guardrails[bot]
commented
1 year ago :warning: We detected 3 security issues in this pull request:
Vulnerable Libraries (3)
Severity | Details ----- | -------- High | [gitmoji-changelog@2.3.0](https://github.com/koromerzhin/js-commands/blob/405b6adbe07c6dcd8c4c392804584f194e29fae6/package.json#L35) upgrade to: *>=1.1.0* Critical | [pkg:npm/simple-git@1.132.0@1.132.0](https://github.com/koromerzhin/js-commands/blob/405b6adbe07c6dcd8c4c392804584f194e29fae6/package-lock.json#L6459) (t) - **no patch available** Critical | [pkg:npm/simple-git@1.132.0@1.132.0](https://github.com/koromerzhin/js-commands/blob/405b6adbe07c6dcd8c4c392804584f194e29fae6/package-lock.json#L12484) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
dependabot[bot]
Bumps trim-newlines to 3.0.1 and updates ancestor dependency gitmoji-changelog. These dependencies need to be updated together.
Updates
trim-newlinesfrom 1.0.0 to 3.0.1Release notes
Sourced from trim-newlines's releases.
Commits
Updates
gitmoji-changelogfrom 1.1.0 to 2.3.0Release notes
Sourced from gitmoji-changelog's releases.
... (truncated)
Changelog
Sourced from gitmoji-changelog's changelog.
... (truncated)
Commits
0522b87🔖 Release v2.3.0bbc9ed4:bookmark: Release v2.2.01f94e98👥 Add horaklukas as a contributor for code (#234)b643004👥 Add juwit as a contributor for code (#233)ed4a033:arrow_up: Bump ssri from 6.0.1 to 6.0.2 (#215)9cb9e41:arrow_up: Bump normalize-url from 4.5.0 to 4.5.1 (#219)0668d86:arrow_up: Bump y18n from 3.2.1 to 3.2.2 (#220)14f55bc:arrow_up: Upgrade dependencies using yarn upgrade (#232)27c53bd⬆️ Upgrade vulnerable packages (#230)8c16f72✨ Add Helm preset (#229)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/koromerzhin/js-commands/network/alerts).