Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade ejs from 1.0.0 to 3.1.7 #112

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade ejs from 1.0.0 to 3.1.7 #112

wants to merge 22 commits into from

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented Jan 14, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • test/acceptance/workspaces/mono-repo-project/npm-project/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		   726  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

snyk-io bot and others added 22 commits December 31, 2024 23:40
@snyk-io
fix: packages/snyk-fix/test/acceptance/plugins/python/handlers/pip-re…
69c9816 
…quirements/update-dependencies/workspaces/app-with-constraints/lib/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548181
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548987
@SherfeyInv
Merge pull request #73 from SherfeyInv/snyk-fix-2d3fc00157c1378ce76d9…
39242a0 
…2942a56c4ee
@dependabot
chore(deps): bump the npm_and_yarn group across 13 directories with 3…
6ebc0c1 
…0 updates

Bumps the npm_and_yarn group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [debug](https://github.com/debug-js/debug) | `4.3.4` | `4.4.0` |
| [semver](https://github.com/npm/node-semver) | `6.3.1` | `7.6.3` |
| [tar](https://github.com/isaacs/node-tar) | `6.2.1` | `7.4.3` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` |
| [express](https://github.com/expressjs/express) | `4.17.1` | `4.21.2` |
| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `6.0.5` | `6.0.6` |
| [webpack](https://github.com/webpack/webpack) | `5.54.0` | `5.97.1` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.24.0` | `7.26.4` |
| [nanoid](https://github.com/ai/nanoid) | `3.1.25` | `3.3.8` |
| [ws](https://github.com/websockets/ws) | `8.17.0` | `8.18.0` |

Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/monorepo-bad-project directory: [debug](https://github.com/debug-js/debug) and [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 4 updates in the /test/acceptance/workspaces/npm-lock-v2-with-npm-prefixed-sub-dep-version directory: [micromatch](https://github.com/micromatch/micromatch), [cross-spawn](https://github.com/moxystudio/node-cross-spawn), [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) and [markdown-to-jsx](https://github.com/quantizor/markdown-to-jsx).
Bumps the npm_and_yarn group with 3 updates in the /test/acceptance/workspaces/npm-package-shrinkwrap directory: [semver](https://github.com/npm/node-semver), [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [rewire](https://github.com/jhnns/rewire).
Bumps the npm_and_yarn group with 4 updates in the /test/acceptance/workspaces/npm-package-with-dist-tag-subdependency directory: [debug](https://github.com/debug-js/debug), [micromatch](https://github.com/micromatch/micromatch), [cookie](https://github.com/jshttp/cookie) and [cdktf-cli](https://github.com/hashicorp/terraform-cdk/tree/HEAD/packages/cdktf-cli).
Bumps the npm_and_yarn group with 5 updates in the /test/acceptance/workspaces/npm-package-with-overrides directory:

| Package | From | To |
| --- | --- | --- |
| [debug](https://github.com/debug-js/debug) | `4.3.4` | `4.4.0` |
| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |
| [ip](https://github.com/indutny/node-ip) | `1.1.8` | `removed` |
| [pac-resolver](https://github.com/TooTallNate/proxy-agents/tree/HEAD/packages/pac-resolver) | `7.0.0` | `7.0.1` |
| [socks](https://github.com/JoshGlazebrook/socks) | `2.7.1` | `2.8.3` |

Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/yarn-out-of-sync directory: [debug](https://github.com/debug-js/debug) and [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/yarn-v2 directory: [lodash](https://github.com/lodash/lodash).
Bumps the npm_and_yarn group with 3 updates in the /test/acceptance/workspaces/yarn-workspace-out-of-sync directory: [debug](https://github.com/debug-js/debug), [node-fetch](https://github.com/node-fetch/node-fetch) and [y18n](https://github.com/yargs/y18n).
Bumps the npm_and_yarn group with 4 updates in the /test/acceptance/workspaces/yarn-workspaces directory: [minimatch](https://github.com/isaacs/minimatch), [node-fetch](https://github.com/node-fetch/node-fetch), [y18n](https://github.com/yargs/y18n) and [node-uuid](https://github.com/broofa/node-uuid).
Bumps the npm_and_yarn group with 3 updates in the /test/acceptance/workspaces/yarn-workspaces-v2 directory: [minimatch](https://github.com/isaacs/minimatch), [node-fetch](https://github.com/node-fetch/node-fetch) and [node-uuid](https://github.com/broofa/node-uuid).
Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/yarn-workspaces-v2-resolutions directory: [node-fetch](https://github.com/node-fetch/node-fetch) and [node-uuid](https://github.com/broofa/node-uuid).
Bumps the npm_and_yarn group with 6 updates in the /ts-binary-wrapper directory:

| Package | From | To |
| --- | --- | --- |
| [debug](https://github.com/debug-js/debug) | `4.3.4` | `4.4.0` |
| [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |
| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.13` | `7.26.4` |
| [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `removed` |
| [@sentry/node](https://github.com/getsentry/sentry-javascript) | `7.36.0` | `7.120.2` |



Updates `debug` from 4.3.4 to 4.4.0
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.4...4.4.0)

Updates `semver` from 6.3.1 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v6.3.1...v7.6.3)

Updates `tar` from 6.2.1 to 7.4.3
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.4.3)

Updates `body-parser` from 1.19.0 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.19.0...1.20.3)

Updates `express` from 4.17.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.17.1...4.21.2)

Updates `cross-spawn` from 6.0.5 to 6.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6)

Updates `express` from 4.17.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.17.1...4.21.2)

Updates `webpack` from 5.54.0 to 5.97.1
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.54.0...v5.97.1)

Updates `@babel/traverse` from 7.24.0 to 7.26.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.4/packages/babel-traverse)

Updates `cookie` from 0.4.0 to 0.4.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](https://github.com/jshttp/cookie/commits)

Updates `path-to-regexp` from 0.1.7 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12)

Updates `send` from 0.17.1 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.17.1...0.19.0)

Updates `nanoid` from 3.1.25 to 3.3.8
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.1.25...3.3.8)

Updates `serve-static` from 1.14.1 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.14.1...v1.16.2)

Updates `ws` from 8.17.0 to 8.18.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.17.0...8.18.0)

Updates `debug` from 3.2.5 to 3.2.7
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.4...4.4.0)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6)

Updates `@babel/traverse` from 7.23.5 to 7.26.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.4/packages/babel-traverse)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `markdown-to-jsx` from 7.3.2 to 7.7.2
- [Release notes](https://github.com/quantizor/markdown-to-jsx/releases)
- [Changelog](https://github.com/quantizor/markdown-to-jsx/blob/main/CHANGELOG.md)
- [Commits](quantizor/markdown-to-jsx@v7.3.2...v7.7.2)

Updates `semver` from 5.5.0 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v6.3.1...v7.6.3)

Updates `cross-spawn` from 5.1.0 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6)

Updates `rewire` from 4.0.1 to 7.0.0
- [Release notes](https://github.com/jhnns/rewire/releases)
- [Changelog](https://github.com/jhnns/rewire/blob/master/CHANGELOG.md)
- [Commits](jhnns/rewire@v4.0.1...v7.0.0)

Updates `ansi-regex` from 2.1.1 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@2.1.1...v5.0.1)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `debug` from 4.3.4 to 4.4.0
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.4...4.4.0)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

Removes `cookie`

Updates `cdktf-cli` from 0.20.3 to 0.20.10
- [Release notes](https://github.com/hashicorp/terraform-cdk/releases)
- [Changelog](https://github.com/hashicorp/terraform-cdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/terraform-cdk/commits/v0.20.10/packages/cdktf-cli)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `yargs-parser` from 18.1.3 to 20.2.9
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)
- [Commits](yargs/yargs-parser@v18.1.3...yargs-parser-v20.2.9)

Updates `node-fetch` from 2.6.7 to 2.7.0
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.0...v2.6.7)

Updates `ws` from 7.5.9 to 7.5.10
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.17.0...8.18.0)

Updates `y18n` from 4.0.3 to 5.0.8
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Updates `debug` from 4.3.4 to 4.4.0
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.4...4.4.0)

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6)

Removes `ip`

Updates `pac-resolver` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/TooTallNate/proxy-agents/releases)
- [Changelog](https://github.com/TooTallNate/proxy-agents/blob/main/packages/pac-resolver/CHANGELOG.md)
- [Commits](https://github.com/TooTallNate/proxy-agents/commits/pac-resolver@7.0.1/packages/pac-resolver)

Updates `socks` from 2.7.1 to 2.8.3
- [Release notes](https://github.com/JoshGlazebrook/socks/releases)
- [Commits](JoshGlazebrook/socks@2.7.1...2.8.3)

Updates `debug` from 3.2.5 to 3.2.7
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.4...4.4.0)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `lodash` from 4.17.0 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.0...4.17.21)

Updates `debug` from 4.1.1 to 4.3.1
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.4...4.4.0)

Updates `node-fetch` from 2.6.0 to 2.6.7
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.0...v2.6.7)

Updates `y18n` from 3.2.1 to 3.2.2
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `node-fetch` from 2.6.0 to 2.6.7
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.0...v2.6.7)

Updates `y18n` from 3.2.1 to 3.2.2
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Updates `node-uuid` from 1.3.0 to 1.4.8
- [Changelog](https://github.com/broofa/node-uuid/blob/master/HISTORY.md)
- [Commits](https://github.com/broofa/node-uuid/commits)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `node-fetch` from 2.2.0 to 2.6.7
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.0...v2.6.7)

Updates `node-uuid` from 1.3.0 to 1.4.8
- [Changelog](https://github.com/broofa/node-uuid/blob/master/HISTORY.md)
- [Commits](https://github.com/broofa/node-uuid/commits)

Updates `node-fetch` from 2.2.0 to 2.6.7
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.0...v2.6.7)

Updates `node-uuid` from 1.3.0 to 1.4.8
- [Changelog](https://github.com/broofa/node-uuid/blob/master/HISTORY.md)
- [Commits](https://github.com/broofa/node-uuid/commits)

Updates `debug` from 4.3.4 to 4.4.0
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.4...4.4.0)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6)

Updates `@babel/traverse` from 7.20.13 to 7.26.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.4/packages/babel-traverse)

Removes `cookie`

Updates `@sentry/node` from 7.36.0 to 7.120.2
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.2/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@7.36.0...7.120.2)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: debug
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: debug
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: markdown-to-jsx
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rewire
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ansi-regex
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: debug
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cdktf-cli
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yargs-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: y18n
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: debug
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ip
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pac-resolver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socks
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: debug
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: debug
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: y18n
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: y18n
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-uuid
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: node-uuid
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: node-uuid
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: debug
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@sentry/node"
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@SherfeyInv
Merge pull request #75 from SherfeyInv/dependabot/npm_and_yarn/npm_an…
674e0f1 
…d_yarn-79272645f4
@snyk-io
fix: test/acceptance/workspaces/pip-app/requirements.txt to reduce vu…
d243a97 
…lnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548181
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548987
@SherfeyInv
Merge pull request #82 from SherfeyInv/snyk-fix-d867c37be6448a0bbef1f…
2b54a0f 
…577f8c13afd
@snyk-io
fix: test/fixtures/demo-os/package.json to reduce vulnerabilities
d6ef9ae 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
@snyk-io
fix: test/acceptance/workspaces/mono-repo-project/npm-project/package…
3194453 
….json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-KERBEROS-568900
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721
@SherfeyInv
Merge pull request #85 from SherfeyInv/snyk-fix-bb0b2e6d8276abe8b9913…
721a8d5 
…8e74c01f4b1
@SherfeyInv
Merge pull request #84 from SherfeyInv/snyk-fix-872c9ad41ca516e82b4c6…
293b082 
…ed709252981
@snyk-io
fix: test/acceptance/workspaces/npm-package-with-dist-tag-subdependen…
7610b05 
…cy/package.json & test/acceptance/workspaces/npm-package-with-dist-tag-subdependency/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
@SherfeyInv
Create dependabot.yml
abd2257 
Signed-off-by: Ron Sherfey <aysherintel@icloud.com>
@SherfeyInv
Create codeql.yml
2e4a518 
Signed-off-by: Ron Sherfey <aysherintel@icloud.com>
@snyk-io
fix: test/acceptance/workspaces/pip-app/requirements.txt to reduce vu…
1cae50d 
…lnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-174126
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-455616
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548181
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-8548987
@dependabot
chore(deps): bump the go_modules group across 1 directory with 2 updates
7ba1923 
Bumps the go_modules group with 2 updates in the /cliv2 directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa).


Updates `github.com/go-git/go-git/v5` from 5.12.0 to 5.13.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.12.0...v5.13.1)

Updates `github.com/open-policy-agent/opa` from 0.51.0 to 0.68.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v0.51.0...v0.68.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@SherfeyInv
Create c-cpp.yml
b4e2f65 
Signed-off-by: Ron Sherfey <aysherintel@icloud.com>
@SherfeyInv
Merge pull request #109 from snyk/main
4e6952e 
Pull
@SherfeyInv
Merge branch 'main' into dependabot/go_modules/cliv2/go_modules-b8cfc…
3a2cc2b 
…1d416
@SherfeyInv
Merge pull request #108 from SherfeyInv/dependabot/go_modules/cliv2/g…
e86b614 
…o_modules-b8cfc1d416

chore(deps): bump the go_modules group across 1 directory with 2 updates
@SherfeyInv
Merge pull request #86 from SherfeyInv/snyk-fix-d216dab0db0a036e6138f…
e262aa5 
…88565d03388
@SherfeyInv
Merge pull request #106 from SherfeyInv/snyk-fix-238eeab84aca3612a720…
98b3064 
…46616053bde3
@snyk-io
fix: test/acceptance/workspaces/mono-repo-project/npm-project/package…
212b87e 
….json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EJS-2803307
@github-actions GitHub Actions
Copy link

Warnings
⚠️

"fix: test/acceptance/workspaces/mono-repo-project/npm-project/package.json to reduce vulnerabilities" is too long. Keep the first line of your commit message under 72 characters.

Generated by 🚫 dangerJS against 212b87e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@SherfeyInv