django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Bump datatables.net from 1.13.4 to 2.1.8 in /components

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps datatables.net from 1.13.4 to 2.1.8.

Release notes

Sourced from datatables.net's releases.

1.13.11

DataTables 1.13.11

Commits
  • 155c47b Sync tag release - 2.1.8
  • 1150bb1 643377800fbf3b1e050b8d59a843837710aea693 Release 2.1.8
  • 847314e 658b9d4ce42406bea630174635f258d08655df7f Fix: Columns where misaligned from t...
  • 44bc402 c711f949ba6a4f3f1383918d12a9b9600a558d57 Fix: Remove the setting of `role="ro...
  • 8c6985f e86bdad18a2ae35115ee8369bcde9023ad616b35 Fix: Date rendering would always set...
  • d90011a 0b07375e57ac56dd2ce582641115169eccd6340d Typescript: Need to export `ObjectCo...
  • 73d18ed Sync tag release - 2.1.7
  • 3c0bb60 f83a8f4c4c2f0541765632de1c22d11e5a92a54f Release 2.1.7
  • 6be1438 31f2488df2fac6a551a657109c4484fb470401ef Fix: null in a column that is dete...
  • 1cb130d f181926d2ebcb27e3b8004964235d37891778950 Fix: Safari 9 doesn't support `Strin...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Oct 04 '24 12:10 dependabot[bot]

DryRun Security Summary

The provided code changes involve updating the datatables.net dependency to a newer major version, which should be reviewed carefully for potential security vulnerabilities and breaking changes, and the code using the library should be thoroughly tested to ensure proper input sanitization and validation.

Expand for full summary

Summary:

The provided code changes involve updating the datatables.net dependency in the project's package.json and yarn.lock files. The datatables.net library is a popular JavaScript library for creating advanced tables and data grids, and the update represents a major version change from 1.13.4 to 2.1.8.

From an application security perspective, this update should be reviewed carefully. Previous versions of DataTables have had security vulnerabilities, such as Cross-Site Scripting (XSS) issues. When updating a dependency like this, it's important to review the release notes and security advisories to ensure that the new version addresses any known vulnerabilities. Additionally, the code using the DataTables library should be reviewed to ensure that it is properly sanitizing and validating user input to prevent potential security issues.

Files Changed:

  1. components/package.json: This file has been updated to change the datatables.net dependency from version ^1.13.4 to ^2.1.8. This is a major version update that may introduce breaking changes or new features, which should be thoroughly tested.
  2. components/yarn.lock: This file has been updated to reflect the change in the datatables.net dependency version from 1.13.4 to 2.1.8. The yarn.lock file is used to ensure consistent dependency versions across different environments, so the changes in this file should also be reviewed to ensure that all other dependencies are also updated to their latest compatible versions.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

:green_circle: Risk threshold not exceeded.

View PR in the DryRun Dashboard.

dryrunsecurity[bot] avatar Oct 04 '24 12:10 dryrunsecurity[bot]

Superseded by #11523.

dependabot[bot] avatar Jan 07 '25 12:01 dependabot[bot]