[Snyk] Fix for 1 vulnerabilities #770
Conversation
…e vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/formik/tsdx/jkuwta0ws |
agilgur5
added
solution: unnecessary
|
I just deleted my Snyk account. I will install dependabot on formium when I get to office in am. Been using it on another project and it’s pretty good. I’ll set it to do weekly dep checks so we can do other things with our lives |
Thanks Jared. I think that'll stop the updates but you might want to clear the permissions you gave to Snyk (it actually commits as a user and not as a bot since they don't have an app for some reason)
Agreed that weekly would be a lot better than this multiple times a day current monstrosity but still have some issues with unnecessary dep upgrades when they're not pinned anyway. Can continue any discussion of that on #839 though |
|
Snyk has been removed per above. Closing as unnecessary since this updated a dep on Snyk has been replaced with dependabot per #839 / #846 . Will go through and cleanup all the Snyk branches now. EDIT: deleted 10+ Snyk branches. Also deleted a multitude of Greenkeeper branches but won't delete the rest since there are still some open Greenkeeper PRs that should be merged/superseded but require breaking changes so will be batched later. |
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With a Snyk patch:
SNYK-JS-LODASH-567746
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic