andrewmusselman opened a new pull request, #16: URL: https://github.com/apache/tooling-gofannon/pull/16
After the merged Dependabot PRs handled follow-redirects, lodash, fast-uri, brace-expansion, path-to-regexp, @babel/plugin-transform-modules-systemjs, and picomatch, these transitive deps still need explicit pins: - postcss 8.5.10 (CWE-79; deliberately older than the fresh 8.5.14) - serialize-javascript 7.0.5 (CWE-94 + CWE-400; crosses major, build verifies) - svgo 3.3.3 (CWE-776 Billion Laughs) - minimatch 3.1.4 (CWE-1333 ReDoS) - ajv 6.14.0 (^6 consumers) + ajv 8.18.0 (^8 consumers) (CWE-1333) - qs 6.14.2 (CWE-400) All exact-pinned. Install used npm install --ignore-scripts. ## Description <!-- Provide a brief description of the changes in this PR --> ## Related Issue <!-- Link to the issue this PR addresses (e.g., Fixes #123, Closes #456) --> Fixes # ## Type of Change <!-- Mark the relevant option with an "x" --> - [ ] Bug fix (non-breaking change that fixes an issue) - [ ] New feature (non-breaking change that adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Documentation update - [ ] Testing improvement - [ ] Infrastructure/CI change - [ ] Other (please describe): ## Testing ### For Bug Fixes <!-- Bug fixes should include tests that would have caught the bug --> - [ ] I have added a test that reproduces the bug (the test fails without this fix) - [ ] The test now passes with this fix - [ ] N/A - this bug cannot be reasonably tested (please explain why) ### For New Features <!-- New features should have comprehensive test coverage --> - [ ] I have added unit tests for the new functionality - [ ] I have added integration tests (if applicable) - [ ] N/A - please explain why tests are not applicable ### Test Execution - [ ] All existing tests pass locally - [ ] New tests pass locally ## Checklist <!-- Mark completed items with an "x" --> - [ ] My code follows the project's coding style - [ ] I have performed a self-review of my code - [ ] I have commented my code where necessary (particularly complex areas) - [ ] I have updated the documentation (if applicable) - [ ] My changes generate no new warnings - [ ] I have checked that there are no merge conflicts ## Documentation <!-- If this PR requires documentation updates, describe what was updated --> - [ ] Documentation has been updated - [ ] No documentation update needed ## Screenshots (if applicable) <!-- Add screenshots to help explain your changes --> ## Additional Notes <!-- Add any additional notes for reviewers --> --- By submitting this PR, I confirm that I have read and agree to follow the project's [Code of Conduct](https://github.com/the-ai-alliance/gofannon/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/the-ai-alliance/gofannon/blob/main/CONTRIBUTING.md). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
