Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: , , , , , chalk, commander, dotenv, glob, octokit, ora, uuid #519

Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

[Snyk] Upgrade: , , , , , chalk, commander, dotenv, glob, octokit, ora, uuid #519

wants to merge 1 commit into from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@commander-js/extra-typings
from 10.0.3 to 12.1.0 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-19
@octokit/graphql
from 4.8.0 to 8.1.1 | 21 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 months ago
on 2024-04-15
@octokit/graphql-schema
from 14.58.0 to 15.25.0 | 36 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
@octokit/types
from 9.3.2 to 13.5.0 | 22 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 months ago
on 2024-04-29
@types/uuid
from 9.0.8 to 10.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-20
chalk
from 4.1.2 to 5.3.0 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-06-29
commander
from 10.0.1 to 12.1.0 | 6 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-18
dotenv
from 10.0.0 to 16.4.5 | 39 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 7 months ago
on 2024-02-20
glob
from 10.4.5 to 11.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
octokit
from 2.1.0 to 4.0.2 | 15 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-08
ora
from 5.4.1 to 8.1.0 | 13 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 23 days ago
on 2024-08-25
uuid
from 9.0.1 to 10.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Improper Handling of Exceptional Conditions
SNYK-JS-OCTOKIT-6129525		 624 No Known Exploit
Release notes
Package name: @commander-js/extra-typings
  • 12.1.0 - 2024-05-19

    Changed

    • use ESLint for linting (#65)
    • format source files with Prettier (#66)

    Removed

    • removed unimplemented Option.fullDescription from TypeScript definition (#70)
  • 12.0.1 - 2024-03-01

    Release

  • 12.0.0 - 2024-02-03

    Changed

    • update peerDependencies to commander@12.0.x, which requires Node.js v18 or higher
  • 12.0.0-1 - 2023-11-13

    Fixed

    • use prerelease Commander version for peerDependencies
  • 12.0.0-0 - 2023-11-12

    Changed

    • update peerDependencies to commander@12.0.x, which requires Node.js v18 or higher
  • 11.1.0 - 2023-10-15

    Added

    • Option properties: envVar, presetArg (#48)
    • Argument properties: argChoices, defaultValue, defaultValueDescription (#48)
    • Command properties: options, registeredArguments (#50)

    Changed

    • commands property of Command is now readonly (#48)
    • update peerDependencies to commander@11.1.x (#48)

    Fixed

    • remove unused Option.optionFlags property (#48)
    • add that Command.version() can also be used as getter (#48)
    • add null return type to Commands.executableDir(), for when not configured (#48)
    • preserve option typings when adding arguments to Command (#49)
  • 11.0.0 - 2023-06-16

    Changed

    • update peerDependencies to commander@11.0.x, which requires Node.js v16 or higher
  • 10.0.3 - 2023-03-03

    Added

    • narrow types based on .choices() (#29)

    Fixed

    • improve Option type inferences for certain combinations of configuration (#31)
    • mark .action() callback as allowing promises (#33)
from @commander-js/extra-typings GitHub release notes
Package name: @octokit/graphql
  • 8.1.1 - 2024-04-15

    8.1.1 (2024-04-15)

    Bug Fixes

    • pkg: add default fallback and types export (#565) (9de1ef8)
  • 8.1.0 - 2024-04-03

    8.1.0 (2024-04-03)

    Features

  • 8.0.2 - 2024-04-03

    8.0.2 (2024-04-03)

    Bug Fixes

    • deps: update dependency @ octokit/types to v13 (ce3f6c9)
  • 8.0.1 - 2024-02-27

    8.0.1 (2024-02-27)

    Bug Fixes

  • 8.0.0 - 2024-02-25

    8.0.0 (2024-02-25)

    Features

    BREAKING CHANGES

    • this package is now ESM

    • fix: add missing file extension in relative file path import

  • 8.0.0-beta.1 - 2024-02-24

    8.0.0-beta.1 (2024-02-24)

    Bug Fixes

    • add missing file extension in relative file path import (daa3ecb)

    Features

    BREAKING CHANGES

    • this package is now ESM
  • 7.1.0 - 2024-04-05

    7.1.0 (2024-04-05)

    Bug Fixes

    • upgrade @ octokit/types (981171f)

