preview | https://deploy-preview-147--peppy-choux-edbc1e.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
github-actions[bot]
commented
5 months ago This PR is stale because it has been open 6 weeks with no activity. Either remove the stale label or comment below with a short update, otherwise this PR will be closed in 5 days.
github-actions[bot]
commented
5 months ago This pull request was automatically closed because it has been stalled for over 6 weeks with no activity.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade axios from 0.27.2 to 0.28.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **2 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-03-28. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | **676/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.1 | Proof of Concept
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | **676/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.1 | Proof of Concept
[SNYK-JS-FOLLOWREDIRECTS-6444610](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610) | **676/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: