Skip to content

Packages upgrade #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
YaakovHatam wants to merge 23 commits into
base: master
Choose a base branch
from
Open

Packages upgrade #79

YaakovHatam wants to merge 23 commits into from

Conversation

@YaakovHatam
Copy link

@YaakovHatam YaakovHatam commented Nov 7, 2021

No description provided.

dependabot bot and others added 23 commits November 7, 2021 07:22
@dependabot
Bump chart.js from 2.7.1 to 2.9.4
d7d03ee 
Bumps [chart.js](https://github.com/chartjs/Chart.js) from 2.7.1 to 2.9.4.
- [Release notes](https://github.com/chartjs/Chart.js/releases)
- [Commits](chartjs/Chart.js@v2.7.1...v2.9.4)

---
updated-dependencies:
- dependency-name: chart.js
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump set-getter from 0.1.0 to 0.1.1
7eff56d 
Bumps [set-getter](https://github.com/doowb/set-getter) from 0.1.0 to 0.1.1.
- [Release notes](https://github.com/doowb/set-getter/releases)
- [Commits](https://github.com/doowb/set-getter/commits/0.1.1)

---
updated-dependencies:
- dependency-name: set-getter
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@eitanno
Merge pull request #4 from eitanno/dependabot/npm_and_yarn/set-getter…
7346f83 
…-0.1.1

Bump set-getter from 0.1.0 to 0.1.1
@eitanno
Merge pull request #3 from eitanno/dependabot/npm_and_yarn/chart.js-2…
1ff109d 
….9.4

Bump chart.js from 2.7.1 to 2.9.4
@dependabot
Bump mixin-deep from 1.3.0 to 1.3.2
03d71eb 
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.0 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](jonschlinkert/mixin-deep@1.3.0...1.3.2)

---
updated-dependencies:
- dependency-name: mixin-deep
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump jquery from 3.3.1 to 3.5.0
5fe52fc 
Bumps [jquery](https://github.com/jquery/jquery) from 3.3.1 to 3.5.0.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](jquery/jquery@3.3.1...3.5.0)

---
updated-dependencies:
- dependency-name: jquery
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@eitanno
Merge pull request #5 from eitanno/dependabot/npm_and_yarn/mixin-deep…
bd1a54e 
…-1.3.2

Bump mixin-deep from 1.3.0 to 1.3.2
@eitanno
Merge pull request #1 from eitanno/dependabot/npm_and_yarn/jquery-3.5.0
65740a0 
Bump jquery from 3.3.1 to 3.5.0
@dependabot
Bump eslint-utils from 1.3.1 to 1.4.3
1abf9e4 
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.3.1 to 1.4.3.
- [Release notes](https://github.com/mysticatea/eslint-utils/releases)
- [Commits](mysticatea/eslint-utils@v1.3.1...v1.4.3)

---
updated-dependencies:
- dependency-name: eslint-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump lodash from 4.17.4 to 4.17.21
ed6a887 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.4 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.4...4.17.21)

---
updated-dependencies:
- dependency-name: lodash
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@eitanno
Merge pull request #2 from eitanno/dependabot/npm_and_yarn/lodash-4.1…
8092c4d 
…7.21

Bump lodash from 4.17.4 to 4.17.21
@eitanno
Merge pull request #6 from eitanno/dependabot/npm_and_yarn/eslint-uti…
e379a81 
…ls-1.4.3

Bump eslint-utils from 1.3.1 to 1.4.3
@dependabot
Bump bootstrap from 3.3.7 to 3.4.1
09f5bb6 
Bumps [bootstrap](https://github.com/twbs/bootstrap) from 3.3.7 to 3.4.1.
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](twbs/bootstrap@v3.3.7...v3.4.1)

---
updated-dependencies:
- dependency-name: bootstrap
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@eitanno
Merge pull request #7 from eitanno/dependabot/npm_and_yarn/bootstrap-…
943ad66 
…3.4.1

Bump bootstrap from 3.3.7 to 3.4.1
@eitanno
"set-value": ">=4.0.1"
321aa68
@eitanno
"acorn": ">=6.4.1"
df22675
@eitanno
Add files via upload
3b12c0d
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
d9e41f3 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-STYLELINT-1585622
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/npm:uglify-js:20150824
@eitanno
Merge pull request #8 from eitanno/snyk-fix-ed7fc158e7c3e4ca0617c1195…
50b739b 
…e0c0f95

[Snyk] Fix for 9 vulnerabilities
@YaakovHatam
Create codeql-analysis.yml
2cc4f83
@YaakovHatam
Create ossar-analysis.yml
46cfcb2
@YaakovHatam
Create snyk-container-analysis.yml
0325641
@YaakovHatam
Create devskim-analysis.yml
8ba21f3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@YaakovHatam @eitanno @snyk-bot