Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security updates #3821

Closed
wants to merge 50 commits into from
Closed

security updates #3821

wants to merge 50 commits into from

Commits on Mar 13, 2024

  1. fix: package.json & package-lock.json to reduce vulnerabilities 

    The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
    @snyk-bot
    snyk-bot committed Mar 13, 2024
    Configuration menu
    Copy the full SHA
    1dcc814 View commit details
    Browse the repository at this point in the history

  2. fix: requirements.txt to reduce vulnerabilities 

    The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PLATFORMIO-5665553
- https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-3319937
- https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-5538332
    @snyk-bot
    snyk-bot committed Mar 13, 2024
    Configuration menu
    Copy the full SHA
    dbf4c2d View commit details
    Browse the repository at this point in the history

  3. fix: requirements.txt to reduce vulnerabilities 

    The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PLATFORMIO-5665553
- https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-3319937
- https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-5538332
    @snyk-bot
    snyk-bot committed Mar 13, 2024
    Configuration menu
    Copy the full SHA
    f1b5e58 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #7 from farmmanic/snyk-fix-a554f4dfc933685c1705054… 

    …cc5b849cb

[Snyk] Fix for 3 vulnerabilities
    @farmmanic
    farmmanic authored Mar 13, 2024
    Configuration menu
    Copy the full SHA
    9363c38 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #6 from farmmanic/snyk-fix-6a094088d7600a35c7d67d2… 

    …918675684

[Snyk] Fix for 3 vulnerabilities
    @farmmanic
    farmmanic authored Mar 13, 2024
    Configuration menu
    Copy the full SHA
    8db9c26 View commit details
    Browse the repository at this point in the history

  6. Merge pull request #5 from farmmanic/snyk-fix-25d5369d9ec3c0121917bb6… 

    …07561121c

[Snyk] Security upgrade nodemon from 2.0.20 to 3.0.0
    @farmmanic
    farmmanic authored Mar 13, 2024
    Configuration menu
    Copy the full SHA
    25b27a8 View commit details
    Browse the repository at this point in the history

Commits on Mar 14, 2024

  1. fix: upgrade nodemon from 3.0.0 to 3.0.3 

    Snyk has created this PR to upgrade nodemon from 3.0.0 to 3.0.3.

See this package in npm:
https://www.npmjs.com/package/nodemon

See this project in Snyk:
https://app.snyk.io/org/farmmanic/project/1cc176a7-ec8b-4b8c-b8fc-6c54d89879b0?utm_source=github&utm_medium=referral&page=upgrade-pr
    @snyk-bot
    snyk-bot committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    06f4dcf View commit details
    Browse the repository at this point in the history

  2. fix: upgrade clean-css from 4.2.3 to 4.2.4 

    Snyk has created this PR to upgrade clean-css from 4.2.3 to 4.2.4.

See this package in npm:
https://www.npmjs.com/package/clean-css

See this project in Snyk:
https://app.snyk.io/org/farmmanic/project/1cc176a7-ec8b-4b8c-b8fc-6c54d89879b0?utm_source=github&utm_medium=referral&page=upgrade-pr
    @snyk-bot
    snyk-bot committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    9bceedc View commit details
    Browse the repository at this point in the history

  3. Merge branch 'Aircoookie:main' into main

    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    78075f5 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #9 from farmmanic/snyk-upgrade-f11fcb522e319bf3391… 

    …2842452404294

[Snyk] Upgrade clean-css from 4.2.3 to 4.2.4
    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    312a8c4 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #8 from farmmanic/snyk-upgrade-6d4e037bb4af4d4787b… 

    …22360363e04e9

[Snyk] Upgrade nodemon from 3.0.0 to 3.0.3
    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    f0091f7 View commit details
    Browse the repository at this point in the history

  6. Create crunch42.yml

    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    5dd936b View commit details
    Browse the repository at this point in the history

  7. Update crunch42.yml

    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    89aa126 View commit details
    Browse the repository at this point in the history

  8. Update crunch42.yml

    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    34b08dd View commit details
    Browse the repository at this point in the history

  9. Rename crunch42.yml to crunch42.yml>>dropped

    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    f0ab550 View commit details
    Browse the repository at this point in the history

  10. Create snyk-security.yml

    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    e8ac13e View commit details
    Browse the repository at this point in the history

  11. Update snyk-security.yml

    @farmmanic
    farmmanic authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    a051527 View commit details
    Browse the repository at this point in the history

Commits on Mar 15, 2024

  1. Create bandit.yml

    @farmmanic
    farmmanic authored Mar 15, 2024
    Configuration menu
    Copy the full SHA
    d2fe5c3 View commit details
    Browse the repository at this point in the history

  2. Create checkmarx-one.yml

    @farmmanic
    farmmanic authored Mar 15, 2024
    Configuration menu
    Copy the full SHA
    8e93aae View commit details
    Browse the repository at this point in the history

  3. Create pylint.yml

    @farmmanic
    farmmanic authored Mar 15, 2024
    Configuration menu
    Copy the full SHA
    8750830 View commit details
    Browse the repository at this point in the history

  4. Create label.yml

    @farmmanic
    farmmanic authored Mar 15, 2024
    Configuration menu
    Copy the full SHA
    a56676a View commit details
    Browse the repository at this point in the history

Commits on Mar 18, 2024

  1. Merge branch 'Aircoookie:main' into main

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    ac4ce47 View commit details
    Browse the repository at this point in the history

  2. Update snyk-security.yml 

    edited snyk-security.yml
    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    2506cd1 View commit details
    Browse the repository at this point in the history

  3. Update .gitignore

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    e6e9806 View commit details
    Browse the repository at this point in the history

  4. Bump json-schema and jsprim 

    Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together.

Updates `json-schema` from 0.2.3 to 0.4.0
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `jsprim` from 1.4.1 to 1.4.2
- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)
- [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
- dependency-name: jsprim
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    1d5d681 View commit details
    Browse the repository at this point in the history

  5. Rename label.yml to labeler.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    5723d61 View commit details
    Browse the repository at this point in the history

  6. Rename snyk-security.yml to snyk-security.yml>dropped

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    396589c View commit details
    Browse the repository at this point in the history

  7. Rename checkmarx-one.yml to checkmarx-one.yml>dropped

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    02a345a View commit details
    Browse the repository at this point in the history

  8. Rename pylint.yml to pylint.yml>dropped

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    5b64832 View commit details
    Browse the repository at this point in the history

  9. Merge pull request #11 from farmmanic/dependabot/npm_and_yarn/json-sc… 

    …hema-and-jsprim-0.4.0

Bump json-schema and jsprim
    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    2da53f7 View commit details
    Browse the repository at this point in the history

  10. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    ad248fd View commit details
    Browse the repository at this point in the history

  11. Update requirements.txt

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    a80e478 View commit details
    Browse the repository at this point in the history

  12. Update requirements.txt

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    c92c171 View commit details
    Browse the repository at this point in the history

  13. Create labeler.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    8b5a2fb View commit details
    Browse the repository at this point in the history

  14. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    1c82d7d View commit details
    Browse the repository at this point in the history

  15. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    6bb1c36 View commit details
    Browse the repository at this point in the history

  16. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    8cf1c65 View commit details
    Browse the repository at this point in the history

  17. Update requirements.txt

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    6f474a4 View commit details
    Browse the repository at this point in the history

  18. fix: requirements.txt to reduce vulnerabilities 

    The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PLATFORMIO-5665553
- https://snyk.io/vuln/SNYK-PYTHON-STARLETTE-3319937
    @snyk-bot
    snyk-bot committed Mar 18, 2024
    Configuration menu
    Copy the full SHA
    94e972f View commit details
    Browse the repository at this point in the history

  19. Merge pull request #13 from farmmanic/snyk-fix-50b9a2eff1f58094bd620c… 

    …9e72108c6c

[Snyk] Fix for 2 vulnerabilities
    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    d4c7c90 View commit details
    Browse the repository at this point in the history

  20. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    ff6bed6 View commit details
    Browse the repository at this point in the history

  21. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    ec6bc06 View commit details
    Browse the repository at this point in the history

  22. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    1c7809a View commit details
    Browse the repository at this point in the history

  23. Delete requirements.txt

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    6185a3c View commit details
    Browse the repository at this point in the history

  24. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    f2ed34f View commit details
    Browse the repository at this point in the history

  25. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    4dd73b2 View commit details
    Browse the repository at this point in the history

  26. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    8d90d48 View commit details
    Browse the repository at this point in the history

  27. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    21978da View commit details
    Browse the repository at this point in the history

  28. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    2e2f2e2 View commit details
    Browse the repository at this point in the history

  29. Update wled-ci.yml

    @farmmanic
    farmmanic authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    16fdb8a View commit details
    Browse the repository at this point in the history