    Features

  • 7.0.2 - 2023-09-23

    7.0.2 (2023-09-23)

    Bug Fixes

    • deps: update dependency @ octokit/types to v12 (#508) (2a72b63)
  • 7.0.1 - 2023-07-10

    7.0.1 (2023-07-10)

    Bug Fixes

  • 7.0.0 - 2023-07-07

    7.0.0 (2023-07-07)

    Bug Fixes

    • deps: update octokit monorepo (major) (#488) (585f4ae)

    BREAKING CHANGES

    • deps: Replace support for Node.js http(s) Agents with documentation on using fetch dispatchers instead
    • deps: Remove ability to pass custom request options, except from method, headers, body, signal, data
  • 6.0.1 - 2023-06-20
  • 6.0.0 - 2023-06-18
  • 6.0.0-beta.2 - 2023-06-16
  • 6.0.0-beta.1 - 2023-05-22
  • 5.0.6 - 2023-05-21
  • 5.0.5 - 2023-01-20
  • 5.0.4 - 2022-10-19
  • 5.0.3 - 2022-10-13
  • 5.0.2 - 2022-10-13
  • 5.0.1 - 2022-08-15
  • 5.0.0 - 2022-07-08
  • 4.8.0 - 2021-08-31
from @octokit/graphql GitHub release notes
Package name: @octokit/graphql-schema
  • 15.25.0 - 2024-07-08

    15.25.0 (2024-07-08)

    Features

    • minPermissionLevel filter for projects connections (#969) (503d8f1)
  • 15.24.0 - 2024-07-03

    15.24.0 (2024-07-03)

    Features

    • remove org verifiedDomainsList and defer keyword, add specifiedBy keyword (#967) (ee111b5)
  • 15.23.0 - 2024-06-28

    15.23.0 (2024-06-28)

    Features

  • 15.22.0 - 2024-06-21

    15.22.0 (2024-06-21)

    Features

    • convertProjectV2DraftIssueItemToIssue() mutation (#962) (d345d19)
  • 15.21.0 - 2024-06-20

    15.21.0 (2024-06-20)

    Features

    • ProjectV2#statusUpdates(), Mutations: createProjectV2StatusUpdate(), updateProjectV2StatusUpdate(), deleteProjectV2StatusUpdate(). (#961) (fc3abe0)
  • 15.20.0 - 2024-06-14

    15.20.0 (2024-06-14)

    Features

    • Adds AnnouncementBanner[readme, readmeHTML] (#959) (48b05fb)
  • 15.19.0 - 2024-06-13

    15.19.0 (2024-06-13)

    Features

    • Query#enterpriseMemberInvitation, enterpriseMemberInvitationByToken, EnterpriseOwnerInfo#pendingUnaffiliatedMemberInvitations. Mutations: acceptEnterpriseMemberInvitation, cancelEnterpriseMemberInvitation, inviteEnterpriseMember (#958) (4b94ff4)
  • 15.18.1 - 2024-06-11

    15.18.1 (2024-06-11)

    Bug Fixes

    • comments: clarify GitObject#{since,until} (#955) (d4b7bc5)
  • 15.18.0 - 2024-05-24

    15.18.0 (2024-05-24)

    Features

  • 15.17.0 - 2024-05-20

    15.17.0 (2024-05-20)

    Features

    • Adds property AnnouncementBanner.announcementCreatedAt (#947) (4f1108e)
  • 15.16.0 - 2024-05-16
  • 15.15.0 - 2024-05-02
  • 15.14.0 - 2024-04-29
  • 15.13.0 - 2024-04-25
  • 15.12.0 - 2024-04-18
  • 15.11.0 - 2024-04-18
  • 15.10.0 - 2024-04-17
  • 15.9.0 - 2024-04-16
  • 15.8.0 - 2024-04-16
  • 15.7.0 - 2024-04-15
  • 15.6.0 - 2024-04-11
  • 15.5.1 - 2024-04-09
  • 15.5.0 - 2024-04-08
  • 15.4.2 - 2024-04-05
  • 15.4.1 - 2024-04-04
  • 15.4.0 - 2024-04-03
  • 15.3.0 - 2024-03-11
  • 15.2.0 - 2024-03-08
  • 15.1.2 - 2024-03-08
  • 15.1.1 - 2024-03-07
  • 15.1.0 - 2024-03-07
  • 15.0.0 - 2024-03-04
  • 15.0.0-beta.4 - 2024-03-04
  • 15.0.0-beta.3 - 2024-03-04
  • 15.0.0-beta.2 - 2024-03-04
  • 15.0.0-beta.1 - 2024-03-04
  • 14.58.0 - 2024-02-27
from @octokit/graphql-schema GitHub release notes
Package name: @octokit/types
  • 13.5.0 - 2024-04-29

    13.5.0 (2024-04-29)

    Features

    • add Copilot operations, bump openapi-types version (#638) (69c7f34)
  • 13.4.1 - 2024-04-15

    13.4.1 (2024-04-15)

    Bug Fixes

    • openapi-types and openapi-version minor bumps (#633) (fa8e2bb)
  • 13.4.0 - 2024-04-09

    13.4.0 (2024-04-09)

    Features

    • updates @ octokit/openapi-types to v22.0.1 (#631) (73f3c21)
  • 13.3.0 - 2024-04-09

    13.3.0 (2024-04-09)

    Features

    • add redirect option in RequestRequestOptions (#630) (9c58158)
  • 13.2.0 - 2024-04-08

    13.2.0 (2024-04-08)

    Features

    • Updates @ octokit/openapi-types to 22.0.0 (which had breaking changes). BREAKING CHANGES: Renames [repository-rule-params-code-scanning-threshold to repository-rule-params-code-scanning-tool, security_alerts to security_alerts_threshold], renames fields[repository-rule-params-code-scanning-threshold.alerts to repository-rule-params-code-scanning-tool.alerts_threshold, repository-rule-params-code-scanning-threshold.security_alerts to repository-rule-params-code-scanning-tool.security_alerts_threshold] (#629) (d32a77f)
    • updates @ octokit/openapi-types to v21.2.0 (#627) (a5bfb8f)
  • 13.1.0 - 2024-04-04

    13.1.0 (2024-04-04)

    Features

  • 13.0.0 - 2024-04-02

    13.0.0 (2024-04-02)

    Features

    • Updates openapi-types to v21.0.0 (which had breaking changes), BREAKING CHANGE: Updates multiple endpoints to use owner + repo in place of repository_id (#625) (ad024fe)

    BREAKING CHANGES

    • Updates multiple endpoints to use owner + repo in place of repository_id
  • 12.6.0 - 2024-02-22

    12.6.0 (2024-02-22)

    Features

  • 12.5.0 - 2024-02-15

    12.5.0 (2024-02-15)

    Features

  • 12.4.0 - 2023-12-04

    12.4.0 (2023-12-04)

    Features

    • permissions.organization_custom_properties (#598) (ff98468)
  • 12.3.0 - 2023-11-12
  • 12.2.0 - 2023-11-07
  • 12.1.1 - 2023-10-25
  • 12.1.0 - 2023-10-24
  • 12.0.1 - 2023-10-24
  • 12.0.0 - 2023-09-23
  • 11.1.0 - 2023-07-10
  • 11.0.0 - 2023-07-07
  • 10.1.0-beta.1 - 2023-06-30
  • 10.0.0 - 2023-06-13
  • 10.0.0-beta.2 - 2023-06-12
  • 10.0.0-beta.1 - 2023-05-26
  • 9.3.2 - 2023-06-13
from @octokit/types GitHub release notes
Package name: @types/uuid
  • 10.0.0 - 2024-06-20
  • 9.0.8 - 2024-01-25
from @types/uuid GitHub release notes
Package name: chalk from chalk GitHub release notes
Package name: commander
  • 12.1.0 - 2024-05-18

    Added

    • auto-detect special node flags node --eval and node --print when call .parse() with no arguments (#2164)

    Changed

    • prefix require of Node.js core modules with node: (#2170)
    • format source files with Prettier (#2180)
    • switch from StandardJS to directly calling ESLint for linting (#2153)
    • extend security support for previous major version of Commander (#2150)

    Removed

    • removed unimplemented Option.fullDescription from TypeScript definition (#2191)
  • 12.0.0 - 2024-02-03

    Added

    • .addHelpOption() as another way of configuring built-in help option (#2006)
    • .helpCommand() for configuring built-in help command (#2087)

    Fixed

    • Breaking: use non-zero exit code when spawned executable subcommand terminates due to a signal (#2023)
    • Breaking: check passThroughOptions constraints when using .addCommand and throw if parent command does not have .enablePositionalOptions() enabled (#1937)

    Changed

    • Breaking: Commander 12 requires Node.js v18 or higher (#2027)
    • Breaking: throw an error if add an option with a flag which is already in use (#2055)
    • Breaking: throw an error if add a command with name or alias which is already in use (#2059)
    • Breaking: throw error when calling .storeOptionsAsProperties() after setting an option value (#1928)
    • replace non-standard JSDoc of @ api private with documented @ private (#1949)
    • .addHelpCommand() now takes a Command (passing string or boolean still works as before but deprecated) (#2087)
    • refactor internal implementation of built-in help option (#2006)
    • refactor internal implementation of built-in help command (#2087)

    Deprecated

    • .addHelpCommand() passing string or boolean (use .helpCommand() or pass a Command) (#2087)

    Removed

    • Breaking: removed default export of a global Command instance from CommonJS (use the named program export instead) (#2017)

    Migration Tips

    global program

    If you are using the deprecated default import of the global Command object, you need to switch to using a named import (or create a new Command).

    // const program = require('commander');
const { program } = require('commander');

    option and command clashes

    A couple of configuration problems now throw an error, which will pick up issues in existing programs:

    • adding an option which uses the same flag as a previous option
    • adding a command which uses the same name or alias as a previous command
  • 12.0.0-1 - 2024-01-19

    Added

    • .addHelpOption() as another way of configuring built-in help option (#2006)
    • .helpCommand() for configuring built-in help command (#2087)

    Changed

    • .addHelpCommand() now takes a Command (passing string or boolean still works as before but deprecated) (#2087)
    • refactor internal implementation of built-in help option (#2006)
    • refactor internal implementation of built-in help command (#2087)

    Deprecated

    • .addHelpCommand() passing string or boolean (use .helpCommand() or pass a Command) (#2087)
  • 12.0.0-0 - 2023-11-11

    Fixed

    • Breaking: use non-zero exit code when spawned executable subcommand terminates due to a signal (#2023)
    • Breaking: check passThroughOptions constraints when using .addCommand and throw if parent command does not have .enablePositionalOptions() enabled (

@snyk-bot
feat: upgrade multiple dependencies with Snyk
827a90f 
Snyk has created this PR to upgrade:
  - @commander-js/extra-typings from 10.0.3 to 12.1.0.
    See this package in npm: https://www.npmjs.com/package/@commander-js/extra-typings
  - @octokit/graphql from 4.8.0 to 8.1.1.
    See this package in npm: https://www.npmjs.com/package/@octokit/graphql
  - @octokit/graphql-schema from 14.58.0 to 15.25.0.
    See this package in npm: https://www.npmjs.com/package/@octokit/graphql-schema
  - @octokit/types from 9.3.2 to 13.5.0.
    See this package in npm: https://www.npmjs.com/package/@octokit/types
  - @types/uuid from 9.0.8 to 10.0.0.
    See this package in npm: https://www.npmjs.com/package/@types/uuid
  - chalk from 4.1.2 to 5.3.0.
    See this package in npm: https://www.npmjs.com/package/chalk
  - commander from 10.0.1 to 12.1.0.
    See this package in npm: https://www.npmjs.com/package/commander
  - dotenv from 10.0.0 to 16.4.5.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - glob from 10.4.5 to 11.0.0.
    See this package in npm: https://www.npmjs.com/package/glob
  - octokit from 2.1.0 to 4.0.2.
    See this package in npm: https://www.npmjs.com/package/octokit
  - ora from 5.4.1 to 8.1.0.
    See this package in npm: https://www.npmjs.com/package/ora
  - uuid from 9.0.1 to 10.0.0.
    See this package in npm: https://www.npmjs.com/package/uuid

See this project in Snyk:
https://app.snyk.io/org/cachiman-inc/project/54347cd0-be7d-48aa-9226-dbea3cf68ea4?utm_source=github&utm_medium=referral&page=upgrade-pr
@google-cla Google CLA
Copy link

google-cla bot commented Sep 18, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WontonSam @snyk-bot