Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
:warning: We detected 17 security issues in this pull request:
Vulnerable Libraries (17)
Severity | Details
----- | --------
Medium | [acorn@6.3.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>5.7.3 || >6.4.0 || >7.1.0`
Medium | [browserslist@4.6.6](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>4.16.4`
High | [dns-packet@1.3.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=1.3.2 || >=5.2.2`
High | [dot-prop@4.2.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=4.2.1 || >=5.1.1`
High | [elliptic@6.5.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>6.5.3`
Critical | [handlebars@4.1.2](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>4.7.6`
Medium | [hosted-git-info@2.8.4](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=2.8.9 || >=3.0.8`
High | [http-proxy@1.17.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=1.18.1`
High | [https-proxy-agent@2.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=2.2.3`
High | [merge@1.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=2.1.1`
High | [node-forge@0.7.5](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>0.9.2`
High | [serialize-javascript@1.9.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>3.0.0`
Medium | [ssri@5.3.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>6.0.1 || >7.1.0 || 8.0.0`
High | [tree-kill@1.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=1.2.2`
High | [url-parse@1.4.7](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=1.5.0`
Medium | [websocket-extensions@0.1.3](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=0.1.4`
High | [y18n@4.0.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9e0d41a62ffa463968221a93b4e9985f702243dc/package.json) upgrade to `>=5.0.5`
More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).
Bumps @types/jasmine from 3.4.2 to 3.7.6.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)