search

turkdevops / vuepress

📝 Minimalistic Vue-powered static site generator
https://vuepress.vuejs.org
MIT License
1 stars 0 forks source link

[Snyk] Upgrade: vue, vue-template-compiler #468

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on
vue
from 2.5.16 to 2.7.2		 49 versions ahead of your current version 21 days ago
on 2022-07-05
vue-template-compiler
from 2.5.16 to 2.7.2		 49 versions ahead of your current version 21 days ago
on 2022-07-05

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Cross-site Scripting (XSS)
npm:vue:20180802		 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

pull-dog[bot] commented 2 years ago

*Ruff* :dog: I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file :weary: Make sure the given paths are correct.

Files checked:

What is this? Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a `docker-compose.yml` file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available. Visit our website to learn more.
Commands - `@pull-dog up` to reprovision or provision the server. - `@pull-dog down` to delete the provisioned server.
Troubleshooting Need help? Don't hesitate to file an issue in our repository **Configuration** ```json { "isLazy": false, "dockerComposeYmlFilePaths": [ "docker-compose.yml" ], "expiry": "00:00:00", "conversationMode": "singleComment" } ``` **Trace ID** 6954c020-0cb1-11ed-911d-d32fe34af2dd
guardrails[bot] commented 2 years ago

:warning: We detected 1 security issue in this pull request:

Mode: paranoid | Total findings: 1 | Considered vulnerability: 1

Vulnerable Libraries (1)
Severity | Details ----- | -------- Medium | [postcss@5.2.18](https://github.com/turkdevops/vuepress/blob/b53daae0218b7285bf7a81cd5c8ceb2b3639cb7a/yarn.lock#L946) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.