search

turkdevops / vuex

🗃️ Centralized State Management for Vue.js.
https://vuex.vuejs.org
MIT License
1 stars 1 forks source link

build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 #225

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps http-cache-semantics from 4.1.0 to 4.1.1.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/vuex/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 70 security issues in this pull request:

Mode: paranoid | Total findings: 70 | Considered vulnerability: 70

Vulnerable Libraries (70)
Severity | Details ----- | -------- High | [pkg:npm/css-what@2.1.3@2.1.3](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@4.1.0@4.1.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/got@9.6.0@9.6.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/fb-watchman@2.0.1@2.0.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *5.1.2* N/A | [pkg:npm/hosted-git-info@3.0.7@3.0.7](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/shelljs@0.8.5@0.8.5](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/eventsource@1.0.7@1.0.7](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *1.1.1,2.0.2* Medium | [pkg:npm/ws@6.2.1@6.2.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Medium | [pkg:npm/istanbul-reports@3.0.2@3.0.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/ssri@6.0.1@6.0.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* High | [pkg:npm/nth-check@1.0.2@1.0.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *2.0.1* Medium | [pkg:npm/ws@7.3.1@7.3.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Critical | [pkg:npm/json-schema@0.2.3@0.2.3](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *0.4.0* Medium | [pkg:npm/trim-off-newlines@1.0.1@1.0.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *1.0.3* High | [pkg:npm/markdown-it@8.4.2@8.4.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/qs@6.7.0@6.7.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/dns-packet@1.3.1@1.3.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/loader-utils@1.4.0@1.4.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *2.0.3* Medium | [pkg:npm/color-string@1.5.3@1.5.3](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *1.5.5* High | [pkg:npm/async@2.6.3@2.6.3](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* High | [pkg:npm/follow-redirects@1.13.2@1.13.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *1.14.7* Medium | [pkg:npm/request@2.88.2@2.88.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/typescript@3.9.7@3.9.7](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/vue@2.5.22@2.5.22](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/handlebars@4.7.6@4.7.6](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim-newlines@1.0.0@1.0.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* High | [pkg:npm/clean-css@4.2.3@4.2.3](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/loader-utils@0.2.17@0.2.17](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@0.5.1@0.5.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/uglify-js@3.4.10@3.4.10](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/terser@4.8.0@4.8.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/express@4.17.1@4.17.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/hosted-git-info@2.8.8@2.8.8](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@5.0.0@5.0.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* High | [pkg:npm/follow-redirects@1.13.0@1.13.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *1.14.7* Critical | [pkg:npm/execa@1.0.0@1.0.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/decode-uri-component@0.2.0@0.2.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/nwsapi@2.2.0@2.2.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/serialize-javascript@1.9.1@1.9.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/lodash.template@4.5.0@4.5.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/lodash@4.17.20@4.17.20](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@4.14.0@4.14.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *4.16.5* Critical | [pkg:npm/qs@6.5.2@6.5.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/minimist@1.2.5@1.2.5](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *1.2.6* Critical | [pkg:npm/set-value@2.0.1@2.0.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/is-svg@3.0.0@3.0.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *4.2.2* Medium | [pkg:npm/vue@2.6.12@2.6.12](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/postcss@7.0.32@7.0.32](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@5.1.1@5.1.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/html-minifier@3.5.21@3.5.21](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/url-parse@1.5.3@1.5.3](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/jsdom@16.4.0@16.4.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *16.5.0* Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ansi-html@0.0.7@0.0.7](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/zepto@1.2.0@1.2.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/node-forge@0.9.0@0.9.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *0.10.0* Medium | [pkg:npm/node-notifier@8.0.1@8.0.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *3.0.5* Medium | [pkg:npm/browserslist@4.16.1@4.16.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *4.16.5* Critical | [pkg:npm/serialize-javascript@2.1.2@2.1.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/prompts@2.3.2@2.3.2](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/prismjs@1.25.0@1.25.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/css-what@3.3.0@3.3.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@2.1.3@2.1.3](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *2.2.2* N/A | [pkg:npm/axios@0.21.1@0.21.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/normalize-url@4.5.0@4.5.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@1.0.1@1.0.1](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *2.2.2* High | [pkg:npm/trim-newlines@3.0.0@3.0.0](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/vuex/blob/7fe4151000c5862621dde78e297c1ba03858e4d6/yarn.lock) (t) upgrade to: *3.1.0* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.