guardrails[bot]
commented
1 year ago :warning: We detected 93 security issues in this pull request:
Mode: paranoid | Total findings: 93 | Considered vulnerability: 93
Vulnerable Libraries (93)
Severity | Details ----- | -------- High | [pkg:npm/minimist@0.0.8@0.0.8](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@3.0.0@3.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* High | [pkg:npm/ssri@5.3.0@5.3.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* High | [pkg:npm/mixin-deep@1.3.1@1.3.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/macaddress@0.2.8@0.2.8](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/debug@2.2.0@2.2.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/stringstream@0.0.5@0.0.5](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@2.1.1@2.1.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *2.2.2* High | [pkg:npm/json5@1.0.1@1.0.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *2.2.2* High | [pkg:npm/postcss@7.0.21@7.0.21](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/typescript@2.6.2@2.6.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Low | [pkg:npm/request@2.88.0@2.88.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/decode-uri-component@0.2.0@0.2.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/set-value@2.0.0@2.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* Medium | [pkg:npm/ms@0.7.1@0.7.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *2.0.0* High | [pkg:npm/minimist@0.0.10@0.0.10](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/hawk@6.0.2@6.0.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *9.0.1* N/A | [pkg:npm/acorn@7.1.0@7.1.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/typescript@4.0.1-rc@4.0.1-rc](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/execa@1.0.0@1.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ajv@6.8.1@6.8.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.12.3* N/A | [pkg:npm/normalize-url@4.5.0@4.5.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/axios@0.19.2@0.19.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/tar@2.2.2@2.2.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *3.2.2,4.4.14,5.0.6,6.1.1* High | [pkg:npm/decompress-zip@0.3.0@0.3.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/acorn@6.0.7@6.0.7](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *5.7.4,6.4.1,7.1.1* Medium | [pkg:npm/bl@4.0.2@4.0.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *1.2.3,2.2.1,3.0.1,4.0.3* Critical | [pkg:npm/js-beautify@1.8.9@1.8.9](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/tar@4.4.6@4.4.6](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *3.2.2,4.4.14,5.0.6,6.1.1* Medium | [pkg:npm/color-string@0.3.0@0.3.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *1.5.5* Medium | [pkg:npm/boom@5.2.0@5.2.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/braces@1.8.5@1.8.5](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *3.1.0* Medium | [pkg:npm/typed-rest-client@0.9.0@0.9.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/serialize-javascript@1.5.0@1.5.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/sshpk@1.13.1@1.13.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ajv@6.10.2@6.10.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.12.3* Medium | [pkg:npm/ajv@5.3.0@5.3.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.12.3* High | [pkg:npm/ansi-regex@4.0.0@4.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/boom@4.3.1@4.3.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/growl@1.9.2@1.9.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/npm-packlist@1.1.11@1.1.11](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/json-stable-stringify@1.0.1@1.0.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@5.1.0@5.1.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *3.0.5* Medium | [pkg:npm/ajv@5.5.2@5.5.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.12.3* Medium | [pkg:npm/mocha@2.5.3@2.5.3](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ajv@6.5.2@6.5.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.12.3* Medium | [pkg:npm/got@9.6.0@9.6.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/validator@9.4.1@9.4.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/css-what@2.1.3@2.1.3](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/json-schema@0.2.3@0.2.3](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *0.4.0* Medium | [pkg:npm/istanbul-reports@3.0.0@3.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/extend@3.0.1@3.0.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/js-yaml@3.12.1@3.12.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/yargs-parser@5.0.1@5.0.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/qs@6.5.1@6.5.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/eslint-utils@1.3.1@1.3.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/js-yaml@3.7.0@3.7.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/qs@6.5.2@6.5.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@1.7.7@1.7.7](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/is-svg@2.1.0@2.1.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *4.2.2* Medium | [pkg:npm/npm-bundled@1.0.3@1.0.3](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/copy-props@2.0.4@2.0.4](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@4.1.0@4.1.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/hoek@4.2.0@4.2.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/y18n@4.0.0@4.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *3.2.2,4.0.1,5.0.5* Critical | [pkg:npm/plist@3.0.6@3.0.6](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/nwmatcher@1.4.3@1.4.3](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/ssri@6.0.1@6.0.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* Medium | [pkg:npm/kind-of@6.0.2@6.0.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/lodash.template@4.4.0@4.4.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/set-value@0.4.3@0.4.3](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* Critical | [pkg:npm/loader-utils@1.4.2@1.4.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@5.0.0@5.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/request@2.83.0@2.83.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/cryptiles@3.1.2@3.1.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/nth-check@1.0.1@1.0.1](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *2.0.1* Medium | [pkg:npm/postcss@5.2.18@5.2.18](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *8.2.13,7.0.36* High | [pkg:npm/follow-redirects@1.5.10@1.5.10](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *1.14.7* High | [pkg:npm/underscore@1.8.3@1.8.3](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *5.1.2* N/A | [pkg:npm/minimatch@0.3.0@0.3.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/simple-get@3.1.0@3.1.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *4.0.1,3.1.1,2.8.2* Medium | [pkg:npm/https-proxy-agent@2.2.4@2.2.4](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ws@7.4.4@7.4.4](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* High | [pkg:npm/markdown-it@8.4.0@8.4.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/diff@1.4.0@1.4.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@2.0.0@2.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/requestretry@4.0.0@4.0.0](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *7.0.0* Medium | [pkg:npm/node-addon-api@1.6.2@1.6.2](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/randomatic@1.1.5@1.1.5](https://github.com/turkdevops/vscode/blob/7b94e993ed316a38b2e177da7364d9cd8ba4a366/yarn.lock) (t) upgrade to: *3.0.0* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
Bumps http-cache-semantics from 4.0.3 to 4.1.1.
Commits
2449650Update mocha560b2d8Don't use regex to trim whitespaceb1bdb92Remove linting package zooc20dc7eCache 308ed83aecExplain trust server date1b35980rfc 5861 (stale-if-error, stale-while-revalidate)2c2fac2Drop trustServerDateeb7028fTest names84cc9a8Bumpae5ecd5Add status to testsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/vscode/network/alerts).