[Snyk] Security upgrade @release-it/conventional-changelog from 9.0.4 to 10.0.2#879
[Snyk] Security upgrade @release-it/conventional-changelog from 9.0.4 to 10.0.2#879lposen wants to merge 1 commit into
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803084 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803082 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803086 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15807042 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15807040 - https://snyk.io/vuln/SNYK-JS-CONVENTIONALCHANGELOGGITCLIENT-13004533 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15789775 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15813031 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15813000
|
This major version upgrade from 9.x to 10.x aligns with breaking changes in the core Breaking Changes:
Recommendation: Before upgrading, review your Source: release-it CHANGELOG
|
|
Qlty doesn't post analysis or coverage comments for contributors without a seat. An authorized user can grant @lposen a seat from this pull request's page in Qlty. |
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s Yarn dependencies to remediate Snyk-reported vulnerabilities by upgrading @release-it/conventional-changelog and refreshing the lockfile resolution.
Changes:
- Bump
@release-it/conventional-changelogfrom^9.0.4to^10.0.2inpackage.json. - Regenerate
yarn.lock, updating@release-it/conventional-changelogand its transitive dependency tree.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Upgrades @release-it/conventional-changelog to the requested major version to address vulnerabilities. |
| yarn.lock | Updates resolved versions and transitive dependencies resulting from the dependency upgrade. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@react-navigation/native": "^7.1.14", | ||
| "@release-it/conventional-changelog": "^9.0.4", | ||
| "@release-it/conventional-changelog": "^10.0.2", | ||
| "@testing-library/jest-native": "^5.4.3", |
Snyk has created this PR to fix 9 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
package.jsonyarn.lockNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-HANDLEBARS-15803084
SNYK-JS-HANDLEBARS-15803082
SNYK-JS-HANDLEBARS-15803086
SNYK-JS-HANDLEBARS-15807042
SNYK-JS-HANDLEBARS-15807040
SNYK-JS-CONVENTIONALCHANGELOGGITCLIENT-13004533
SNYK-JS-HANDLEBARS-15789775
SNYK-JS-HANDLEBARS-15813031
SNYK-JS-HANDLEBARS-15813000
Breaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Time-of-check Time-of-use (TOCTOU) Race Condition