Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade minimist from 1.2.2 to 1.2.3 #37138

Closed
wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • build/package.json
⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
No Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@phil-davis
Copy link
Contributor

phil-davis commented Mar 19, 2020

drone has not started. There are PRs in docs with the same problem.
I added a changelog, squashed and force-pushed - still no drone starting.
I made a test PR #37139 and drone starts fine on that.
???

And the CLAassistant is too stupid to understand that this PR is by a bot - the bot is not a legal entity that can "sign" a CLA.

@phil-davis phil-davis self-assigned this Mar 19, 2020
@phil-davis phil-davis force-pushed the snyk-fix-9d3aa5dcdbd949667419e1baeee034e8 branch 2 times, most recently from 9792ff4 to d89c154 Compare March 19, 2020 02:33
@owncloud owncloud deleted a comment from update-docs bot Mar 19, 2020
@phil-davis phil-davis force-pushed the snyk-fix-9d3aa5dcdbd949667419e1baeee034e8 branch from d89c154 to d89de92 Compare March 20, 2020 16:24
@phil-davis
Copy link
Contributor

Rebased and still no drone starting ???

@phil-davis
Copy link
Contributor

Drone is refusing to start from this branch/PR.
See PR #37154

@phil-davis phil-davis closed this Mar 21, 2020
@phil-davis phil-davis deleted the snyk-fix-9d3aa5dcdbd949667419e1baeee034e8 branch June 18, 2020 03:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants