Dependabot/npm and yarn/npm and yarn f3562b46b9#1084
Open
Wbaker7702 wants to merge 126 commits into
Open
Conversation
Snyk has created this PR to upgrade core-js from 3.25.1 to 3.45.1. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @babel/plugin-proposal-decorators from 7.19.0 to 7.28.0. See this package in yarn: @babel/plugin-proposal-decorators See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @babel/preset-react from 7.18.6 to 7.27.1. See this package in yarn: @babel/preset-react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @babel/helper-string-parser from 7.18.10 to 7.27.1. See this package in yarn: @babel/helper-string-parser See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade react-bootstrap from 1.3.0 to 1.6.8. See this package in yarn: react-bootstrap See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
…6c5bc70b9f872c7 [Snyk] Upgrade react-bootstrap from 1.3.0 to 1.6.8
…d07172df422773c [Snyk] Upgrade @babel/helper-string-parser from 7.18.10 to 7.27.1
…870ae797a06641a [Snyk] Upgrade @babel/preset-react from 7.18.6 to 7.27.1
Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
…eb007a9218cf7be [Snyk] Upgrade @babel/plugin-proposal-decorators from 7.19.0 to 7.28.0
…e5314e5c10c2c6c [Snyk] Upgrade core-js from 3.25.1 to 3.45.1
Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
…ng unencrypted communication channel Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 29: Dependency download using unencrypted communication channel
…on character escape Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 2: Useless regular-expression character escape
…ession for hostnames Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 23: Incomplete regular expression for hostnames
…ensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 24: Clear-text storage of sensitive information
…d or disabled Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 19: CSRF protection weakened or disabled
…as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 15: DOM text reinterpreted as HTML
…in permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 28: Workflow does not contain permissions
…ar expression range Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
…lidation - Add RSpec tests for AI validation models (rule and result) - Add RSpec tests for AI validation controller/requests - Add RSpec tests for AI providers service with mocking - Add factories for AI validation rules and results - Enhance ValidationResults React component with filtering and sorting - Add RealTimeValidation React component for live feedback - Integrate validation status into response views with inline display - Add validation status partial for response forms - Update locale translations for new UI elements - Add comprehensive test coverage for all AI validation features
Snyk has created this PR to upgrade @rails/webpacker from 5.4.3 to 5.4.4. See this package in yarn: @rails/webpacker See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Snyk has created this PR to upgrade mobx-react from 5.4.3 to 5.4.4. See this package in yarn: mobx-react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
* fix: upgrade style-loader from 1.2.1 to 1.3.0 Snyk has created this PR to upgrade style-loader from 1.2.1 to 1.3.0. See this package in yarn: style-loader See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * Update package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Snyk has created this PR to upgrade core-js from 3.45.1 to 3.46.0. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Snyk has created this PR to upgrade prop-types from 15.8.0 to 15.8.1. See this package in yarn: prop-types See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
…159) * Initial plan * Add build and deploy GitHub Actions workflow - Create comprehensive build-deploy.yml workflow - Build application with Ruby and Node.js dependencies - Compile production assets with Webpack/Shakapacker - Build and push Docker images to GitHub Container Registry - Run security scans with Trivy - Deploy to staging (develop branch) and production (main branch) - Support manual deployment via workflow_dispatch - Generate SBOM and archive artifacts - Add CI/CD pipeline documentation - Add quick deployment guide - Update README with CI/CD information Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com> * Add GitHub Actions badges and implementation summary - Add build and deploy status badges to README - Add test workflow badge to README - Create comprehensive BUILD_AND_DEPLOY_SUMMARY.md - Document all features and implementation details Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com> * Fix code review issues in workflow and docs - Remove unused image-tag output from build job - Fix SBOM generation to use specific image reference - Fix line continuation in metadata tags - Fix broken documentation links - Ensure consistent link format in documentation Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com> * Add final implementation summary - Create comprehensive final summary document - Document all features and validation - List next steps for production use - Confirm security and quality checks passed Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com>
* Refactor: Rename render_tags to render_tag_badges and clean up migrations Co-authored-by: wbaker7702 <wbaker7702@mail.kvcc.edu> * Update app/models/notification.rb Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Snyk has created this PR to upgrade cheerio from 1.0.0-rc.12 to 1.1.2. See this package in yarn: cheerio See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
* fix: upgrade core-js from 3.45.1 to 3.46.0 Snyk has created this PR to upgrade core-js from 3.45.1 to 3.46.0. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * Initial plan (#164) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Snyk has created this PR to upgrade core-js from 3.45.1 to 3.46.0. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
* fix: upgrade webpack-assets-manifest from 6.3.0 to 6.4.0 Snyk has created this PR to upgrade webpack-assets-manifest from 6.3.0 to 6.4.0. See this package in yarn: webpack-assets-manifest See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * Update package.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Snyk has created this PR to upgrade @babel/preset-react from 7.27.1 to 7.28.5. See this package in yarn: @babel/preset-react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
#166) Bumps the npm_and_yarn group with 1 update in the / directory: [express](https://github.com/expressjs/express). Updates `express` from 4.21.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) --- updated-dependencies: - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Snyk has created this PR to upgrade @babel/preset-react from 7.27.1 to 7.28.5. See this package in yarn: @babel/preset-react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Snyk has created this PR to upgrade core-js from 3.45.1 to 3.47.0. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
* fix: upgrade webpack from 5.102.1 to 5.103.0 Snyk has created this PR to upgrade webpack from 5.102.1 to 5.103.0. See this package in yarn: webpack See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * Update package.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…173) Bumps the bundler group with 1 update in the / directory: [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby). Updates `aws-sdk-s3` from 1.196.1 to 1.208.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-version: 1.208.0 dependency-type: direct:production dependency-group: bundler ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit refactors AI validation logic, adds security gems like brakeman and bundler-audit, and cleans up controller code. Co-authored-by: Cursor Agent <cursoragent@cursor.com>
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SHAKAPACKER-14912582 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
- Update Content Security Policy to enforce policy instead of report-only - Add strict security headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy) in application configuration - Configure HSTS with preload, subdomains, and 1-year expiry in production - Enhance Login UI with improved layout, placeholders, and security indicators Co-authored-by: Cursor Agent <cursoragent@cursor.com>
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-SHAKAPACKER-14912603 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
…#179) Bumps the npm_and_yarn group with 1 update in the / directory: [undici](https://github.com/nodejs/undici). Updates `undici` from 7.16.0 to 7.18.2 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.16.0...v7.18.2) --- updated-dependencies: - dependency-name: undici dependency-version: 7.18.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
* fix: upgrade @babel/preset-react from 7.27.1 to 7.28.5 Snyk has created this PR to upgrade @babel/preset-react from 7.27.1 to 7.28.5. See this package in yarn: @babel/preset-react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * Update package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Snyk has created this PR to upgrade core-js from 3.45.1 to 3.47.0. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Bumps the npm_and_yarn group with 1 update in the / directory: [lodash](https://github.com/lodash/lodash). Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.