From 76f42da10a781feee382b5d36e497ecc99e65450 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:29:35 +0200 Subject: [PATCH 1/4] Bump semver from 5.7.1 to 5.7.2 (#674) Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v5.7.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/yarn.lock b/yarn.lock index ef1f19ae2c..501ccf4a6a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -17538,9 +17538,9 @@ secure-json-parse@^2.4.0, secure-json-parse@^2.5.0: integrity sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw== "semver@2 || 3 || 4 || 5", semver@^5.5.0: - version "5.7.1" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" - integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ== + version "5.7.2" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== semver@7.3.5: version "7.3.5" @@ -17557,16 +17557,16 @@ semver@7.4.0: lru-cache "^6.0.0" semver@7.x, semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.0: - version "7.5.2" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb" - integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ== + version "7.5.4" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== dependencies: lru-cache "^6.0.0" semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0: - version "6.3.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" - integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== + version "6.3.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== send@0.18.0: version "0.18.0" From b1b6fbf38badd3983c11ff5f9f8a60d0dc36aa84 Mon Sep 17 00:00:00 2001 From: basit511 <101107213+basit511@users.noreply.github.com> Date: Tue, 15 Aug 2023 12:29:41 +0530 Subject: [PATCH 2/4] fix: packages/examples/fortune/launcher/client/Dockerfile to reduce vulnerabilities (#770) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-1570178 - https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-2764966 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Co-authored-by: snyk-bot --- packages/examples/fortune/launcher/client/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/examples/fortune/launcher/client/Dockerfile b/packages/examples/fortune/launcher/client/Dockerfile index 0b67354e42..dcec8aa1da 100644 --- a/packages/examples/fortune/launcher/client/Dockerfile +++ b/packages/examples/fortune/launcher/client/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16.20.0-buster +FROM node:18.17.0-buster ARG JOB_LAUNCHER_SERVER_URL From c7648cd7b48b0cc086c9de9bcc4ff3b877a99477 Mon Sep 17 00:00:00 2001 From: basit511 <101107213+basit511@users.noreply.github.com> Date: Tue, 15 Aug 2023 12:30:16 +0530 Subject: [PATCH 3/4] fix: packages/examples/fortune/exchange-oracle/client/Dockerfile to reduce vulnerabilities (#771) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-1570178 - https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-2764966 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 Co-authored-by: snyk-bot --- packages/examples/fortune/exchange-oracle/client/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/examples/fortune/exchange-oracle/client/Dockerfile b/packages/examples/fortune/exchange-oracle/client/Dockerfile index e27ec18ea8..d5cbc093a6 100644 --- a/packages/examples/fortune/exchange-oracle/client/Dockerfile +++ b/packages/examples/fortune/exchange-oracle/client/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16.20.0-buster +FROM node:18.17.0-buster ARG PUBLIC_URL WORKDIR /usr/src/app From 7dff2c9273b29d5144b594e79ab58d05e41ff0fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 20:23:18 +0000 Subject: [PATCH 4/4] Bump postcss from 8.4.24 to 8.4.31 Bumps [postcss](https://github.com/postcss/postcss) from 8.4.24 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.24...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 7abb0be483..9d17671722 100644 --- a/yarn.lock +++ b/yarn.lock @@ -16452,9 +16452,9 @@ postcss-value-parser@^3.3.0: integrity sha512-pISE66AbVkp4fDQ7VHBwRNXzAAKJjw4Vw7nWI/+Q3vuly7SNfgYXvm6i5IgFylHGK5sP/xHAbB7N49OS4gWNyQ== postcss@^8.4.13, postcss@^8.4.23: - version "8.4.24" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.24.tgz#f714dba9b2284be3cc07dbd2fc57ee4dc972d2df" - integrity sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg== + version "8.4.31" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" + integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== dependencies: nanoid "^3.3.6" picocolors "^1.0.0"