Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UNSAFE] build: update yarn.lock to fix audit output #1536

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

[UNSAFE] build: update yarn.lock to fix audit output #1536

wants to merge 1 commit into from

Conversation

up-up-and-away[bot]
Copy link
Contributor

@up-up-and-away up-up-and-away bot commented Jan 25, 2024
edited

We ran uuaw --audit and it resulted in a clean yarn audit.

Attempting to fix advisory: GHSA-p6mc-m468-83gw - Prototype Pollution in lodash
Scanning dependency chain:
     @octokit/rest --> lodash.set
[1/6] Trying from: lodash.set@^4.3.2
    Resolving: lodash.set@^4.3.2 --> 4.3.2
[1/6] Chain results in vulnerable version: lodash.set@4.3.2
[2/6] Trying from: @octokit/rest@^16.43.1
    Resolving: @octokit/rest@^16.43.1 --> 16.43.2
    Resolving: lodash.set@^4.3.2 --> 4.3.2
[2/6] Chain results in vulnerable version: lodash.set@4.3.2
[3/6] [UNSAFE] Trying from: @octokit/rest@^17.0.0
    Resolving: @octokit/rest@^17.0.0 --> 17.11.2
[3/6] [UNSAFE] Updating chain to latest starting at: @octokit/rest@^17.0.0 results in cutting the known chain
[3/6] [UNSAFE] Running yarn install now

Attempting to fix advisory: GHSA-f5x3-32g6-xq36 - Denial of service while parsing a tar file due to lack of folders count validation
Scanning dependency chain:
     @electron-forge/cli --> @electron-forge/core --> @electron-forge/template-vite --> @electron-forge/template-base --> @electron-forge/shared-types --> @electron/rebuild --> node-gyp --> make-fetch-happen --> cacache --> tar
[1/10] Trying from: tar@^6.1.11
    Resolving: tar@^6.1.11 --> 6.2.1
[1/10] Updating chain to latest starting at: tar@^6.1.11 results in a patched version: tar@6.2.1
[1/10] Running yarn install now

Attempting to fix advisory: GHSA-f5x3-32g6-xq36 - Denial of service while parsing a tar file due to lack of folders count validation
Scanning dependency chain:
     @electron-forge/cli --> @electron-forge/core --> @electron-forge/template-vite --> @electron-forge/template-base --> @electron-forge/shared-types --> @electron/rebuild --> node-gyp --> tar
[1/8] Trying from: tar@^6.1.2
    Resolving: tar@^6.1.2 --> 6.2.1
[1/8] Updating chain to latest starting at: tar@^6.1.2 results in a patched version: tar@6.2.1
[1/8] Running yarn install now

Attempting to fix advisory: GHSA-f5x3-32g6-xq36 - Denial of service while parsing a tar file due to lack of folders count validation
Scanning dependency chain:
     @electron-forge/cli --> @electron-forge/core --> @electron-forge/template-vite --> @electron-forge/template-base --> @electron-forge/shared-types --> @electron/rebuild --> tar
[1/7] Trying from: tar@^6.0.5
    Resolving: tar@^6.0.5 --> 6.2.1
[1/7] Updating chain to latest starting at: tar@^6.0.5 results in a patched version: tar@6.2.1
[1/7] Running yarn install now

Audit is clean, looking good cap'n

@up-up-and-away up-up-and-away bot requested review from codebytere and a team as code owners January 25, 2024 15:01
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 4 times, most recently from ccd7b35 to d274b2f Compare February 1, 2024 15:01
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 2 times, most recently from 065bf01 to cd7a5a9 Compare February 7, 2024 15:01
@dsanders11 dsanders11 marked this pull request as draft February 7, 2024 18:36
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 4 times, most recently from 59bc7fe to 10e71dd Compare February 15, 2024 15:02
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 3 times, most recently from 1efd339 to 938671e Compare February 26, 2024 15:03
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 6 times, most recently from 5442bdd to 9da8328 Compare March 5, 2024 15:03
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 7 times, most recently from 76333fd to d8cb9fe Compare March 17, 2024 15:01
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 5 times, most recently from cf06622 to 1486eb5 Compare March 26, 2024 15:03
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 2 times, most recently from 4ae1952 to 032bea4 Compare March 29, 2024 15:02
@up-up-and-away up-up-and-away bot force-pushed the auto-uuaw/root branch 2 times, most recently from 2e035b6 to a7b8662 Compare April 7, 2024 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codebytere codebytere Awaiting requested review from codebytere codebytere is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants