deps(snyk): update snyk snapshot #9779
Conversation
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
| {"id":"npm:angular:20150315","severity":"medium","semver":{"vulnerable":["<1.6.1"]}}, | ||
| {"id":"npm:angular:20150310","severity":"high","semver":{"vulnerable":["<1.5.0-beta.2"]}}, | ||
| {"id":"npm:angular:20141104","severity":"medium","semver":{"vulnerable":["<1.3.2"]}}, | ||
| {"id":"npm:angular:20130621","severity":"medium","semver":{"vulnerable":["<=1.1.5"]}}, | ||
| {"id":"npm:angular:20140909","severity":"high","semver":{"vulnerable":["<1.2.24 >=1.2.19"]}}, | ||
| {"id":"npm:angular:20130621","severity":"medium","semver":{"vulnerable":["<1.2.0"]}}, |
There was a problem hiding this comment.
ah, the first real substantive change! 😆
| {"id":"npm:jquery:20150627","severity":"medium","semver":{"vulnerable":["<1.12.2",">=1.12.3 <2.2.2",">=2.2.3 <3.0.0"]}}, | ||
| {"id":"npm:jquery:20140902","severity":"medium","semver":{"vulnerable":[">=1.4.2 <1.6.2"]}}, | ||
| {"id":"npm:jquery:20120206","severity":"medium","semver":{"vulnerable":[">=1.7.1 <1.9.0"]}}, | ||
| {"id":"npm:jquery:20110606","severity":"medium","semver":{"vulnerable":["<1.6.3"]}} | ||
| ], | ||
| "jquery-mobile":[ | ||
| {"id":"SNYK-JS-JQUERYMOBILE-174599","severity":"medium","semver":{"vulnerable":["*"]}}, |
There was a problem hiding this comment.
nice catch tests! :D
| {"id":"SNYK-JS-JQUERYMOBILE-174599","severity":"medium","semver":{"vulnerable":["*"]}}, |
There was a problem hiding this comment.
@aviadatsnyk can we get the script to replace these instances with the equivalent of <=CURRENT_LATEST_VERSION?
There was a problem hiding this comment.
nice catch tests! :D
💪
There was a problem hiding this comment.
@patrickhulce This has not yet been fixed, so has * as the vulnerable version range. Does that mean lighthouse can't report unfixed vulnerabilities?
There was a problem hiding this comment.
Correct. Lighthouse versions long outlive the time it takes to fix vulnerabilities in many cases, so we have a policy of refusing wildcard versions. (see #8409 (comment))
There was a problem hiding this comment.
Got it. We'll fix this (in another PR, due to CLA issues)
Why this PR?
a weekly update of the vulnerabilities snapshot for lighthouse