Snyk upgrade f3045ebd27d2663e76be4d021444556e#1085
Open
Wbaker7702 wants to merge 92 commits into
Open
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
…d611e13c50 [Snyk] Fix for 8 vulnerabilities
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAP-7640980 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAP-7640987
…8e928ebb25 [Snyk] Security upgrade bootstrap from 4.6.2 to 5.0.0
…rmer-service/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-TAR-6476909 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
…731180718e [Snyk] Security upgrade enketo-transformer from 2.3.0 to 3.0.0
Snyk has created this PR to upgrade react-bootstrap from 1.3.0 to 1.6.8. See this package in yarn: react-bootstrap See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade core-js from 3.25.1 to 3.45.1. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @babel/plugin-proposal-decorators from 7.19.0 to 7.28.0. See this package in yarn: @babel/plugin-proposal-decorators See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @babel/preset-react from 7.18.6 to 7.27.1. See this package in yarn: @babel/preset-react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @babel/helper-string-parser from 7.18.10 to 7.27.1. See this package in yarn: @babel/helper-string-parser See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade react-bootstrap from 1.3.0 to 1.6.8. See this package in yarn: react-bootstrap See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr
…6c5bc70b9f872c7 [Snyk] Upgrade react-bootstrap from 1.3.0 to 1.6.8
…d07172df422773c [Snyk] Upgrade @babel/helper-string-parser from 7.18.10 to 7.27.1
…870ae797a06641a [Snyk] Upgrade @babel/preset-react from 7.18.6 to 7.27.1
Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
…eb007a9218cf7be [Snyk] Upgrade @babel/plugin-proposal-decorators from 7.19.0 to 7.28.0
…e5314e5c10c2c6c [Snyk] Upgrade core-js from 3.25.1 to 3.45.1
Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
…ng unencrypted communication channel Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 29: Dependency download using unencrypted communication channel
…on character escape Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 2: Useless regular-expression character escape
…ession for hostnames Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 23: Incomplete regular expression for hostnames
…ensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Potential fix for code scanning alert no. 24: Clear-text storage of sensitive information
…as HTML (#122) Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…as HTML (#123) Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…as HTML (#124) Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…as HTML (#125) Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…as HTML (#126) Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 7.0.39 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.31) Updates `@xmldom/xmldom` from 0.7.6 to 0.7.7 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.7.6...0.7.7) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.4.31 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@xmldom/xmldom" dependency-version: 0.7.7 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
…as HTML (#129) Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Snyk has created this PR to upgrade moment from 2.29.4 to 2.30.1. See this package in yarn: moment See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
…7.21.0 (#134) Snyk has created this PR to upgrade @babel/plugin-proposal-optional-chaining from 7.18.9 to 7.21.0. See this package in yarn: @babel/plugin-proposal-optional-chaining See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
* fix: upgrade mobx from 5.15.6 to 5.15.7 Snyk has created this PR to upgrade mobx from 5.15.6 to 5.15.7. See this package in yarn: mobx See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * Update package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Snyk has created this PR to upgrade react_ujs from 2.6.1 to 2.7.1. See this package in yarn: react_ujs See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Avoid db:setup and db:test:prepare which can fail on pending migrations; instead drop/create, schema:load, then migrate to bring the test database up to date. Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: upgrade postcss from 8.4.31 to 8.5.6 Snyk has created this PR to upgrade postcss from 8.4.31 to 8.5.6. See this package in yarn: postcss See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * main --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
…as HTML (#140) Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 * fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAP-7640980 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAP-7640987 * fix: lib/enketo-transformer-service/package.json & lib/enketo-transformer-service/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-TAR-6476909 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 * fix: upgrade enketo-transformer from 3.0.0 to 3.0.1 Snyk has created this PR to upgrade enketo-transformer from 3.0.0 to 3.0.1. See this package in yarn: enketo-transformer See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/5365759b-d209-456c-9448-7fda2875ba19?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade multiple dependencies with Snyk Snyk has created this PR to upgrade: - @babel/core from 7.19.0 to 7.25.2. See this package in yarn: - @babel/plugin-proposal-decorators from 7.19.0 to 7.24.7. See this package in yarn: - @babel/plugin-proposal-object-rest-spread from 7.18.9 to 7.20.7. See this package in yarn: - @babel/plugin-proposal-optional-chaining from 7.18.9 to 7.21.0. See this package in yarn: - @babel/plugin-transform-runtime from 7.18.10 to 7.24.7. See this package in yarn: - @babel/preset-env from 7.19.0 to 7.25.3. See this package in yarn: - @babel/preset-react from 7.18.6 to 7.24.7. See this package in yarn: - @babel/runtime from 7.19.0 to 7.25.0. See this package in yarn: See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade core-js from 3.25.1 to 3.38.0 Snyk has created this PR to upgrade core-js from 3.25.1 to 3.38.0. See this package in yarn: core-js See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @sentry/tracing from 6.16.1 to 6.19.7 Snyk has created this PR to upgrade @sentry/tracing from 6.16.1 to 6.19.7. See this package in yarn: @sentry/tracing See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade react-bootstrap from 1.3.0 to 1.6.8 Snyk has created this PR to upgrade react-bootstrap from 1.3.0 to 1.6.8. See this package in yarn: react-bootstrap See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @sentry/react from 6.16.1 to 6.19.7 Snyk has created this PR to upgrade @sentry/react from 6.16.1 to 6.19.7. See this package in yarn: @sentry/react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade css-loader from 5.0.0 to 5.2.7 Snyk has created this PR to upgrade css-loader from 5.0.0 to 5.2.7. See this package in yarn: css-loader See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @babel/helper-string-parser from 7.18.10 to 7.24.8 Snyk has created this PR to upgrade @babel/helper-string-parser from 7.18.10 to 7.24.8. See this package in yarn: @babel/helper-string-parser See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade query-string from 6.13.1 to 6.14.1 Snyk has created this PR to upgrade query-string from 6.13.1 to 6.14.1. See this package in yarn: query-string See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade react_ujs from 2.6.1 to 2.7.1 Snyk has created this PR to upgrade react_ujs from 2.6.1 to 2.7.1. See this package in yarn: react_ujs See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade enketo-core from 6.1.2 to 6.1.7 Snyk has created this PR to upgrade enketo-core from 6.1.2 to 6.1.7. See this package in yarn: enketo-core See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade regenerator-runtime from 0.13.9 to 0.14.0 Snyk has created this PR to upgrade regenerator-runtime from 0.13.9 to 0.14.0. See this package in yarn: regenerator-runtime See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade react from 16.13.0 to 16.14.0 Snyk has created this PR to upgrade react from 16.13.0 to 16.14.0. See this package in yarn: react See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade moment from 2.29.4 to 2.30.1 Snyk has created this PR to upgrade moment from 2.29.4 to 2.30.1. See this package in yarn: moment See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @rails/webpacker from 5.4.3 to 5.4.4 Snyk has created this PR to upgrade @rails/webpacker from 5.4.3 to 5.4.4. See this package in yarn: @rails/webpacker See this project in Snyk: https://app.snyk.io/org/wbaker7702/project/7b5dd519-a5aa-402d-8871-c767616f1940?utm_source=github&utm_medium=referral&page=upgrade-pr * Update Gemfile Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> * Initial plan (#145) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Wes <93578022+Wbaker7702@users.noreply.github.com> --------- Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
* Initial plan * Fix JSON syntax error in package.json Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
This change updates the Broadcast spec to use `instance_double` instead of `double` for mailer expectations, improving test accuracy and clarity. Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Wes <93578022+Wbaker7702@users.noreply.github.com>
* Initial plan * Remove duplicate bootstrap gem declaration Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Wbaker7702 <93578022+Wbaker7702@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.