[Snyk] Fix for 8 vulnerabilities (#132) #2494
Open
Dargon789 wants to merge 8 commits into
Open
Conversation
…updates (#71) Bumps the npm_and_yarn group with 2 updates in the / directory: [esbuild](https://github.com/evanw/esbuild) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /account-kit/plugingen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /doc-gen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /examples/ui-demo directory: [next](https://github.com/vercel/next.js). Updates `esbuild` from 0.20.2 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* Create config.yml (#54) Add a basic CircleCI configuration to define a 'say-hello' job and workflow CI: Add .circleci/config.yml with CircleCI version 2.1 configuration Define a 'say-hello' job using the cimg/base Docker image that checks out code and echoes a greeting Create a workflow 'say-hello-workflow' to run the 'say-hello' job Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 13: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* chore: remove arb nova (alchemyplatform#2464) * chore(release): publish v4.87.2 [skip-ci] * feat(v4): track key exports for migration visibility (alchemyplatform#2466) * Track key exports via /v1/track-key-export endpoint for observability * Use empty response type for track-key-export endpoint Success is implied by 200 status, matching existing patterns. * chore: update docs gen --------- * chore(release): publish v4.88.0 [skip-ci] * chore: bump next.js, minimatch, and lerna (alchemyplatform#2467) * fix: upgrade Next.js 14 → 15.5.15 to resolve high-severity DoS vulnerability (Dependabot alchemyplatform#361, alchemyplatform#362, alchemyplatform#363) * fix: bump minimatch to patched versions and upgrade lerna to v9 Upgrades lerna from v8 to v9 which brings in nx 22.x, eliminating pinned vulnerable minimatch versions. All transitive minimatch dependencies now resolve to patched releases. * chore: fmt --------- * chore(release): publish v4.88.1 [skip-ci] * docs: update v5 SDK reference docs for 5.0.0-beta.25 (alchemyplatform#2475) * docs: update v5 SDK reference docs for 5.0.0-beta.26 (alchemyplatform#2482) * fix: disallow more permission builder selectors (alchemyplatform#2485) Port v5 selector restrictions to v4 — block installValidation, uninstallValidation, installExecution, uninstallExecution, and upgradeToAndCall from being added to session key allowlists. Refactors individual checks into shared assertion helpers with case-insensitive matching. * chore(release): publish v4.88.2 [skip-ci] * docs: update v5 SDK reference docs for 5.0.0-beta.27 (alchemyplatform#2489) --------- Co-authored-by: jakehobbs <jacob.hobbs@alchemy.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Alchemy Bot <alchemy-bot@alchemy.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: gha-aa-sdk[bot] <269827238+gha-aa-sdk[bot]@users.noreply.github.com>
* fix: account-kit/rn-signer/example/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-15789759 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-15309438 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-15353389 - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-15789761 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-QS-15268416 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 * Update account-kit/rn-signer/example/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
CI: Delete the obsolete .circleci/config.yml to fully drop CircleCI workflow configuration from the project. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Dargon789
requested review from
0xfourzerofour,
Richard-Dang,
SahilAujla,
avarobinson,
blakecduncan,
clinder777,
dancoombs,
florrdv,
jakehobbs,
niveda-krish,
pavelm and
thebrianchen
as code owners
* build(deps): bump the npm_and_yarn group across 4 directories with 2 updates Bumps the npm_and_yarn group with 2 updates in the / directory: [esbuild](https://github.com/evanw/esbuild) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /account-kit/plugingen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /doc-gen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /examples/ui-demo directory: [next](https://github.com/vercel/next.js). Updates `esbuild` from 0.20.2 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Delete .circleci directory (#154) CI: Delete the .circleci/config.yml file to fully drop CircleCI workflow configuration. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
yarn test)sitefolder, and guidelines for updating/adding docs can be found in the contribution guide)feat!: breaking change)yarn lint:check) and fix any issues? (yarn lint:write)PR-Codex overview
This PR focuses on updating dependencies in
package.jsonfiles and modifying the GitHub Actions workflow for linting documentation.Detailed summary
esbuildversion from^0.20.1to^0.25.5inaccount-kit/plugingen/package.json.expressversion from^4.21.1to^4.22.0inaccount-kit/rn-signer/example/package.json.permissionssection withcontents: readin.github/workflows/on-pull-request.yml.