[Snyk] Security upgrade eslint from 8.26.0 to 9.0.0#2510
Open
ashleynolan wants to merge 1954 commits intomasterfrom
Open
[Snyk] Security upgrade eslint from 8.26.0 to 9.0.0#2510ashleynolan wants to merge 1954 commits intomasterfrom
ashleynolan wants to merge 1954 commits intomasterfrom
Conversation
* Fix storybook deploy * set concurrency for unit tests
* Fix storybook deploy * Update version
…2044) * Use gh-pages dependency to deploy storybook * Fix dep version * Update yarn.lock
* The initial files for the new f-mfa component as created by the yeoman generator * Fixed up lint issue in test * Used the term `sut` for the tests * Updated the documentation Co-authored-by: billy.oliver <billy.oliver@just-eat.com>
…ependencies (#2028) * f-account-info@1.1.0 (and others) - Move components to peerDependencies * Minor: Undo f-form update * f-account-info@1.2.0 - Add required attributes * f-registration@3.2.0 - Add required attributes * Minor: Update changelogs * f-registration@3.2.0 + f-account-info@1.2.0 - Disable HTML5 form validation Co-authored-by: Xander Marjoram <xander.marjoram@justeattakeaway.com>
… of the theme (#2049) * minor update to the `disappearingWhite` theme * Renamed "disappearingWhite" into "whiteSeamless" Co-authored-by: Anastasiya Tyshkavets <a.tyshkavets@just-eat.com>
* f-alert@v.6.1.0 (and other molecules) - Add Node 16 support * Remove lerna + fix storybook sass * Remove lerna dependency
#2051) * Add node 16 support to pages * Stop testing dependants * Update changelog
…isms (#2050) * Add node 16 support to organisms * Update changelog * Fix storybook * Remove console log
…vices (#2052) * Add node 16 support to services * Pull master + fix changelog
…ferences from component package.json + Update checkout max bundle size #globalconfig (#2054) * Update f-wdio-utils * Update date * Update f-checkout bundlewatch size * Fix changelog entry
…e dependencies (#2056) * Update to node 16 compatible dependencies * Update devDep for f-mega-modal in f-searchbox
…sted / analysed by Bundlewatch (#2057) * Ensure dependants are built / served / tested * Update storybook version * Add comments to turborepo commands
…ble deps (#2061) * Update f-account-info to have node 16 compatible deps * Update yarn.lock
…ES6 (#2060) * Fix generator and MFA tests * Update generator changelog * Update date on changelog
…le version of f-services #trival #globalconfig (#2062) * Update DSV team components to use Node 16 compatible deps * Update Changelog * Update bundlewatch maxSize * Refactor f-user-messge to use new f-services * Add changelog and version bump
…ompatible. (#2066) * Update f-takeawaypay-activation to node 16 compatible dependencies * Update yarn.lock
…le. (#2065) * Update f-restaurant-card to use node 16 compatible dependencies * Update yarn.lock * Update date in changelog
* Added the new mfa template and applied the required css as per the figma design + Add in GB translations + fixed-up/prepared unit tests * Extended wait time from 10 to 30 + wrapped content * Made some ccs tweak and inc. the correct icon * Updated deps * Update ver * Update CHANGELOG.md * f-mfa@0.3.0 - PR comments and match designs more closely * f-mfa@0.3.0 - Replace v-html with component interpolation * Minor: PR comment Co-authored-by: billy.oliver <billy.oliver@just-eat.com> Co-authored-by: Xander Marjoram <xander.marjoram@outlook.com>
…e with Node 16 (#2068) * Update more deps to be compatible with Node 16 * Import CSS from deps to fix broken CSS
* Added Api provider for call to AccountWeb (`PostChallenge()`) * Renamed the api provider Post method so it aligns with the endpoint name Co-authored-by: billy.oliver <billy.oliver@just-eat.com>
…#2064) * Update f-registration to use node 16 compatible dependencies * Update f-card peerDependency * Update yarn.lock * Add new generated icons * Update jest snapshots * Add linebreaks
…muddle up over versions (#2074) * f-content-cards@v8.0.0-alpha.1 (#1747) * Adding Image component to start the new Content cards sub components that will begin to make up the body of a card component * change to version number and changelog * fixing a style lint error on the image component * f-content-cards@v8.0.0-alpha.2 - Adding Content card Body component (#1771) * adding content card body and change to some file anmes * adding box shadow variable in * fixing style lint issues * fixing style lint issues * adding version number * changing index name * f-content-cards@v8.0.0 alpha.3 - Adding container element (#1783) * adding the content card container component * changes to version number * change to unit tests * f-content-cards@v8.0.0-alpha.4 - Adding Voucher code component (#1788) * adding in voucher code component and tests * voucher code component * change to class names * change to how classes were evaluated * changes to style names * f-content-cards@v8.0.0-alpha.5 - Promotion Card Two (#1796) * adding in the new promotion card and unit tests for it * changes to promotion card name * package json version number change * changes to make controls work * change card type in story file * f-content-cards@v8.0.0-alpha.6 - Adding in the new Voucher Card (#1801) * adding voucher card bits * adding new voucher card * storybook update * adding promotion card 1 (#1812) * f-content-cards@v8.0.0-alpha.8 - Exporting new cards & updating card body (#1826) * adding chnages to export new cards plus some minor layout changes and an update to the voucher card * increasing size for bundlewatch until we remove the old cards * updating to beta to pull into offers page (#1844) * f-content-cards@v8.0.0-beta.2 - removing unnecessary height value (#1871) * removing unnecessary height value * adding changelog * f-content-cards@v8.0.0-beta.4 - adding in min height on image with object cover (#1878) * f-content-cards@v8.0.0-alpha.5 - Promotion Card Two (#1796) * adding in the new promotion card and unit tests for it * changes to promotion card name * package json version number change * changes to make controls work * change card type in story file * style changes to account for different image sizes * yarn lock fix * changes to fix errors * Update new content cards to use correct fozzie import * Fix sass * Add f-button as a new dependency * fixing missing padding Co-authored-by: Ben Siggery <bensiggery28@gmail.com>
…bility (#2067) * Update components for node 16 compatibility * Update bundlewatch maxSize * Tag f-content-cards as beta and explicitly state version * Fix merge conflicts * Update changelog * Update changelog * Bundlewatch bump
* Bump decode-uri-component from 0.2.0 to 0.2.2 Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) --- updated-dependencies: - dependency-name: decode-uri-component dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump word-wrap from 1.2.3 to 1.2.5 Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.5. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump protobufjs from 6.11.3 to 6.11.4 Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 6.11.3 to 6.11.4. - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/protobufjs/protobuf.js/commits) --- updated-dependencies: - dependency-name: protobufjs dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump semver from 5.7.1 to 5.7.2 Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump vite from 2.9.13 to 2.9.16 Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 2.9.13 to 2.9.16. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v2.9.16/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v2.9.16/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/decode-uri-component-0.2.2' into dependabot-updates * fozzie-components@7.54.1 - Package updates * Add ua-parser-js resolution --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fozzie-components@7.54.2 - Various package updates * Try not upgrading so far * Use latest browserslist-db * Jest 26 * Update snapshot * fozzie@11.0.1 - Package bump * Update yarn.lock * Revert yarn.lock
* Update chromedriver and ignore engines * fix f-loyalty builds * update to chromedriver 118
* Changed - Added translations (which also enables) for corporate ordering links for ES & IT. * Minor - Reverted yarn.lock * Bumped version to minor rather than patch --------- Co-authored-by: Billy Oliver <billy.oliver@just-eat.com>
