Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/dependabotsv2.3 #881

Merged
merged 8 commits into from
Nov 11, 2024
Merged

Fix/dependabotsv2.3 #881

merged 8 commits into from
Nov 11, 2024

Conversation

alexjavabraz
Copy link
Collaborator

  • adding dependabot updates

dependabot bot and others added 7 commits October 31, 2024 14:50
@dependabot @alexjavabraz
Bump actions/setup-node from 3.8.2 to 4.1.0
402e545 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.2 to 4.1.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v3.8.2...39370e3)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @alexjavabraz
build(deps): bump actions/dependency-review-action from 4.3.4 to 4.4.0
27736a5 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.4 to 4.4.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@5a2ce3f...4081bf9)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @alexjavabraz
build(deps-dev): bump vue-tsc from 1.8.8 to 2.0.22
2e7d2f0 
Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 1.8.8 to 2.0.22.
- [Release notes](https://github.com/vuejs/language-tools/releases)
- [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vuejs/language-tools/commits/v2.0.22/packages/tsc)

---
updated-dependencies:
- dependency-name: vue-tsc
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @alexjavabraz
build(deps-dev): bump eslint-plugin-import from 2.28.1 to 2.31.0
cdf3618 
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](import-js/eslint-plugin-import@v2.28.1...v2.31.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @alexjavabraz
build(deps): bump jest-environment-jsdom from 27.5.1 to 29.7.0
f45b15e 
Bumps [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom) from 27.5.1 to 29.7.0.
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v29.7.0/packages/jest-environment-jsdom)

---
updated-dependencies:
- dependency-name: jest-environment-jsdom
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @alexjavabraz
build(deps): bump @ledgerhq/hw-transport-webusb from 6.27.1 to 6.29.4
4e8db05 
Bumps [@ledgerhq/hw-transport-webusb](https://github.com/LedgerHQ/ledger-live) from 6.27.1 to 6.29.4.
- [Release notes](https://github.com/LedgerHQ/ledger-live/releases)
- [Changelog](https://github.com/LedgerHQ/ledger-live/blob/develop/docs/CHANGELOG.md)
- [Commits](https://github.com/LedgerHQ/ledger-live/compare/v6.27.1...@ledgerhq/[email protected])

---
updated-dependencies:
- dependency-name: "@ledgerhq/hw-transport-webusb"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@alexjavabraz
adding vue facing decorator 3.0.4
aedf260
@alexjavabraz alexjavabraz self-assigned this Oct 31, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 31, 2024
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/setup-node 39370e3970a6d050c480ffad4ff0ed4d3fdee5af 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/actions/dependency-review-action 4081bf99e2866ebe428fc0477b69eb4fcda7220a 🟢 7.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1023 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/setup-node 39370e3970a6d050c480ffad4ff0ed4d3fdee5af 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/actions/setup-node 39370e3970a6d050c480ffad4ff0ed4d3fdee5af 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/actions/setup-node 39370e3970a6d050c480ffad4ff0ed4d3fdee5af 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/actions/setup-node 39370e3970a6d050c480ffad4ff0ed4d3fdee5af 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities🟢 82 existing vulnerabilities detected

Scanned Files

  • .github/workflows/build.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/deploy_MainNet_UI.yml
  • .github/workflows/deploy_TestNet_UI.yml
  • .github/workflows/deploy_staging_MainNet_UI.yml
  • .github/workflows/deploy_staging_TestNet_UI.yml

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

leoiovlabs
leoiovlabs approved these changes Nov 11, 2024
View reviewed changes
Copy link

@leoiovlabs leoiovlabs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexjavabraz alexjavabraz merged commit 38c8891 into main Nov 11, 2024
6 checks passed
@alexjavabraz alexjavabraz deleted the fix/dependabotsv2.3 branch November 11, 2024 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lserra-iov lserra-iov lserra-iov approved these changes

@leoiovlabs leoiovlabs leoiovlabs approved these changes

@annipi annipi Awaiting requested review from annipi

Assignees

@alexjavabraz alexjavabraz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexjavabraz @leoiovlabs @lserra-iov