Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security updates RC.2 #13136

Merged
merged 18 commits into from May 20, 2024
Merged

Security updates RC.2 #13136

merged 18 commits into from May 20, 2024

Conversation

nachocodoner
Copy link
Member

OSS-415

As part of the initiative to mantain Meteor secure, we will resolve few security alerts performed by dependabot scanning on each release.

dependabot bot added 6 commits May 9, 2024 14:38
@dependabot
Bump @babel/traverse
0941b3d 
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.13.17 to 7.24.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.5/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump @babel/traverse from 7.17.0 to 7.23.2 in /npm-packages/meteor-babel
7d3810b 
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.17.0 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump minimist in /tools/tests/apps/ecmascript-regression
c15ddcd 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8.
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/git-commit-hash
847f94a 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8.
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump minimist from 1.2.0 to 1.2.8 in /tools/tests/apps/modules
576ec91 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.0 to 1.2.8.
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.0...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/app-config
e485e60 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8.
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@nachocodoner nachocodoner mentioned this pull request May 9, 2024
Closed
@nachocodoner
Merge pull request #13130 from meteor/dependabot/npm_and_yarn/npm-pac…
caf2b4d 
…kages/meteor-babel/babel/traverse-7.23.2

Bump @babel/traverse from 7.17.0 to 7.23.2 in /npm-packages/meteor-babel
@nachocodoner
Merge pull request #13132 from meteor/dependabot/npm_and_yarn/tools/t…
ab1cc00 
…ests/apps/ecmascript-regression/minimist-1.2.8

Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/ecmascript-regression
@nachocodoner
Merge pull request #13133 from meteor/dependabot/npm_and_yarn/tools/t…
610b294 
…ests/apps/git-commit-hash/minimist-1.2.8

Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/git-commit-hash
@nachocodoner
Merge pull request #13134 from meteor/dependabot/npm_and_yarn/tools/t…
97533ed 
…ests/apps/modules/minimist-1.2.8

Bump minimist from 1.2.0 to 1.2.8 in /tools/tests/apps/modules
@nachocodoner
Merge pull request #13135 from meteor/dependabot/npm_and_yarn/tools/t…
62195ad 
…ests/apps/app-config/minimist-1.2.8

Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/app-config
@StorytellerCZ StorytellerCZ added this to the Release 3.0 milestone May 11, 2024
dependabot bot and others added 6 commits May 13, 2024 13:24
@dependabot
Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/git-commit-hash
c142891 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8.
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/app-config
cbc70ff 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8.
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump minimist in /tools/tests/apps/ecmascript-regression
513ae8c 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8.
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@nachocodoner
Merge pull request #13138 from meteor/dependabot/npm_and_yarn/tools/t…
b202381 
…ests/apps/git-commit-hash/minimist-1.2.8

Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/git-commit-hash
@nachocodoner
Merge pull request #13141 from meteor/dependabot/npm_and_yarn/tools/t…
c82c3a5 
…ests/apps/ecmascript-regression/minimist-1.2.8

Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/ecmascript-regression
@nachocodoner
Merge pull request #13140 from meteor/dependabot/npm_and_yarn/tools/t…
1d2e780 
…ests/apps/app-config/minimist-1.2.8

Bump minimist from 1.2.5 to 1.2.8 in /tools/tests/apps/app-config
@denihs denihs changed the base branch from devel to release-2.16 May 14, 2024 14:02
@denihs denihs changed the base branch from release-2.16 to devel May 14, 2024 14:04
@nachocodoner nachocodoner marked this pull request as ready for review May 20, 2024 17:37
@nachocodoner nachocodoner merged commit f3ae3a2 into devel May 20, 2024
6 of 7 checks passed
@nachocodoner nachocodoner deleted the 415-security-updates-rc.2 branch May 20, 2024 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henriquealbert henriquealbert henriquealbert approved these changes

Assignees
No one assigned
Labels
Project:NPM Project:Tool
Projects
None yet
Milestone
Release 3.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nachocodoner @henriquealbert @StorytellerCZ