From 9db3401e33ae96c8e13f77c1acc3fa29e30d1a1c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 23:46:09 +0000 Subject: [PATCH 1/4] Bump axios from 0.21.1 to 0.21.2 in /tgui Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.2. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.2/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.2) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- tgui/packages/tgui-dev-server/package.json | 2 +- tgui/yarn.lock | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tgui/packages/tgui-dev-server/package.json b/tgui/packages/tgui-dev-server/package.json index 8ee0e019ee0..03d1559082e 100644 --- a/tgui/packages/tgui-dev-server/package.json +++ b/tgui/packages/tgui-dev-server/package.json @@ -4,7 +4,7 @@ "version": "4.3.0", "type": "module", "dependencies": { - "axios": "^0.21.1", + "axios": "^0.21.2", "glob": "^7.1.7", "source-map": "^0.7.3", "stacktrace-parser": "^0.1.10", diff --git a/tgui/yarn.lock b/tgui/yarn.lock index b311fc090b3..ac8ee4c0612 100644 --- a/tgui/yarn.lock +++ b/tgui/yarn.lock @@ -2473,12 +2473,12 @@ __metadata: languageName: node linkType: hard -"axios@npm:^0.21.1": - version: 0.21.1 - resolution: "axios@npm:0.21.1" +"axios@npm:^0.21.2": + version: 0.21.4 + resolution: "axios@npm:0.21.4" dependencies: - follow-redirects: ^1.10.0 - checksum: c87915fa0b18c15c63350112b6b3563a3e2ae524d7707de0a73d2e065e0d30c5d3da8563037bc29d4cc1b7424b5a350cb7274fa52525c6c04a615fe561c6ab11 + follow-redirects: ^1.14.0 + checksum: 44245f24ac971e7458f3120c92f9d66d1fc695e8b97019139de5b0cc65d9b8104647db01e5f46917728edfc0cfd88eb30fc4c55e6053eef4ace76768ce95ff3c languageName: node linkType: hard @@ -4032,7 +4032,7 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:^1.10.0": +"follow-redirects@npm:^1.14.0": version: 1.15.2 resolution: "follow-redirects@npm:1.15.2" peerDependenciesMeta: @@ -7675,7 +7675,7 @@ resolve@^2.0.0-next.3: version: 0.0.0-use.local resolution: "tgui-dev-server@workspace:packages/tgui-dev-server" dependencies: - axios: ^0.21.1 + axios: ^0.21.2 glob: ^7.1.7 source-map: ^0.7.3 stacktrace-parser: ^0.1.10 From 4af47e87f3d1a23b172c211aa9c11a60c5f1176c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jul 2023 23:46:58 +0000 Subject: [PATCH 2/4] Bump semver from 6.3.0 to 6.3.1 in /tgui Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] --- tgui/yarn.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tgui/yarn.lock b/tgui/yarn.lock index b311fc090b3..4cabb2f9594 100644 --- a/tgui/yarn.lock +++ b/tgui/yarn.lock @@ -7046,11 +7046,11 @@ resolve@^2.0.0-next.3: linkType: hard "semver@npm:^6.0.0, semver@npm:^6.1.1, semver@npm:^6.1.2, semver@npm:^6.3.0": - version: 6.3.0 - resolution: "semver@npm:6.3.0" + version: 6.3.1 + resolution: "semver@npm:6.3.1" bin: - semver: ./bin/semver.js - checksum: 1b26ecf6db9e8292dd90df4e781d91875c0dcc1b1909e70f5d12959a23c7eebb8f01ea581c00783bbee72ceeaad9505797c381756326073850dc36ed284b21b9 + semver: bin/semver.js + checksum: ae47d06de28836adb9d3e25f22a92943477371292d9b665fb023fae278d345d508ca1958232af086d85e0155aee22e313e100971898bbb8d5d89b8b1d4054ca2 languageName: node linkType: hard From cf8eb95e396a3f6a06dcf0834f54949c66830891 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jul 2023 23:00:44 +0000 Subject: [PATCH 3/4] Bump word-wrap from 1.2.3 to 1.2.4 in /tgui Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] --- tgui/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tgui/yarn.lock b/tgui/yarn.lock index b311fc090b3..d93d8d05fbf 100644 --- a/tgui/yarn.lock +++ b/tgui/yarn.lock @@ -8439,9 +8439,9 @@ typescript@^4.3.5: linkType: hard "word-wrap@npm:^1.2.3, word-wrap@npm:~1.2.3": - version: 1.2.3 - resolution: "word-wrap@npm:1.2.3" - checksum: 30b48f91fcf12106ed3186ae4fa86a6a1842416df425be7b60485de14bec665a54a68e4b5156647dec3a70f25e84d270ca8bc8cd23182ed095f5c7206a938c1f + version: 1.2.4 + resolution: "word-wrap@npm:1.2.4" + checksum: 8f1f2e0a397c0e074ca225ba9f67baa23f99293bc064e31355d426ae91b8b3f6b5f6c1fc9ae5e9141178bb362d563f55e62fd8d5c31f2a77e3ade56cb3e35bd1 languageName: node linkType: hard From a48070a8b14d15d73c9a6caf877320256a9f17b9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 27 Sep 2023 05:03:18 +0000 Subject: [PATCH 4/4] fix: tools/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878 --- tools/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/requirements.txt b/tools/requirements.txt index d845f21af62..059bd45d7e9 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -1,6 +1,6 @@ pygit2==1.0.1 bidict==0.13.1 -Pillow==9.4.0 +Pillow==10.0.1 # changelogs PyYaml==5.4