Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade probot from 12.1.1 to 12.3.0 #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jun 1, 2023

Snyk has created this PR to upgrade probot from 12.1.1 to 12.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 14 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2023-01-16.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Open Redirect
SNYK-JS-GOT-2932019
484/1000
Why? Has a fix available, CVSS 5.4
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783
484/1000
Why? Has a fix available, CVSS 5.4
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
484/1000
Why? Has a fix available, CVSS 5.4
No Known Exploit
Information Exposure
SNYK-JS-HBS-1566555
484/1000
Why? Has a fix available, CVSS 5.4
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: probot from probot GitHub release notes
Commit messages
Package name: probot
  • 6c5840d feat(server): add logging options (#1645)
  • 6e3070f docs: fix link (#1774)
  • 229a01c fix(typescript): add missing import (#1783)
  • 776f6a7 build(typescript): make TS happy
  • 85bd6e5 build(package): lock file
  • 99c7b12 build(release.yml): set node-version to lts/*
  • ff524af build(deps): bump json5 from 2.2.0 to 2.2.3
  • a03417e build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
  • f89d271 build(deps): upgrade @ octokit/types to v8 (#1763)
  • fac5b43 docs: added an example reference for a bot tested with mocha and sinon (#1744)
  • 4d6ee86 chore(deps): update dependency @ types/node to v16
  • 75a82ad chore(deps): update dependency @ octokit/webhooks-methods to v3
  • 0a863ac chore(deps): update dependency tsd to ^0.23.0 (#1729)
  • 0fcf5de build: renovate setup
  • d668f24 build: remove renovate setup from package.json
  • 5be04fd build: renovate setup
  • f81a134 build: renovate setup
  • 98f4b30 build: revert 3c6dca6c1db719eca8f51d62f87a4c6fb2e0e655
  • eff5553 fix: Make `probot receive` support complex Probot apps (#1714)
  • 78cb019 style: prettier
  • 3c6dca6 build: renovate setup
  • 68c9b91 fix(receive): `--base-url` option and `GHE_HOST` (#1719)
  • be45120 fix(deps): upgrade octokit/types to v7.1.1 (#1724)
  • d5e22e3 docs(deployment): Update Heroku branch name (#1701)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant