search

turkdevops / web.dev

The frontend, backend, and content source code for web.dev
https://web.dev
Other
0 stars 0 forks source link

Bump http-cache-semantics from 4.1.0 to 4.1.1 #183

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps http-cache-semantics from 4.1.0 to 4.1.1.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/web.dev/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 86 security issues in this pull request:

Mode: paranoid | Total findings: 86 | Considered vulnerability: 86

Vulnerable Libraries (86)
Severity | Details ----- | -------- Critical | [pkg:npm/jsonpointer@4.1.0@4.1.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/eslint@2.13.1@2.13.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/uglify-js@3.13.10@3.13.10](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/acorn@3.3.0@3.3.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/mustache@2.3.2@2.3.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/minimist@1.2.0@1.2.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/json5@2.2.0@2.2.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *2.2.2* High | [pkg:npm/prismjs@1.27.0@1.27.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/json-stable-stringify@1.0.1@1.0.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *3.0.5* Critical | [pkg:npm/socket.io@2.4.0@2.4.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/braces@1.8.5@1.8.5](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Low | [pkg:npm/node-fetch@2.6.1@2.6.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/postcss@6.0.23@6.0.23](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *8.2.13,7.0.36* High | [pkg:npm/markdown-it@10.0.0@10.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/terser@4.8.0@4.8.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/ua-parser-js@0.7.31@0.7.31](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/follow-redirects@1.12.1@1.12.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *1.14.7* High | [pkg:npm/liquidjs@6.4.3@6.4.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/front-matter@2.1.2@2.1.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/clean-css@4.2.3@4.2.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/engine.io@3.5.0@3.5.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *4.0.0* N/A | [pkg:npm/flat@4.1.1@4.1.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *5.0.1* Critical | [pkg:npm/lodash@4.17.15@4.17.15](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/luxon@1.28.0@1.28.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *1.28.1,2.5.2,3.2.1* Critical | [pkg:npm/loader-utils@1.4.0@1.4.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *2.0.3* High | [pkg:npm/selenium-webdriver@4.0.0-beta.1@4.0.0-beta.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/ua-parser-js@0.7.28@0.7.28](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/css-what@4.0.0@4.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *5.0.1* Critical | [pkg:npm/socket.io@4.4.1@4.4.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/request@2.88.2@2.88.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/remove-markdown@0.3.0@0.3.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/ansi-regex@3.0.0@3.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/jszip@3.7.0@3.7.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/axios@0.21.1@0.21.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/socket.io-parser@4.0.4@4.0.4](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *4.0.5,4.2.1* N/A | [pkg:npm/decode-uri-component@0.2.0@0.2.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/mocha@6.2.3@6.2.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/express@4.17.1@4.17.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/lodash.template@4.5.0@4.5.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/json5@1.0.1@1.0.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *2.2.2* Critical | [pkg:npm/qs@6.7.0@6.7.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/html-minifier@4.0.0@4.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *3.1.0* High | [pkg:npm/socket.io-parser@3.3.2@3.3.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/glob-parent@2.0.0@2.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *5.1.2* Medium | [pkg:npm/postcss@7.0.36@7.0.36](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/qs@6.2.3@6.2.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/async@3.2.0@3.2.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *3.2.2,2.6.4* Critical | [pkg:npm/qs@6.5.2@6.5.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/ansi-regex@5.0.0@5.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/yargs-parser@5.0.1@5.0.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/ejs@2.7.4@2.7.4](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/selenium-webdriver@4.0.0-beta.4@4.0.0-beta.4](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/async@2.6.3@2.6.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *3.2.2,2.6.4* High | [pkg:npm/trim@0.0.1@0.0.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *0.0.3* Critical | [pkg:npm/minimist@1.2.5@1.2.5](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *1.2.6* High | [pkg:npm/pac-resolver@4.2.0@4.2.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *5.0.0,3.0.1* Critical | [pkg:npm/json-schema@0.2.3@0.2.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *0.4.0* Medium | [pkg:npm/minimist@1.1.3@1.1.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *0.2.1,1.2.3* High | [pkg:npm/marked@0.7.0@0.7.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *4.0.10* N/A | [pkg:npm/ajv@4.11.8@4.11.8](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/terser@5.7.1@5.7.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/shelljs@0.6.1@0.6.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *0.8.5* Critical | [pkg:npm/qs@6.10.1@6.10.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Low | [pkg:npm/node-fetch@2.6.7@2.6.7](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/json-ptr@2.2.0@2.2.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/set-value@2.0.1@2.0.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *5.1.2* High | [pkg:npm/nth-check@1.0.2@1.0.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *2.0.1* Medium | [pkg:npm/postcss@6.0.1@6.0.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *8.2.13,7.0.36* Medium | [pkg:npm/got@9.6.0@9.6.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/follow-redirects@1.14.1@1.14.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *1.14.7* High | [pkg:npm/merge@1.2.1@1.2.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *2.1.1* Critical | [pkg:npm/degenerator@2.2.0@2.2.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/engine.io@6.1.3@6.1.3](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *3.6.1,6.2.1* High | [pkg:npm/css-what@3.4.2@3.4.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/istanbul-reports@3.0.2@3.0.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/socket.io-parser@3.4.1@3.4.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *4.0.5,4.2.1* Critical | [pkg:npm/jsonwebtoken@8.5.1@8.5.1](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/node-forge@0.10.0@0.10.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *1.0.0* N/A | [pkg:npm/nth-check@2.0.0@2.0.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/protobufjs@6.11.2@6.11.2](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *6.11.3* High | [pkg:npm/js-beautify@1.14.0@1.14.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) - **no patch available** High | [pkg:npm/ansi-regex@4.1.0@4.1.0](https://github.com/turkdevops/web.dev/blob/53af91ea3a2f15456d364606ec122346125af085/package-lock.json) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.