X Tutup
Skip to content

[Snyk] Security upgrade minimist from 1.2.2 to 1.2.3#37138

Closed
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-9d3aa5dcdbd949667419e1baeee034e8
Closed

[Snyk] Security upgrade minimist from 1.2.2 to 1.2.3#37138
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-9d3aa5dcdbd949667419e1baeee034e8

Conversation

@snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Mar 19, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • build/package.json
⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		 No Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@CLAassistant
Copy link

CLAassistant commented Mar 19, 2020

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@phil-davis
Copy link
Contributor

phil-davis commented Mar 19, 2020
edited
Loading

drone has not started. There are PRs in docs with the same problem.
I added a changelog, squashed and force-pushed - still no drone starting.
I made a test PR #37139 and drone starts fine on that.
???

And the CLAassistant is too stupid to understand that this PR is by a bot - the bot is not a legal entity that can "sign" a CLA.

@phil-davis phil-davis self-assigned this Mar 19, 2020
@phil-davis phil-davis force-pushed the snyk-fix-9d3aa5dcdbd949667419e1baeee034e8 branch 2 times, most recently from 9792ff4 to d89c154 Compare March 19, 2020 02:33
@owncloud owncloud deleted a comment from update-docs bot Mar 19, 2020
@phil-davis phil-davis force-pushed the snyk-fix-9d3aa5dcdbd949667419e1baeee034e8 branch from d89c154 to d89de92 Compare March 20, 2020 16:24
@phil-davis
Copy link
Contributor

phil-davis commented Mar 20, 2020

Rebased and still no drone starting ???

@phil-davis phil-davis force-pushed the snyk-fix-9d3aa5dcdbd949667419e1baeee034e8 branch from d89de92 to 340b6a9 Compare March 21, 2020 10:55
@phil-davis phil-davis mentioned this pull request Mar 21, 2020
Merged
11 tasks
@phil-davis
Copy link
Contributor

phil-davis commented Mar 21, 2020

Drone is refusing to start from this branch/PR.
See PR #37154

@phil-davis phil-davis closed this Mar 21, 2020
@davitol davitol mentioned this pull request Mar 31, 2020
Closed
43 tasks
@phil-davis phil-davis mentioned this pull request Apr 4, 2020
Merged
11 tasks
@phil-davis phil-davis deleted the snyk-fix-9d3aa5dcdbd949667419e1baeee034e8 branch June 18, 2020 03:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phil-davis phil-davis phil-davis approved these changes

Assignees

@phil-davis phil-davis

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@snyk-bot @CLAassistant @phil-davis
X Tutup