Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New dependencies #23

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

New dependencies #23

wants to merge 2 commits into from

Conversation

ethomson
Copy link
Owner

No description provided.

@stacklok-cloud Stacklok Cloud
Copy link

Minder Vulnerability Report ⚠️

Minder found vulnerable dependencies in this PR. Either push an updated version or accept the proposed changes. Note that accepting the changes will include Minder as a co-author of this PR.

Vulnerability scan of f265c2eb:

  • 🐞 vulnerable packages: 2
  • 🛠 fixes available for: 2
Package Version #Vulnerabilities #Fixes Patch
micromatch 4.0.5 1 1 4.0.8
micromatch 4.0.5 1 1 4.0.8

Summary of vulnerabilities found

Minder found the following vulnerabilities in this PR:
Ecosystem Name Version Vulnerability ID Summary Introduced Fixed
npm micromatch 4.0.5 GHSA-952p-6rrq-rcjv Regular Expression Denial of Service (ReDoS) in micromatch 0 4.0.8
npm micromatch 4.0.5 GHSA-952p-6rrq-rcjv Regular Expression Denial of Service (ReDoS) in micromatch 0 4.0.8

stacklok-cloud[bot]
stacklok-cloud bot requested changes Sep 24, 2024
View reviewed changes
package-lock.json
Comment on lines +1914 to +1919
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
"node_modules/micromatch": {
"version": "4.0.5",
4.0.5
"version": "4.0.8",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
"integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",

package-lock.json
Comment on lines +1914 to +1919
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"dependencies": {
"braces": "^3.0.2",
"picomatch": "^2.3.1"
"node_modules/micromatch": {
"version": "4.0.5",
4.0.5
"version": "4.0.8",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
"integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",

@stacklok-cloud Stacklok Cloud
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: ethomson

Trusty Score: 3.4

Scoring details
Component Score
User activity 6.1
Repository activity 0.7
From activity
Package activity 3.4
Provenance 5
Malicious false
Trust-summary 2.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stacklok-cloud stacklok-cloud[bot] stacklok-cloud[bot] requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ethomson