* Added Self-Exclusion Page * Fixes to option period * Added localizations and code consolidation * Added store and api files * Fixed store and api call * Fixed store and api call * Fixed selectedOption names * Self-exclusion refinement * Added Notifications * Fixed translations for GB and NZ * Mocked API * Updated component version * Build fixed * Setup unit tests * Add f-wdio-utils * Add components test * Added all tenants * Added show notification, removed Close Alert * Increment chromedriver version * Update chromedriver and ignore engines * fix f-loyalty builds * update to chromedriver 118 * Fix alias * Added test-id to the component * Changed test-id to the component * Changed text, added go back alert, privacy statement link * Update packages/components/pages/f-self-exclusion/CHANGELOG.md Co-authored-by: Ashley Watson-Nolan <ashley.watson-nolan@justeattakeaway.com> * Updated from comments * skip failing auto-generated tests * Updated error alert to display GET request error --------- Co-authored-by: Maxim Vasilev <maxim.vasilev@justeattakeaway.com> Co-authored-by: Panayot Tolev <panayot.tolev@justeattakeaway.com> Co-authored-by: Ben Siggery <bensiggery28@gmail.com> Co-authored-by: Ashley Watson-Nolan <ashley.watson-nolan@justeattakeaway.com>
…uctive size (#2373) * Changed f-button version and buttonSize values * Added changelog * Updated version * Added yarn.lock * f-self-exclusion@1.0.1 - Re-add yarn.lock --------- Co-authored-by: Xander Marjoram <xander.marjoram@justeattakeaway.com>
…#2374) * ### Changed - Added translations (which also enables) for 'Become a courier' links for AU & NZ. * minor - Adjusted date * Updated Chromedriver to v119.0.1 * Updated Chromedriver to v119.0.1 --------- Co-authored-by: Billy Oliver <billy.oliver@just-eat.com>
…duce vulnerabilities (#2338) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
…lnerabilities (#2339) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Ashley Watson-Nolan <ashley.watson-nolan@justeattakeaway.com>
…ties (#2340) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
…e vulnerabilities (#2396) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962463 - https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
* Prop changes * Version update * Removed console.log * fix(f-checkout): issue with jest transpiling axios * Changed prop authToken value for required to true * Updated prop table --------- Co-authored-by: Ben Siggery <bensiggery28@gmail.com>
…hen in error state #trivial (#2420) * Added f-spinner component to hide form before form is loaded * Updated version * Changed prop name and removed f-spinner * Removed unused import * Changed variable name and entry in changelog * Self Exclusion design changes * Changelog updated * Self Exclusion fine tunings --------- Co-authored-by: Panayot Tolev <panayot.tolev@justeattakeaway.com>
* Added navigation * Increment version --------- Co-authored-by: Panayot Tolev <panayot.tolev@justeattakeaway.com>
* f-checkout@4.12.0 - Add address alert * f-checkout@4.12.0 - Add new prop
Co-authored-by: jatin.gundabathula <jatin.gundabathula@justeattakeaway.com>
…arn v3.5.0 #globalconfig (#2370) * Update Supported Node engines (incl. v16 and v18) * Minor CHANGELOG update * Minor Volta update with Node 18 * Revert back Node 14 support * Fix build issues * Minor comment update * Minor comments corrected * Legacy open ssl provider for browser tests atoms * Fix Axios Unit test transforms Lockfile update * Changelog update * Volta pin Yarn latest * Fix vulnerabilities with Yeoman component generator * Changelog update * Component generator Version and Changelog update * Updating to use Yarn berry * Modified tests * updated package.json * removed interactive tools yarn * testing workflow change * updated workflow * resolved build errors * testing openssl for tests * removing node-sass * resolved failing tests * resolved braze tests * resolved build issue * small refactorings * updated snyk vulnerabilities * removed axios bump * investigating bundlewatch sizes * increased bundlewatch size * replaced bili with rollup * updated axios package in f-http * updated axios package in f-http * reverted axios change * small fix in package.json * updated package.json * updated yarn.lock --------- Co-authored-by: zlatin.ivanov <zlatin.ivanov@justeattakeaway.com> Co-authored-by: Ashley Watson-Nolan <nolly00@gmail.com> Co-authored-by: Lizzie Turney <49618712+LTurns@users.noreply.github.com> Co-authored-by: Lizzie Turney <lizzie.turney@justeattakeaway.com>
* Update: rating fixed point value * Update: fixed tests * Update: update review number * Update: improve tests
…ssues. #trivial (#2503)
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed
With an upgrade:
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 128, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5
SNYK-JS-INFLIGHT-6095116
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.