Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot/npm and yarn/src/frontend/npm and yarn security group b6d526fe89 #1518

Closed
wants to merge 12 commits into from
Closed

Dependabot/npm and yarn/src/frontend/npm and yarn security group b6d526fe89 #1518

wants to merge 12 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Apr 10, 2024
edited by ghost
Loading

Changes

Please provide a brief description of the changes here.

Merge Requirements

For new features contributions please make sure you have completed the following
essential items:

  • CHANGELOG.md updated to document new feature additions
  • Appropriate documentation updates in the docs
  • Appropriate Helm chart updates in the helm-charts

Maintainers will not merge until the above have been completed. If you're unsure
which docs need to be changed ping the
@open-telemetry/demo-approvers.

snyk-bot and others added 12 commits March 10, 2024 22:03
@snyk-bot
fix: upgrade @opentelemetry/core from 1.18.1 to 1.21.0
a6d61fc 
Snyk has created this PR to upgrade @opentelemetry/core from 1.18.1 to 1.21.0.

See this package in npm:
https://www.npmjs.com/package/@opentelemetry/core

See this project in Snyk:
https://app.snyk.io/org/jokacar/project/6246a00a-f319-49e2-beb9-383ed950156d?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: src/emailservice/Dockerfile to reduce vulnerabilities
2337556 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098
- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098
- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098
- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098
- https://snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-6159410
@Jokacar
Merge pull request #6 from JoKacar/snyk-fix-15b145bd2d24145c54b45b49b…
0dceb8f 
…46295df

[Snyk] Security upgrade ruby from 3.2.2-slim to 3.2.3-slim
@Jokacar
Merge pull request #5 from JoKacar/snyk-upgrade-8404afcd789d19c8ffcfd…
6fc58d8 
…f1b8d80a27e

[Snyk] Upgrade @opentelemetry/core from 1.18.1 to 1.21.0
@snyk-bot
fix: src/loadgenerator/Dockerfile to reduce vulnerabilities
f585464 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227597
- https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227603
- https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507
- https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507
- https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963
@Jokacar
Merge pull request #8 from JoKacar/snyk-fix-4988e4d9c9dfda9d77d900609…
c68d71e 
…dc7da17

[Snyk] Security upgrade python from 3.12-slim-bookworm to 3.13.0a4-slim
@snyk-bot
fix: upgrade @opentelemetry/exporter-trace-otlp-http from 0.45.1 to 0…
b5cbfa8 
….49.1

Snyk has created this PR to upgrade @opentelemetry/exporter-trace-otlp-http from 0.45.1 to 0.49.1.

See this package in npm:
https://www.npmjs.com/package/@opentelemetry/exporter-trace-otlp-http

See this project in Snyk:
https://app.snyk.io/org/jokacar/project/6246a00a-f319-49e2-beb9-383ed950156d?utm_source=github&utm_medium=referral&page=upgrade-pr
@Jokacar
Merge pull request #13 from JoKacar/snyk-upgrade-70273df327e026e8cb4e…
ea95506 
…53d27d0eda77

[Snyk] Upgrade @opentelemetry/exporter-trace-otlp-http from 0.45.1 to 0.49.1
@snyk-bot
fix: src/recommendationservice/Dockerfile to reduce vulnerabilities
fbd08f1 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227597
- https://snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-6474581
- https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507
- https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507
- https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963
@Jokacar
Merge pull request #16 from JoKacar/snyk-fix-7e1aac1c1d5087cc21e11b4f…
2387429 
…e7d219f0

[Snyk] Security upgrade python from 3.12-slim-bookworm to 3.13.0a4-slim
@dependabot
Bump the npm_and_yarn group across 1 directory with 5 updates
e314413 
Bumps the npm_and_yarn group with 5 updates in the /src/frontend directory:

| Package | From | To |
| --- | --- | --- |
| [undici](https://github.com/nodejs/undici) | `5.28.2` | `5.28.4` |
| [next](https://github.com/vercel/next.js) | `12.3.4` | `13.5.1` |
| [@cypress/request](https://github.com/cypress-io/request) | `2.88.12` | `3.0.1` |
| [cypress](https://github.com/cypress-io/cypress) | `10.11.0` | `13.7.2` |
| [postcss](https://github.com/postcss/postcss) | `8.4.14` | `8.4.31` |
| [next](https://github.com/vercel/next.js) | `13.5.1` | `13.5.6` |



Updates `undici` from 5.28.2 to 5.28.4
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.2...v5.28.4)

Updates `next` from 12.3.4 to 13.5.1
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.3.4...v13.5.1)

Updates `@cypress/request` from 2.88.12 to 3.0.1
- [Release notes](https://github.com/cypress-io/request/releases)
- [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md)
- [Commits](cypress-io/request@v2.88.12...v3.0.1)

Updates `cypress` from 10.11.0 to 13.7.2
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](cypress-io/cypress@v10.11.0...v13.7.2)

Updates `postcss` from 8.4.14 to 8.4.31
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.14...8.4.31)

Updates `next` from 13.5.1 to 13.5.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.3.4...v13.5.1)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@cypress/request"
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: cypress
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: postcss
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@Jokacar
Merge branch 'open-telemetry:main' into dependabot/npm_and_yarn/src/f…
54e99be 
…rontend/npm_and_yarn-security-group-b6d526fe89
@ghost ghost self-requested a review April 10, 2024 20:03
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

CLA Not Signed

@github-actions GitHub Actions
Copy link

This PR was marked stale due to lack of activity. It will be closed in 7 days.

@github-actions github-actions bot added the Stale label Apr 25, 2024
@austinlparker
Copy link
Member

Closed as stale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@austinlparker @snyk-bot @Jokacar