Skip to content

[Snyk] Security upgrade aegir from 37.12.1 to 40.0.4#154

Open
adamlaska wants to merge 1 commit into
masterfrom
snyk-fix-e7c3ff0b3a9e304e7ba49515e7b9b8de
Open

[Snyk] Security upgrade aegir from 37.12.1 to 40.0.4#154
adamlaska wants to merge 1 commit into
masterfrom
snyk-fix-e7c3ff0b3a9e304e7ba49515e7b9b8de

Conversation

@adamlaska

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/ipfs-core-utils/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: aegir The new version differs by 79 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@socket-security

Copy link
Copy Markdown

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
aegir 40.0.13 environment +283 492 MB npm-service-account-ipfs

@codecov

codecov Bot commented Jan 18, 2024

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.30%. Comparing base (8f351a8) to head (1620044).
⚠️ Report is 49 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (8f351a8) and HEAD (1620044). Click for more details.

HEAD has 2 uploads less than BASE
Flag BASE (8f351a8) HEAD (1620044)
node 2 0
Additional details and impacted files
@@             Coverage Diff             @@
##           master     #154       +/-   ##
===========================================
- Coverage   79.04%   68.30%   -10.74%     
===========================================
  Files         557      154      -403     
  Lines       36428     5358    -31070     
  Branches     2923      452     -2471     
===========================================
- Hits        28795     3660    -25135     
+ Misses       7633     1698     -5935     
Flag Coverage Δ
chrome 68.30% <ø> (-0.56%) ⬇️
node ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@google-cla

google-cla Bot commented Jan 18, 2024

Copy link
Copy Markdown

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants