[Security] Bump node-notifier from 8.0.0 to 8.0.1 #381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=60&v=4){kind=small}
Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <[email protected]>
dependabot-preview
bot
added
dependencies
elnyry-sam-k
approved these changes
Dec 29, 2020
kleyow
added a commit
that referenced
this pull request
Feb 22, 2021
* Updated versions for error-handler, etc... (#342) * Bugfix/send request span finishing before function completed (#352) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * Fix for bug: mojaloop/project#1412 Updated dependencies * revert port change * fixes for incorrect span used and fspiop error not set. Fixes removed await for participants requests Co-authored-by: Henk Kodde <[email protected]> * Updated api_swagger.json as per version 1.1 of the FSPIOP spec and re… (#348) * Updated api_swagger.json as per version 1.1 of the FSPIOP spec and removed unused type definitions * Updated audit decisions * Updated audit decisions * Update src/interface/api_swagger.json Co-authored-by: Sam <[email protected]> * Fixed references to type definitions in api_swagger * Bumped version number to 10.4.0 Co-authored-by: Neal Donnan <[email protected]> Co-authored-by: Sam <[email protected]> * Feature/validation for name place accents (#353) * updated ALS to use new openapi-backend framework updated dependencies fix tests * refactored to cater as per @lewisdaly suggestions * Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly * fix audit issues from central-services-health * Updated python in Circle CI (#357) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * updated ALS to use new openapi-backend framework updated dependencies fix tests * refactored to cater as per @lewisdaly suggestions * Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly * fix audit issues from central-services-health * Changes: Updated python in circle CI Co-authored-by: Henk Kodde <[email protected]> * Updated dependencies for issue: mojaloop/project#1378 (#359) * #1484: Update FSPIOP API version (#367) * Update FSPIOP API version * Resolve audit issues * Update src/interface/admin_swagger.json Co-authored-by: Sam <[email protected]> * Feature/updated shared library to cater for delete (#368) * updated dependencies, added the delete payyload fix * Feature/updated openapi backend version (#369) updated version of central-services-shared to cater for the fix in openapi-backend library * updated shared lib version to allow configurable resource versions (#370) * updated shared lib version to allow configurable resource versions * added example .env for resource versions Co-authored-by: Valentin <[email protected]> * updated shared lib version (#371) Co-authored-by: Valentin <[email protected]> * Updating dependencies for new helm release (#373) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * updated dependencies and version for new helm release Co-authored-by: Henk Kodde <[email protected]> * feat(security): November security review (#374) * chore(deps): update dependencies to latest versions * chore(package): bump package to `11.1.3 * Fix /documentation and /swagger.json endpoints (#375) * Replace wildcard routes with explicit routes and fix API documentation endpoints (#376) * #1885: Update API documenation (#379) * Update API documenattion * Restore default configs * Fix integration test. * Fix audit * Fix integration test config * [Security] Bump node-notifier from 8.0.0 to 8.0.1 (#381) Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <[email protected]> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * chore: update license file (#377) Co-authored-by: Sam <[email protected]> * fix: package.json & package-lock.json to reduce vulnerabilities (#386) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 * chore: fix broken links in readme (#387) * Revert "fix: package.json & package-lock.json to reduce vulnerabilities (#386)" (#388) This reverts commit 9eccdf5. * Add codeowners for the core repo (#390) * feat(ci/cd): add pr title check (#395) * feat: allow multiple fsps per msisdn, instead of sending request for first party (#385) * MultipleDfspPerMsisdn: Instead of sending request for first party only, iterate partyList and send request for each party on the list. Also update dep and devDep versions minus central-service-health which breaks the unit tests * feature/multipledfspspermsisdn: Bump versions to latest except central-services-health that if bumped to next version 11.0.0 breaks unit tests per mojaloop issue 1987 Co-authored-by: Sam <[email protected]> * fix: proper status code for health check (#396) * fix: Core handler services that have a dependency on central-services-database are not loading all tables on startup #816 fix for mojaloop/project#1888. Fix issue by changing all `Db.