[UNSAFE] build: update yarn.lock to fix audit output #481

up-up-and-away · 2023-12-03T15:07:59Z

We ran uuaw --audit and it resulted in a clean yarn audit.

Attempting to fix advisory: GHSA-wf5p-g6vw-rhxx - Axios Cross-Site Request Forgery Vulnerability
Scanning dependency chain:
     @docusaurus/preset-classic --> @docusaurus/theme-classic --> @docusaurus/theme-common --> @docusaurus/plugin-content-blog --> @docusaurus/core --> wait-on --> axios
[1/8] Trying from: axios@^0.25.0
    Resolving: axios@^0.25.0 --> 0.25.0
[1/8] Chain results in vulnerable version: axios@0.25.0
[2/8] Trying from: wait-on@^6.0.1
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[2/8] Chain results in vulnerable version: axios@0.25.0
[3/8] Trying from: @docusaurus/core@2.4.3
    Resolving: @docusaurus/core@2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[3/8] Chain results in vulnerable version: axios@0.25.0
[4/8] Trying from: @docusaurus/plugin-content-blog@2.4.3
    Resolving: @docusaurus/plugin-content-blog@2.4.3 --> 2.4.3
    Resolving: @docusaurus/core@2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[4/8] Chain results in vulnerable version: axios@0.25.0
[5/8] Trying from: @docusaurus/theme-common@2.4.3
    Resolving: @docusaurus/theme-common@2.4.3 --> 2.4.3
    Resolving: @docusaurus/plugin-content-blog@2.4.3 --> 2.4.3
    Resolving: @docusaurus/core@2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[5/8] Chain results in vulnerable version: axios@0.25.0
[6/8] Trying from: @docusaurus/theme-classic@2.4.3
    Resolving: @docusaurus/theme-classic@2.4.3 --> 2.4.3
    Resolving: @docusaurus/theme-common@2.4.3 --> 2.4.3
    Resolving: @docusaurus/plugin-content-blog@2.4.3 --> 2.4.3
    Resolving: @docusaurus/core@2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[6/8] Chain results in vulnerable version: axios@0.25.0
[7/8] Trying from: @docusaurus/preset-classic@^2.4.3
    Resolving: @docusaurus/preset-classic@^2.4.3 --> 2.4.3
    Resolving: @docusaurus/theme-classic@2.4.3 --> 2.4.3
    Resolving: @docusaurus/theme-common@2.4.3 --> 2.4.3
    Resolving: @docusaurus/plugin-content-blog@2.4.3 --> 2.4.3
    Resolving: @docusaurus/core@2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[7/8] Chain results in vulnerable version: axios@0.25.0
[8/8] [UNSAFE] Trying from: @docusaurus/preset-classic@^3.0.0
    Resolving: @docusaurus/preset-classic@^3.0.0 --> 3.1.0
    Resolving: @docusaurus/theme-classic@3.1.0 --> 3.1.0
    Resolving: @docusaurus/theme-common@3.1.0 --> 3.1.0
    Resolving: @docusaurus/plugin-content-blog@3.1.0 --> 3.1.0
    Resolving: @docusaurus/core@3.1.0 --> 3.1.0
[8/8] [UNSAFE] Updating chain to latest starting at: @docusaurus/preset-classic@^3.0.0 results in cutting the known chain
[8/8] [UNSAFE] Running yarn install now

Attempting to fix advisory: GHSA-wf5p-g6vw-rhxx - Axios Cross-Site Request Forgery Vulnerability
Scanning dependency chain:
     @docusaurus/plugin-google-analytics --> @docusaurus/core --> wait-on --> axios
[1/5] Trying from: axios@^0.25.0
    Resolving: axios@^0.25.0 --> 0.25.0
[1/5] Chain results in vulnerable version: axios@0.25.0
[2/5] Trying from: wait-on@^6.0.1
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[2/5] Chain results in vulnerable version: axios@0.25.0
[3/5] Trying from: @docusaurus/core@2.4.3
    Resolving: @docusaurus/core@2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[3/5] Chain results in vulnerable version: axios@0.25.0
[4/5] Trying from: @docusaurus/plugin-google-analytics@^2.4.3
    Resolving: @docusaurus/plugin-google-analytics@^2.4.3 --> 2.4.3
    Resolving: @docusaurus/core@2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[4/5] Chain results in vulnerable version: axios@0.25.0
[5/5] [UNSAFE] Trying from: @docusaurus/plugin-google-analytics@^3.0.0
    Resolving: @docusaurus/plugin-google-analytics@^3.0.0 --> 3.1.0
    Resolving: @docusaurus/core@3.1.0 --> 3.1.0
[5/5] [UNSAFE] Updating chain to latest starting at: @docusaurus/plugin-google-analytics@^3.0.0 results in cutting the known chain
[5/5] [UNSAFE] Running yarn install now

