Fix npm vulnerability #1007
Merged
Fix npm vulnerability #1007
+3,612
−3,270
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Do we need to update all dependencies or just |
|
@vsvipul Suggested to update all |
vsvipul
approved these changes
Nov 30, 2022
aguschin
referenced
this pull request
in iterative/gto
Dec 21, 2022
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/cache](https://togithub.com/actions/cache) | action | minor | `v3.0.11` -> `v3.2.0` | --- ### Release Notes <details> <summary>actions/cache</summary> ### [`v3.2.0`](https://togithub.com/actions/cache/releases/tag/v3.2.0) [Compare Source](https://togithub.com/actions/cache/compare/v3.0.11...v3.2.0) ##### What's Changed - fix wrong timeout env var key in README.md by [@​walterddr](https://togithub.com/walterddr) in [https://github.com/actions/cache/pull/959](https://togithub.com/actions/cache/pull/959) - Updated release doc with correct env variable by [@​kotewar](https://togithub.com/kotewar) in [https://github.com/actions/cache/pull/960](https://togithub.com/actions/cache/pull/960) - Create pull_request_template.md by [@​pdotl](https://togithub.com/pdotl) in [https://github.com/actions/cache/pull/963](https://togithub.com/actions/cache/pull/963) - Update README with clearer info about cache-hit and its value by [@​kotewar](https://togithub.com/kotewar) in [https://github.com/actions/cache/pull/961](https://togithub.com/actions/cache/pull/961) - Change datadog/squid to Ubuntu/squid in CI check by [@​bishal-pdMSFT](https://togithub.com/bishal-pdMSFT) in [https://github.com/actions/cache/pull/976](https://togithub.com/actions/cache/pull/976) - Add more details to version section in readme by [@​bishal-pdMSFT](https://togithub.com/bishal-pdMSFT) in [https://github.com/actions/cache/pull/971](https://togithub.com/actions/cache/pull/971) - Update hashFiles documentation reference by [@​asaf400](https://togithub.com/asaf400) in [https://github.com/actions/cache/pull/979](https://togithub.com/actions/cache/pull/979) - Updated link for cache segment download info by [@​kotewar](https://togithub.com/kotewar) in [https://github.com/actions/cache/pull/986](https://togithub.com/actions/cache/pull/986) - Readme update for deleting caches by [@​t-dedah](https://togithub.com/t-dedah) in [https://github.com/actions/cache/pull/981](https://togithub.com/actions/cache/pull/981) - Add oncall logic to assign issues and PRs by [@​vsvipul](https://togithub.com/vsvipul) in [https://github.com/actions/cache/pull/997](https://togithub.com/actions/cache/pull/997) - Bump minimatch from 3.0.4 to 3.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/cache/pull/998](https://togithub.com/actions/cache/pull/998) - Revert "Bump minimatch from 3.0.4 to 3.1.2" by [@​vsvipul](https://togithub.com/vsvipul) in [https://github.com/actions/cache/pull/1005](https://togithub.com/actions/cache/pull/1005) - Fix npm vulnerability by [@​Phantsure](https://togithub.com/Phantsure) in [https://github.com/actions/cache/pull/1007](https://togithub.com/actions/cache/pull/1007) - refactor: Use early return pattern to avoid nested conditions by [@​jongwooo](https://togithub.com/jongwooo) in [https://github.com/actions/cache/pull/1013](https://togithub.com/actions/cache/pull/1013) - Use cache in check-dist.yml by [@​jongwooo](https://togithub.com/jongwooo) in [https://github.com/actions/cache/pull/1004](https://togithub.com/actions/cache/pull/1004) - chore: Use built-in cache action to cache dependencies by [@​jongwooo](https://togithub.com/jongwooo) in [https://github.com/actions/cache/pull/1014](https://togithub.com/actions/cache/pull/1014) - Updated node example by [@​t-dedah](https://togithub.com/t-dedah) in [https://github.com/actions/cache/pull/1008](https://togithub.com/actions/cache/pull/1008) - Fix: Node npm doc example by [@​apascualm](https://togithub.com/apascualm) in [https://github.com/actions/cache/pull/1026](https://togithub.com/actions/cache/pull/1026) - docs: fix an invalid link in workarounds.md by [@​teatimeguest](https://togithub.com/teatimeguest) in [https://github.com/actions/cache/pull/929](https://togithub.com/actions/cache/pull/929) - General Availability release for granular cache by [@​kotewar](https://togithub.com/kotewar) in [https://github.com/actions/cache/pull/1035](https://togithub.com/actions/cache/pull/1035) More details here on [beta](https://togithub.com/actions/cache/discussions/1020) release. ##### New Contributors - [@​walterddr](https://togithub.com/walterddr) made their first contribution in [https://github.com/actions/cache/pull/959](https://togithub.com/actions/cache/pull/959) - [@​asaf400](https://togithub.com/asaf400) made their first contribution in [https://github.com/actions/cache/pull/979](https://togithub.com/actions/cache/pull/979) - [@​jongwooo](https://togithub.com/jongwooo) made their first contribution in [https://github.com/actions/cache/pull/1013](https://togithub.com/actions/cache/pull/1013) - [@​apascualm](https://togithub.com/apascualm) made their first contribution in [https://github.com/actions/cache/pull/1026](https://togithub.com/actions/cache/pull/1026) - [@​teatimeguest](https://togithub.com/teatimeguest) made their first contribution in [https://github.com/actions/cache/pull/929](https://togithub.com/actions/cache/pull/929) **Full Changelog**: actions/cache@v3...v3.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/iterative/gto). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC42Ni4xIiwidXBkYXRlZEluVmVyIjoiMzQuNjYuMSJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
estahn
pushed a commit
to estahn/k8s-image-swapper
that referenced
this pull request
Jan 1, 2023
](https://renovatebot.com){kind=link}
## [1.4.0](v1.3.3...v1.4.0) (2023-01-01) ### 👷 Build System * **deps-dev:** Bump @semantic-release/changelog from 6.0.1 to 6.0.2 ([#404](#404)) ([ee56dbc](ee56dbc)), closes [#276](#276) [#276](#276) [#272](#272) [#275](#275) [#273](#273) [#274](#274) [#271](#271) [#270](#270) [#269](#269) [#268](#268) [#267](#267) ### 🎉 Features * add custom tags to created ECR repositories ([#191](#191)) ([9849df2](9849df2)) ### 📝 Documentation * fix indentation ([b00c57e](b00c57e)) ### ⬆️ Dependencies * **deps:** Bump actions/cache from 3.0.11 to 3.2.1 ([#417](#417)) ([7e7eb8f](7e7eb8f)), closes [actions/cache#1039](actions/cache#1039) [actions/cache#1023](actions/cache#1023) [actions/cache#959](actions/cache#959) [actions/cache#960](actions/cache#960) [actions/cache#963](actions/cache#963) [actions/cache#961](actions/cache#961) [actions/cache#976](actions/cache#976) [actions/cache#971](actions/cache#971) [actions/cache#979](actions/cache#979) [actions/cache#986](actions/cache#986) [actions/cache#981](actions/cache#981) [actions/cache#997](actions/cache#997) [actions/cache#998](actions/cache#998) [actions/cache#1005](actions/cache#1005) [actions/cache#1007](actions/cache#1007) [actions/cache#1013](actions/cache#1013) [actions/cache#1004](actions/cache#1004) [actions/cache#1014](actions/cache#1014) [actions/cache#1008](actions/cache#1008) [actions/cache#1026](actions/cache#1026) [actions/cache#929](actions/cache#929) [actions/cache#1035](actions/cache#1035) [actions/cache#959](actions/cache#959) [actions/cache#979](actions/cache#979) [actions/cache#1013](actions/cache#1013) [actions/cache#1026](actions/cache#1026) [actions/cache#929](actions/cache#929) [actions/cache#1006](actions/cache#1006) [#1023](https://github.com/estahn/k8s-image-swapper/issues/1023) [#1039](https://github.com/estahn/k8s-image-swapper/issues/1039) [#1035](https://github.com/estahn/k8s-image-swapper/issues/1035) [#929](https://github.com/estahn/k8s-image-swapper/issues/929) [#1026](https://github.com/estahn/k8s-image-swapper/issues/1026) [#1008](https://github.com/estahn/k8s-image-swapper/issues/1008) [#1014](https://github.com/estahn/k8s-image-swapper/issues/1014) [#1004](https://github.com/estahn/k8s-image-swapper/issues/1004) * **deps:** Bump actions/setup-python from 4.3.0 to 4.3.1 ([#406](#406)) ([16da762](16da762)), closes [actions/setup-python#559](actions/setup-python#559) [actions/setup-python#511](actions/setup-python#511) [actions/setup-python#558](actions/setup-python#558) [#559](#559) [#558](#558) [#549](#549) [#546](#546) [#545](#545) [#535](#535) [#510](#510) [#511](#511) [#520](#520) * **deps:** Bump actions/setup-python from 4.3.1 to 4.4.0 ([#418](#418)) ([77872f8](77872f8)), closes [actions/setup-python#566](actions/setup-python#566) [#567](#567) [#569](#569) [#566](#566) * **deps:** Bump github.com/aws/aws-sdk-go from 1.44.146 to 1.44.152 ([#403](#403)) ([9db51fd](9db51fd)), closes [#4652](https://github.com/estahn/k8s-image-swapper/issues/4652) [#4650](https://github.com/estahn/k8s-image-swapper/issues/4650) [#4648](https://github.com/estahn/k8s-image-swapper/issues/4648) [#4647](https://github.com/estahn/k8s-image-swapper/issues/4647) [#4646](https://github.com/estahn/k8s-image-swapper/issues/4646) [#4644](https://github.com/estahn/k8s-image-swapper/issues/4644) [#4639](https://github.com/estahn/k8s-image-swapper/issues/4639) * **deps:** Bump github.com/aws/aws-sdk-go from 1.44.152 to 1.44.157 ([#411](#411)) ([2188432](2188432)), closes [#4658](https://github.com/estahn/k8s-image-swapper/issues/4658) [#4657](https://github.com/estahn/k8s-image-swapper/issues/4657) [#4656](https://github.com/estahn/k8s-image-swapper/issues/4656) [#4654](https://github.com/estahn/k8s-image-swapper/issues/4654) [#4653](https://github.com/estahn/k8s-image-swapper/issues/4653) * **deps:** Bump github.com/aws/aws-sdk-go from 1.44.157 to 1.44.162 ([#415](#415)) ([f70fcd9](f70fcd9)), closes [#4666](https://github.com/estahn/k8s-image-swapper/issues/4666) [#4665](https://github.com/estahn/k8s-image-swapper/issues/4665) [#4663](https://github.com/estahn/k8s-image-swapper/issues/4663) [#4661](https://github.com/estahn/k8s-image-swapper/issues/4661) [#4660](https://github.com/estahn/k8s-image-swapper/issues/4660) * **deps:** Bump github.com/aws/aws-sdk-go from 1.44.162 to 1.44.167 ([#419](#419)) ([f8b91fe](f8b91fe)), closes [#4671](https://github.com/estahn/k8s-image-swapper/issues/4671) [#4670](https://github.com/estahn/k8s-image-swapper/issues/4670) [#4669](https://github.com/estahn/k8s-image-swapper/issues/4669) [#4668](https://github.com/estahn/k8s-image-swapper/issues/4668) [#4667](https://github.com/estahn/k8s-image-swapper/issues/4667) * **deps:** Bump github.com/gruntwork-io/terratest from 0.41.3 to 0.41.4 ([#402](#402)) ([16dde07](16dde07)), closes [#1208](https://github.com/estahn/k8s-image-swapper/issues/1208) * **deps:** Bump github.com/gruntwork-io/terratest from 0.41.4 to 0.41.6 ([#409](#409)) ([9fc87df](9fc87df)), closes [#1214](https://github.com/estahn/k8s-image-swapper/issues/1214) [#1198](https://github.com/estahn/k8s-image-swapper/issues/1198) * **deps:** Bump github.com/gruntwork-io/terratest from 0.41.6 to 0.41.7 ([#420](#420)) ([9ab97f2](9ab97f2)), closes [gruntwork-io/terratest#1217](gruntwork-io/terratest#1217) [#1217](https://github.com/estahn/k8s-image-swapper/issues/1217) * **deps:** Bump goreleaser/goreleaser-action from 3.1.0 to 4.1.0 ([#414](#414)) ([e963ba1](e963ba1)), closes [goreleaser/goreleaser-action#382](goreleaser/goreleaser-action#382) [goreleaser/goreleaser-action#366](goreleaser/goreleaser-action#366) [goreleaser/goreleaser-action#379](goreleaser/goreleaser-action#379) [goreleaser/goreleaser-action#383](goreleaser/goreleaser-action#383) [goreleaser/goreleaser-action#366](goreleaser/goreleaser-action#366) [goreleaser/goreleaser-action#379](goreleaser/goreleaser-action#379) [goreleaser/goreleaser-action#370](goreleaser/goreleaser-action#370) [#374](#374) [#372](#372) [#373](#373) [#383](#383) [#366](#366) [#382](#382) [#370](#370) * **deps:** Bump k8s.io/api from 0.25.4 to 0.26.0 ([#407](#407)) ([d13bf5e](d13bf5e)), closes [#111023](https://github.com/estahn/k8s-image-swapper/issues/111023) [#113375](https://github.com/estahn/k8s-image-swapper/issues/113375) [#113186](https://github.com/estahn/k8s-image-swapper/issues/113186) * **deps:** Bump k8s.io/client-go from 0.25.4 to 0.26.0 ([#410](#410)) ([bcc56b5](bcc56b5)), closes [#113797](https://github.com/estahn/k8s-image-swapper/issues/113797) [#111023](https://github.com/estahn/k8s-image-swapper/issues/111023) [#113826](https://github.com/estahn/k8s-image-swapper/issues/113826) [#113375](https://github.com/estahn/k8s-image-swapper/issues/113375)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
dependencies are updated to latest compatible version for minimatch vulnerability to go. Minimatch auto updated to 3.1.2.
Related PR: #998
Motivation and Context
How Has This Been Tested?
npm outdated:npm list minimatch:npm audit:found 0 vulnerabilitiesScreenshots (if appropriate):
Types of changes
Checklist: