audit-check
audit-check copied to clipboard
actions-rs
🛡️ GitHub Action for security audits
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 13.13.5 to 16.4.9. Commits See full diff in compare view [](https://dependabot.com/compatibility-score/?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=13.13.5&new-version=16.4.9) Dependabot will resolve any conflicts with this PR as long as you don't alter...
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot] avatar"){kind=avatar}
Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 25.5.0 to 27.0.4. Changelog Sourced from ts-jest's changelog. 27.0.4 (2021-07-21) Bug Fixes add @types/jest as optional peerDependencies to solve yarn 2 (#2756) (5fbf43e) add babel-jest as optional...
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.0 to 5.1.2. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular expression denial of service This affects the package...
Bumps [ws](https://github.com/websockets/ws) from 7.2.5 to 7.5.1. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. ReDoS in Sec-Websocket-Protocol header Impact A specially crafted value of...
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. ReDoS in normalize-url The normalize-url package before 4.5.1, 5.x before...
_Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then._ Dependabot has...
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 2.1.1 to 5.0.0. Changelog Sourced from @actions/github's changelog. 5.0.0 Update @actions/github to include latest octokit definitions Add urls to context 4.0.0 Add execution state information to context...
## Motivation cargo-audit has some useful options, and it would be nice to be able to use them via audit-check. For example: * `--deny-warnings`: Fail if a warning exists --...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service in hosted-git-info The npm...
## Description I have a repo where I've checked in Cargo.lock, since it's producing a binary which I'm shipping. I've just started getting audit violations in CI for this that...
