guardrails[bot]
commented
1 year ago :warning: We detected 3 security issues in this pull request:
Vulnerable Libraries (3)
Severity | Details ----- | -------- High | [gitmoji-changelog@2.3.0](https://github.com/koromerzhin/js-commands/blob/45e5ee9f279353567ca46a848d1600ffbbaeee7f/package.json#L35) upgrade to: *>=1.1.0* Critical | [pkg:npm/simple-git@1.132.0@1.132.0](https://github.com/koromerzhin/js-commands/blob/45e5ee9f279353567ca46a848d1600ffbbaeee7f/package-lock.json#L6459) (t) - **no patch available** Critical | [pkg:npm/simple-git@1.132.0@1.132.0](https://github.com/koromerzhin/js-commands/blob/45e5ee9f279353567ca46a848d1600ffbbaeee7f/package-lock.json#L12484) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
koromerzhin
dependabot[bot]
Bumps npm-registry-fetch to 4.0.7 and updates ancestor dependency gitmoji-changelog. These dependencies need to be updated together.
Updates
npm-registry-fetchfrom 3.9.1 to 4.0.7Release notes
Sourced from npm-registry-fetch's releases.
Changelog
Sourced from npm-registry-fetch's changelog.
... (truncated)
Commits
d8df0b1chore(release): 4.0.7110032bfix: correct password redaction2275f55chore(release): 4.0.6cd35987fix: import URL from url module62ce833chore(release): 4.0.543a5d84chore: remove basic auth data from logs71ab0e7chore(release): 4.0.4fc5d94cPut default timeout back to zero2e0c446chore(release): 4.0.3d7d8c58chore: publish as latest-v4Updates
gitmoji-changelogfrom 1.1.0 to 2.3.0Release notes
Sourced from gitmoji-changelog's releases.
... (truncated)
Changelog
Sourced from gitmoji-changelog's changelog.
... (truncated)
Commits
0522b87🔖 Release v2.3.0bbc9ed4:bookmark: Release v2.2.01f94e98👥 Add horaklukas as a contributor for code (#234)b643004👥 Add juwit as a contributor for code (#233)ed4a033:arrow_up: Bump ssri from 6.0.1 to 6.0.2 (#215)9cb9e41:arrow_up: Bump normalize-url from 4.5.0 to 4.5.1 (#219)0668d86:arrow_up: Bump y18n from 3.2.1 to 3.2.2 (#220)14f55bc:arrow_up: Upgrade dependencies using yarn upgrade (#232)27c53bd⬆️ Upgrade vulnerable packages (#230)8c16f72✨ Add Helm preset (#229)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/koromerzhin/js-commands/network/alerts).