website
website copied to clipboard
Published
20 hours ago •
electron
electron
[UNSAFE] build: update yarn.lock to fix audit output
We ran uuaw --audit and it resulted in a clean yarn audit.
Attempting to fix advisory: GHSA-wf5p-g6vw-rhxx - Axios Cross-Site Request Forgery Vulnerability
Scanning dependency chain:
@docusaurus/preset-classic --> @docusaurus/theme-classic --> @docusaurus/theme-common --> @docusaurus/plugin-content-blog --> @docusaurus/core --> wait-on --> axios
[1/8] Trying from: axios@^0.25.0
Resolving: axios@^0.25.0 --> 0.25.0
[1/8] Chain results in vulnerable version: [email protected]
[2/8] Trying from: wait-on@^6.0.1
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[2/8] Chain results in vulnerable version: [email protected]
[3/8] Trying from: @docusaurus/[email protected]
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[3/8] Chain results in vulnerable version: [email protected]
[4/8] Trying from: @docusaurus/[email protected]
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[4/8] Chain results in vulnerable version: [email protected]
[5/8] Trying from: @docusaurus/[email protected]
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[5/8] Chain results in vulnerable version: [email protected]
[6/8] Trying from: @docusaurus/[email protected]
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[6/8] Chain results in vulnerable version: [email protected]
[7/8] Trying from: @docusaurus/preset-classic@^2.4.3
Resolving: @docusaurus/preset-classic@^2.4.3 --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[7/8] Chain results in vulnerable version: [email protected]
[8/8] [UNSAFE] Trying from: @docusaurus/preset-classic@^3.0.0
Resolving: @docusaurus/preset-classic@^3.0.0 --> 3.1.0
Resolving: @docusaurus/[email protected] --> 3.1.0
Resolving: @docusaurus/[email protected] --> 3.1.0
Resolving: @docusaurus/[email protected] --> 3.1.0
Resolving: @docusaurus/[email protected] --> 3.1.0
[8/8] [UNSAFE] Updating chain to latest starting at: @docusaurus/preset-classic@^3.0.0 results in cutting the known chain
[8/8] [UNSAFE] Running yarn install now
Attempting to fix advisory: GHSA-wf5p-g6vw-rhxx - Axios Cross-Site Request Forgery Vulnerability
Scanning dependency chain:
@docusaurus/plugin-google-analytics --> @docusaurus/core --> wait-on --> axios
[1/5] Trying from: axios@^0.25.0
Resolving: axios@^0.25.0 --> 0.25.0
[1/5] Chain results in vulnerable version: [email protected]
[2/5] Trying from: wait-on@^6.0.1
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[2/5] Chain results in vulnerable version: [email protected]
[3/5] Trying from: @docusaurus/[email protected]
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[3/5] Chain results in vulnerable version: [email protected]
[4/5] Trying from: @docusaurus/plugin-google-analytics@^2.4.3
Resolving: @docusaurus/plugin-google-analytics@^2.4.3 --> 2.4.3
Resolving: @docusaurus/[email protected] --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[4/5] Chain results in vulnerable version: [email protected]
[5/5] [UNSAFE] Trying from: @docusaurus/plugin-google-analytics@^3.0.0
Resolving: @docusaurus/plugin-google-analytics@^3.0.0 --> 3.1.0
Resolving: @docusaurus/[email protected] --> 3.1.0
[5/5] [UNSAFE] Updating chain to latest starting at: @docusaurus/plugin-google-analytics@^3.0.0 results in cutting the known chain
[5/5] [UNSAFE] Running yarn install now
Attempting to fix advisory: GHSA-wf5p-g6vw-rhxx - Axios Cross-Site Request Forgery Vulnerability
Scanning dependency chain:
@docusaurus/core --> wait-on --> axios
[1/4] Trying from: axios@^0.25.0
Resolving: axios@^0.25.0 --> 0.25.0
[1/4] Chain results in vulnerable version: [email protected]
[2/4] Trying from: wait-on@^6.0.1
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[2/4] Chain results in vulnerable version: [email protected]
[3/4] Trying from: @docusaurus/core@^2.4.3
Resolving: @docusaurus/core@^2.4.3 --> 2.4.3
Resolving: wait-on@^6.0.1 --> 6.0.1
Resolving: axios@^0.25.0 --> 0.25.0
[3/4] Chain results in vulnerable version: [email protected]
[4/4] [UNSAFE] Trying from: @docusaurus/core@^3.0.0
Resolving: @docusaurus/core@^3.0.0 --> 3.1.0
[4/4] [UNSAFE] Updating chain to latest starting at: @docusaurus/core@^3.0.0 results in cutting the known chain
[4/4] [UNSAFE] Running yarn install now
Audit is clean, looking good cap'n
![up-up-and-away[bot] avatar](https://avatars.githubusercontent.com/in/656527?v=4 "Published by a pub.dev verified publisher"){kind=small}