lighthouse-ci icon indicating copy to clipboard operation
lighthouse-ci copied to clipboard
verified publisher icon GoogleChrome

Update dependencies that have critical vulnerabilities

Open neilmispelaar opened this issue 1 year ago • 3 comments

Attempts to address the critical vulnerabilities that were identified by yarn audit --level critical

More information can be found here:

https://github.com/GoogleChrome/lighthouse-ci/issues/1058

This PR attempts to update the following dependencies

  • jest-image-snapshot: ^6.4.0
  • lerna: ^5.5.4
  • mysql2: ^3.10.2
  • pg-hstore: ^2.3.4

There is also a separate PR within the @patrickhulce/scripts package https://github.com/patrickhulce/hulk/pull/12 to address those outdated dependencies. It made more sense to try to address upstream as opposed to using a bunch of overrides.

Thanks for your consideration.

Happy to help with additional testing or other information. Just let me know.

neilmispelaar avatar Jul 12 '24 16:07 neilmispelaar

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Jul 12 '24 16:07 google-cla[bot]

https://github.com/patrickhulce/hulk/pull/12 has been merged so I think this one can be updated…

sdavids avatar Sep 19 '24 08:09 sdavids

Can you please sign the CLA?

connorjclark avatar Jun 02 '25 23:06 connorjclark