<table>.*` syntax function operations to `Db.from('<table>').*`. The issue was caused by the central-services-database Database class on Db.connect() loading all tables via an SQL request, and creating a Class property (`Db.<table>`) to reference the Table object. The issue here being that the query to fetch all the tables from the database does not return all tables (to be investigated in future). `Db.from('<table>').*` ensures that the table object is created properly. * chore: fix circleci Co-authored-by: Adrian Enns <[email protected]> Co-authored-by: Rajiv Mothilal <[email protected]> Co-authored-by: Henk Kodde <[email protected]> Co-authored-by: ndonnan <[email protected]> Co-authored-by: Neal Donnan <[email protected]> Co-authored-by: Sam <[email protected]> Co-authored-by: Steven Oderayi <[email protected]> Co-authored-by: Sam <[email protected]> Co-authored-by: Valentin Genev <[email protected]> Co-authored-by: Valentin <[email protected]> Co-authored-by: Lewis Daly <[email protected]> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <[email protected]> Co-authored-by: Juan Correa <[email protected]> Co-authored-by: shashi165 <[email protected]> Co-authored-by: vijayg10 <[email protected]>
kleyow
added a commit
that referenced
this pull request
Feb 22, 2021
* Updated versions for error-handler, etc... (#342) * Bugfix/send request span finishing before function completed (#352) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * Fix for bug: mojaloop/project#1412 Updated dependencies * revert port change * fixes for incorrect span used and fspiop error not set. Fixes removed await for participants requests Co-authored-by: Henk Kodde <[email protected]> * Updated api_swagger.json as per version 1.1 of the FSPIOP spec and re… (#348) * Updated api_swagger.json as per version 1.1 of the FSPIOP spec and removed unused type definitions * Updated audit decisions * Updated audit decisions * Update src/interface/api_swagger.json Co-authored-by: Sam <[email protected]> * Fixed references to type definitions in api_swagger * Bumped version number to 10.4.0 Co-authored-by: Neal Donnan <[email protected]> Co-authored-by: Sam <[email protected]> * Feature/validation for name place accents (#353) * updated ALS to use new openapi-backend framework updated dependencies fix tests * refactored to cater as per @lewisdaly suggestions * Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly * fix audit issues from central-services-health * Updated python in Circle CI (#357) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * updated ALS to use new openapi-backend framework updated dependencies fix tests * refactored to cater as per @lewisdaly suggestions * Made changes to have completely different flows for API and Admin initialisation as per @lewisdaly * fix audit issues from central-services-health * Changes: Updated python in circle CI Co-authored-by: Henk Kodde <[email protected]> * Updated dependencies for issue: mojaloop/project#1378 (#359) * #1484: Update FSPIOP API version (#367) * Update FSPIOP API version * Resolve audit issues * Update src/interface/admin_swagger.json Co-authored-by: Sam <[email protected]> * Feature/updated shared library to cater for delete (#368) * updated dependencies, added the delete payyload fix * Feature/updated openapi backend version (#369) updated version of central-services-shared to cater for the fix in openapi-backend library * updated shared lib version to allow configurable resource versions (#370) * updated shared lib version to allow configurable resource versions * added example .env for resource versions Co-authored-by: Valentin <[email protected]> * updated shared lib version (#371) Co-authored-by: Valentin <[email protected]> * Updating dependencies for new helm release (#373) * Initial Commit. * Upload domain/participant test. * Upload domain/participant test. * fixes for getParticipantsByTypeId test failing. now functioning properly removed validator file as it isn't used may be required in MSISDN oracle as it validated mobile number formats * Checking in testing code. * removal of vscode config * updated gitignore * fixes for stubbing issues * fix for bug mojaloop/project#797 Fixes for sonarQube code sanity i.e removing function names that aren't