Attempting to fix advisory: GHSA-wf5p-g6vw-rhxx - Axios Cross-Site Request Forgery Vulnerability
Scanning dependency chain:
     @docusaurus/core --> wait-on --> axios
[1/4] Trying from: axios@^0.25.0
    Resolving: axios@^0.25.0 --> 0.25.0
[1/4] Chain results in vulnerable version: axios@0.25.0
[2/4] Trying from: wait-on@^6.0.1
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[2/4] Chain results in vulnerable version: axios@0.25.0
[3/4] Trying from: @docusaurus/core@^2.4.3
    Resolving: @docusaurus/core@^2.4.3 --> 2.4.3
    Resolving: wait-on@^6.0.1 --> 6.0.1
    Resolving: axios@^0.25.0 --> 0.25.0
[3/4] Chain results in vulnerable version: axios@0.25.0
[4/4] [UNSAFE] Trying from: @docusaurus/core@^3.0.0
    Resolving: @docusaurus/core@^3.0.0 --> 3.1.0
[4/4] [UNSAFE] Updating chain to latest starting at: @docusaurus/core@^3.0.0 results in cutting the known chain
[4/4] [UNSAFE] Running yarn install now

Audit is clean, looking good cap'n

dsanders11

❌

up-up-and-away bot requested a review from a team as a code owner December 3, 2023 15:08

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 3, 2023 15:08 Inactive

dsanders11 requested changes Dec 3, 2023

View reviewed changes

up-up-and-away bot force-pushed the auto-uuaw/root branch from 89aeeca to 68d7f37 Compare December 4, 2023 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 4, 2023 15:08 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 68d7f37 to 3be34b8 Compare December 5, 2023 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 5, 2023 15:07 Inactive

erikian marked this pull request as draft December 5, 2023 15:46

up-up-and-away bot force-pushed the auto-uuaw/root branch from 3be34b8 to ea91ce3 Compare December 7, 2023 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 7, 2023 15:07 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from ea91ce3 to da8bbbb Compare December 18, 2023 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 18, 2023 15:08 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from da8bbbb to 277926b Compare December 20, 2023 15:08

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 20, 2023 15:08 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 277926b to 46b3e66 Compare December 26, 2023 15:09

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 26, 2023 15:09 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 46b3e66 to 4acdd32 Compare December 27, 2023 15:08

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 27, 2023 15:08 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 4acdd32 to 003b6dd Compare December 28, 2023 15:06

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 28, 2023 15:07 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 003b6dd to 9ffa976 Compare December 29, 2023 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 December 29, 2023 15:07 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 9ffa976 to 131784a Compare January 2, 2024 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 January 2, 2024 15:07 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 131784a to fe77a3f Compare January 3, 2024 15:08

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 January 3, 2024 15:08 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from fe77a3f to 8056882 Compare January 6, 2024 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 January 6, 2024 15:07 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 8056882 to 0859d46 Compare January 9, 2024 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 January 9, 2024 15:07 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from 0859d46 to acf61ff Compare January 11, 2024 15:08

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 January 11, 2024 15:08 Inactive

up-up-and-away bot force-pushed the auto-uuaw/root branch from acf61ff to 9cfd5d7 Compare January 12, 2024 15:07

MarshallOfSound temporarily deployed to electronjsorg-new-pr-481 January 12, 2024 15:07 Inactive

build: ran uuaw to fix yarn audit output

d73799f

up-up-and-away bot force-pushed the auto-uuaw/root branch from 9cfd5d7 to d73799f Compare January 13, 2024 15:08

MarshallOfSound had a problem deploying to electronjsorg-new-pr-481 January 13, 2024 15:08 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[UNSAFE] build: update yarn.lock to fix audit output #481

[UNSAFE] build: update yarn.lock to fix audit output #481

up-up-and-away bot commented Dec 3, 2023 •

edited

dsanders11 left a comment

[UNSAFE] build: update yarn.lock to fix audit output #481

Are you sure you want to change the base?

[UNSAFE] build: update yarn.lock to fix audit output #481

Conversation

up-up-and-away bot commented Dec 3, 2023 • edited

dsanders11 left a comment

Choose a reason for hiding this comment

up-up-and-away bot commented Dec 3, 2023 •

edited