Skip to content

build: [Snyk] Security upgrade @hashgraph/sdk from 2.59.0 to 2.60.1 #3535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 18, 2025
Merged

build: [Snyk] Security upgrade @hashgraph/sdk from 2.59.0 to 2.60.1 #3535

merged 1 commit into from
Mar 18, 2025

Conversation

swirlds-automation
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • dapp-example/package.json
  • dapp-example/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9292519		   703  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 8, 2025
edited
Loading

Test Results

 19 files  ±0  257 suites   - 17   38m 32s ⏱️ +48s
618 tests ±0  613 ✅ + 2  4 💤 ±0  1 ❌  - 2 
672 runs  +2  667 ✅ + 4  4 💤 ±0  1 ❌  - 2 

For more details on these failures, see this check.

Results for commit 3f6b2a5. ± Comparison against base commit 2c76fc1.

♻️ This comment has been updated with latest results.

@quiet-node quiet-node added the dependencies Pull requests that update a dependency file label Mar 12, 2025
@quiet-node quiet-node added this to the 0.68.0 milestone Mar 12, 2025
@quiet-node quiet-node changed the title [Snyk] Security upgrade @hashgraph/sdk from 2.59.0 to 2.60.1 build: [Snyk] Security upgrade @hashgraph/sdk from 2.59.0 to 2.60.1 Mar 12, 2025
@snyk-bot @quiet-node
fix: dapp-example/package.json & dapp-example/package-lock.json to re…
3f6b2a5 
…duce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-9292519

Signed-off-by: Logan Nguyen <[email protected]>
@quiet-node quiet-node force-pushed the snyk-fix-dee33c4e9f2946254126b8280fc1f356 branch from 934a67b to 3f6b2a5 Compare March 12, 2025 20:34
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@quiet-node quiet-node merged commit e6f470f into main Mar 18, 2025
46 of 47 checks passed
@quiet-node quiet-node deleted the snyk-fix-dee33c4e9f2946254126b8280fc1f356 branch March 18, 2025 22:03
@codecov Codecov
Copy link

codecov bot commented Mar 18, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.62%. Comparing base (deeede2) to head (3f6b2a5).
Report is 9 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3535      +/-   ##
==========================================
- Coverage   85.69%   85.62%   -0.08%     
==========================================
  Files          75       75              
  Lines        4811     4815       +4     
  Branches      992      992              
==========================================
  Hits         4123     4123              
- Misses        402      405       +3     
- Partials      286      287       +1
Flag Coverage Δ
config-service 95.16% <ø> (ø)
relay 79.29% <ø> (ø)
server 85.15% <ø> (+0.08%) ⬆️
ws-server 36.31% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 5 files with indirect coverage changes

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@acuarica acuarica modified the milestones: 0.68.0, 0.67.0 Apr 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@natanasow natanasow natanasow approved these changes

@quiet-node quiet-node quiet-node approved these changes

@georgi-l95 georgi-l95 Awaiting requested review from georgi-l95

@Ivo-Yankov Ivo-Yankov Awaiting requested review from Ivo-Yankov

@gkozyryatskyy gkozyryatskyy Awaiting requested review from gkozyryatskyy gkozyryatskyy was automatically assigned from hashgraph/hedera-smart-contracts

Assignees

@swirlds-automation swirlds-automation

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
0.67.0
Development

Successfully merging this pull request may close these issues.
5 participants
@swirlds-automation @natanasow @quiet-node @acuarica @snyk-bot