needed, changing let to const, reordering functions in file Changed unique constraint on oracleEndpoint which is now working correctly * fix for only retrieving default entries return undefined for currency when it is not available * fix for returning null for valid oracle lookup * correct database port * removal of isOracle for header validation * fix for incorrect endpoint being requested for callback response * updated with pre-commit to manage dependencies * Updated versions of ALS dependencies and updated standard changes * incorrect port for database being set * updated dependencies and version for new helm release Co-authored-by: Henk Kodde <[email protected]> * feat(security): November security review (#374) * chore(deps): update dependencies to latest versions * chore(package): bump package to `11.1.3 * Fix /documentation and /swagger.json endpoints (#375) * Replace wildcard routes with explicit routes and fix API documentation endpoints (#376) * #1885: Update API documenation (#379) * Update API documenattion * Restore default configs * Fix integration test. * Fix audit * Fix integration test config * [Security] Bump node-notifier from 8.0.0 to 8.0.1 (#381) Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.** - [Release notes](https://github.com/mikaelbr/node-notifier/releases) - [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md) - [Commits](mikaelbr/node-notifier@v8.0.0...v8.0.1) Signed-off-by: dependabot-preview[bot] <[email protected]> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * chore: update license file (#377) Co-authored-by: Sam <[email protected]> * fix: package.json & package-lock.json to reduce vulnerabilities (#386) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 * chore: fix broken links in readme (#387) * Revert "fix: package.json & package-lock.json to reduce vulnerabilities (#386)" (#388) This reverts commit 9eccdf5. * Add codeowners for the core repo (#390) * feat(ci/cd): add pr title check (#395) * feat: allow multiple fsps per msisdn, instead of sending request for first party (#385) * MultipleDfspPerMsisdn: Instead of sending request for first party only, iterate partyList and send request for each party on the list. Also update dep and devDep versions minus central-service-health which breaks the unit tests * feature/multipledfspspermsisdn: Bump versions to latest except central-services-health that if bumped to next version 11.0.0 breaks unit tests per mojaloop issue 1987 Co-authored-by: Sam <[email protected]> * fix: proper status code for health check (#396) * fix: Core handler services that have a dependency on central-services-database are not loading all tables on startup #816 fix for mojaloop/project#1888. Fix issue by changing all `Db.<table>.*` syntax function operations to `Db.from('<table>').*`. The issue was caused by the central-services-database Database class on Db.connect() loading all tables via an SQL request, and creating a Class property (`Db.<table>`) to reference the Table object. The issue here being that the query to fetch all the tables from the database does not return all tables (to be investigated in future). `Db.from('<table>').*` ensures that the table object is created properly. Co-authored-by: Adrian Enns <[email protected]> Co-authored-by: Rajiv Mothilal <[email protected]> Co-authored-by: Henk Kodde <[email protected]> Co-authored-by: ndonnan <[email protected]> Co-authored-by: Neal Donnan <[email protected]> Co-authored-by: Sam <[email protected]> Co-authored-by: Steven Oderayi <[email protected]> Co-authored-by: Sam <[email protected]> Co-authored-by: Valentin Genev <[email protected]> Co-authored-by: Valentin <[email protected]> Co-authored-by: Lewis Daly <[email protected]> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Snyk bot <[email protected]> Co-authored-by: Juan Correa <[email protected]> Co-authored-by: shashi165 <[email protected]> Co-authored-by: vijayg10 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps node-notifier from 8.0.0 to 8.0.1. This update includes a security fix.
Vulnerabilities fixed
Sourced from The GitHub Security Advisory Database.
Changelog
Sourced from node-notifier's changelog.
Commits
5d62799v8.0.10c4a80dchore: adds changelogf5a7bc6fix: test casesb9d148dpatch: fixes possible injection issue for notify-sendDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language@dependabot badge mewill comment on this PR with code to add a "Dependabot enabled" badge to your readmeAdditionally, you can set the following in your Dependabot dashboard: