Skip to content

chore(deps): Security upgrade plist from 3.0.1 to 3.0.4#20267

Merged
flotwig merged 4 commits into
developfrom
snyk-fix-08c841e64bfe45b1b49a9ec70996debe
Feb 23, 2022
Merged

chore(deps): Security upgrade plist from 3.0.1 to 3.0.4#20267
flotwig merged 4 commits into
developfrom
snyk-fix-08c841e64bfe45b1b49a9ec70996debe

Conversation

@snyk-bot
Copy link
Copy Markdown
Contributor

@snyk-bot snyk-bot commented Feb 18, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/launcher/package.json
⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Prototype Pollution
SNYK-JS-PLIST-2405644		 No Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot snyk-bot requested a review from a team as a code owner February 18, 2022 16:34
@snyk-bot snyk-bot requested review from jennifer-shehane and removed request for a team February 18, 2022 16:34
@cypress-bot
Copy link
Copy Markdown
Contributor

cypress-bot Bot commented Feb 18, 2022

Thanks for taking the time to open a PR!

jennifer-shehane
jennifer-shehane previously approved these changes Feb 18, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@jennifer-shehane jennifer-shehane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine, just some dependency updates and security fix: https://github.com/TooTallNate/plist.js/blob/master/History.md

@cypress
Copy link
Copy Markdown

cypress Bot commented Feb 18, 2022
edited
Loading


Test summary

19278 0 218 0Flakiness 1

Run details
Project cypress
Status Passed
Commit 47d3605
Started Feb 22, 2022 10:50 PM
Ended Feb 22, 2022 11:02 PM
Duration 11:31 💡
OS Linux Debian - 10.10
Browser Multiple

View run in Cypress Dashboard ➡️

Flakiness

cypress/integration/settings_spec.js Flakiness
1 Settings > file preference panel > loads preferred editor, available editors and shows spinner

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

@emilyrohrbough emilyrohrbough changed the title [Snyk] Security upgrade plist from 3.0.1 to 3.0.4 chore: Security upgrade plist from 3.0.1 to 3.0.4 Feb 22, 2022
@emilyrohrbough emilyrohrbough changed the title chore: Security upgrade plist from 3.0.1 to 3.0.4 deps: Security upgrade plist from 3.0.1 to 3.0.4 Feb 22, 2022
@emilyrohrbough emilyrohrbough changed the title deps: Security upgrade plist from 3.0.1 to 3.0.4 chore(deps): Security upgrade plist from 3.0.1 to 3.0.4 Feb 23, 2022
@flotwig flotwig merged commit 8e365bc into develop Feb 23, 2022
@flotwig flotwig deleted the snyk-fix-08c841e64bfe45b1b49a9ec70996debe branch February 23, 2022 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emilyrohrbough emilyrohrbough emilyrohrbough approved these changes

@jennifer-shehane jennifer-shehane jennifer-shehane left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@snyk-bot @jennifer-shehane @emilyrohrbough @flotwig