Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade next from 14.2.23 to 14.2.25 #9672

Merged
merged 2 commits into from
Mar 23, 2025
Merged

[Snyk] Security upgrade next from 14.2.23 to 14.2.25 #9672

merged 2 commits into from
Mar 23, 2025
+63 −63

Conversation

ntindle
Copy link
Member

@ntindle ntindle commented Mar 22, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • autogpt_platform/frontend/package.json
  • autogpt_platform/frontend/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Improper Authorization
SNYK-JS-NEXT-9508709		   751  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authorization

@snyk-bot
fix: autogpt_platform/frontend/package.json & autogpt_platform/fronte…

Verified

This commit was signed with the committer’s verified signature.
snyk-bot Snyk bot
GPG key ID: 78AC5AE55A47A65B
Verified
Learn about vigilant mode
Loading
Loading status checks…
b4a8f63 
…nd/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
@ntindle ntindle requested a review from a team as a code owner March 22, 2025 08:59
@ntindle ntindle requested review from Bentlybro and majdyz and removed request for a team March 22, 2025 08:59
@supabase Supabase
Copy link

supabase bot commented Mar 22, 2025

This pull request has been ignored for the connected project bgwpwdsxblryihinutbx because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.

Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@github-actions github-actions bot added platform/frontend AutoGPT Platform - Front end platform/backend AutoGPT Platform - Back end labels Mar 22, 2025
@github-actions GitHub Actions
Copy link
Contributor

This PR targets the master branch but does not come from dev or a hotfix/* branch.

Automatically setting the base branch to dev.

@github-actions github-actions bot changed the base branch from master to dev March 22, 2025 08:59
@deepsource-io deepsource.io
Copy link

deepsource-io bot commented Mar 22, 2025
edited
Loading

Here's the code health analysis summary for commits f01b318..932c5c7. View details on DeepSource ↗.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource JavaScript LogoJavaScript✅ SuccessView Check ↗
DeepSource Python LogoPython✅ SuccessView Check ↗
💡 If you’re a repository administrator, you can configure the quality gates from the settings.

@netlify Netlify
Copy link

netlify bot commented Mar 22, 2025
edited
Loading

Deploy Preview for auto-gpt-docs canceled.

Name Link
🔨 Latest commit 932c5c7
🔍 Latest deploy log https://app.netlify.com/sites/auto-gpt-docs/deploys/67df27dac5b0810008228406

@ntindle
Merge branch 'dev' into snyk-fix-98fbf041f529025c6d6013ea4c12545d

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
932c5c7
@netlify Netlify
Copy link

netlify bot commented Mar 22, 2025
edited
Loading

Deploy Preview for auto-gpt-docs-dev canceled.

Name Link
🔨 Latest commit 932c5c7
🔍 Latest deploy log https://app.netlify.com/sites/auto-gpt-docs-dev/deploys/67df27da8fab670008923dfb

@ntindle ntindle enabled auto-merge March 23, 2025 23:08
@ntindle ntindle added this pull request to the merge queue Mar 23, 2025
Merged via the queue into dev with commit a537fd0 Mar 23, 2025
25 checks passed
@ntindle ntindle deleted the snyk-fix-98fbf041f529025c6d6013ea4c12545d branch March 23, 2025 23:48
@Pwuts Pwuts mentioned this pull request Mar 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcze kcze

@Bentlybro Bentlybro

@majdyz majdyz

Assignees
No one assigned
Labels
platform/backend AutoGPT Platform - Back end platform/frontend AutoGPT Platform - Front end size/l
Projects
AutoGPT development kanban
Status: Done
Frontend
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ntindle @kcze @snyk-bot