hackariens / sveltejs

Template de nouveau projet sveltejs
2 stars 0 forks source link

fix(deps): pin dependency koromerzhin-dependencies to v1.3.0 - autoclosed #76

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
koromerzhin-dependencies dependencies pin ^1.3.0 -> 1.3.0

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

guardrails[bot] commented 2 years ago

:warning: We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity | Details ----- | -------- High | [koromerzhin-dependencies@1.3.0](https://github.com/koromerzhin/template-sveltejs/blob/9c9fe2a4dc79a6a7377f17736c0814844452458b/package.json#L25) upgrade to: *>=1.0.1* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.