[Snyk] Fix for 8 vulnerabilities (#132) #2494
Open
Dargon789 wants to merge 13 commits into
Open
Conversation
…updates (#71) Bumps the npm_and_yarn group with 2 updates in the / directory: [esbuild](https://github.com/evanw/esbuild) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /account-kit/plugingen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /doc-gen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /examples/ui-demo directory: [next](https://github.com/vercel/next.js). Updates `esbuild` from 0.20.2 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* Create config.yml (#54) Add a basic CircleCI configuration to define a 'say-hello' job and workflow CI: Add .circleci/config.yml with CircleCI version 2.1 configuration Define a 'say-hello' job using the cimg/base Docker image that checks out code and echoes a greeting Create a workflow 'say-hello-workflow' to run the 'say-hello' job Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 13: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-15105315
* chore: remove arb nova (alchemyplatform#2464) * chore(release): publish v4.87.2 [skip-ci] * feat(v4): track key exports for migration visibility (alchemyplatform#2466) * Track key exports via /v1/track-key-export endpoint for observability * Use empty response type for track-key-export endpoint Success is implied by 200 status, matching existing patterns. * chore: update docs gen --------- * chore(release): publish v4.88.0 [skip-ci] * chore: bump next.js, minimatch, and lerna (alchemyplatform#2467) * fix: upgrade Next.js 14 → 15.5.15 to resolve high-severity DoS vulnerability (Dependabot alchemyplatform#361, alchemyplatform#362, alchemyplatform#363) * fix: bump minimatch to patched versions and upgrade lerna to v9 Upgrades lerna from v8 to v9 which brings in nx 22.x, eliminating pinned vulnerable minimatch versions. All transitive minimatch dependencies now resolve to patched releases. * chore: fmt --------- * chore(release): publish v4.88.1 [skip-ci] * docs: update v5 SDK reference docs for 5.0.0-beta.25 (alchemyplatform#2475) * docs: update v5 SDK reference docs for 5.0.0-beta.26 (alchemyplatform#2482) * fix: disallow more permission builder selectors (alchemyplatform#2485) Port v5 selector restrictions to v4 — block installValidation, uninstallValidation, installExecution, uninstallExecution, and upgradeToAndCall from being added to session key allowlists. Refactors individual checks into shared assertion helpers with case-insensitive matching. * chore(release): publish v4.88.2 [skip-ci] * docs: update v5 SDK reference docs for 5.0.0-beta.27 (alchemyplatform#2489) --------- Co-authored-by: jakehobbs <jacob.hobbs@alchemy.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Alchemy Bot <alchemy-bot@alchemy.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: gha-aa-sdk[bot] <269827238+gha-aa-sdk[bot]@users.noreply.github.com>
* fix: account-kit/rn-signer/example/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-15789759 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-15309438 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-15353389 - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-15789761 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-QS-15268416 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 * Update account-kit/rn-signer/example/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
CI: Delete the obsolete .circleci/config.yml to fully drop CircleCI workflow configuration from the project. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Dargon789
requested review from
0xfourzerofour,
Richard-Dang,
SahilAujla,
avarobinson,
blakecduncan,
clinder777,
dancoombs,
florrdv,
jakehobbs,
niveda-krish,
pavelm and
thebrianchen
as code owners
* build(deps): bump the npm_and_yarn group across 4 directories with 2 updates Bumps the npm_and_yarn group with 2 updates in the / directory: [esbuild](https://github.com/evanw/esbuild) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /account-kit/plugingen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /doc-gen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /examples/ui-demo directory: [next](https://github.com/vercel/next.js). Updates `esbuild` from 0.20.2 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Delete .circleci directory (#154) CI: Delete the .circleci/config.yml file to fully drop CircleCI workflow configuration. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* build(deps): bump the npm_and_yarn group across 4 directories with 2 updates Bumps the npm_and_yarn group with 2 updates in the / directory: [esbuild](https://github.com/evanw/esbuild) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /account-kit/plugingen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /doc-gen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /examples/ui-demo directory: [next](https://github.com/vercel/next.js). Updates `esbuild` from 0.20.2 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Delete .circleci directory (#152) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* build(deps): bump the npm_and_yarn group across 4 directories with 2 updates Bumps the npm_and_yarn group with 2 updates in the / directory: [esbuild](https://github.com/evanw/esbuild) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /account-kit/plugingen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /doc-gen directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 1 update in the /examples/ui-demo directory: [next](https://github.com/vercel/next.js). Updates `esbuild` from 0.20.2 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `esbuild` from 0.20.2 to 0.25.5 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.20.2...v0.25.0) Updates `next` from 14.2.29 to 14.2.30 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.29...v14.2.30) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.30 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * docs: remove outdated naming guidance (alchemyplatform#1747) * feat: update the max token amount (alchemyplatform#1745) * feat(middleware): add signed permit to uo context for use in middleware * chore(release): publish v4.48.0 [skip-ci] * Create SECURITY.md Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 10: Insecure randomness Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create config.yml (#38) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * build(deps): bump esbuild in the npm_and_yarn group across 1 directory (#41) Bumps the npm_and_yarn group with 1 update in the / directory: [esbuild](https://github.com/evanw/esbuild). Updates `esbuild` from 0.25.5 to 0.25.6 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.5...v0.25.6) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.6 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: account-kit/rn-signer/example/Gemfile to reduce vulnerabilities (#44) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-12878608 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * build(deps): bump rexml (#43) Bumps the bundler group with 1 update in the /account-kit/rn-signer/example directory: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.3.9 to 3.4.2 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.3.9...v3.4.2) --- updated-dependencies: - dependency-name: rexml dependency-version: 3.4.2 dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump the npm_and_yarn group across 2 directories with 4 updates (#42) Bumps the npm_and_yarn group with 4 updates in the / directory: [esbuild](https://github.com/evanw/esbuild), [next](https://github.com/vercel/next.js), [sha.js](https://github.com/crypto-browserify/sha.js) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /examples/ui-demo directory: [next](https://github.com/vercel/next.js). Updates `esbuild` from 0.25.6 to 0.25.7 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.6...v0.25.7) Updates `next` from 14.2.30 to 14.2.32 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.30...v14.2.32) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `vite` from 5.4.19 to 5.4.20 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.20/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.20/packages/vite) Updates `next` from 14.2.30 to 14.2.32 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.30...v14.2.32) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.32 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.20 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.32 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump rexml (#45) Bumps the bundler group with 1 update in the /examples/react-native-bare-example directory: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.4.1 to 3.4.2 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.4.1...v3.4.2) --- updated-dependencies: - dependency-name: rexml dependency-version: 3.4.2 dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump the npm_and_yarn group across 1 directory with 2 updates (#46) Bumps the npm_and_yarn group with 2 updates in the / directory: [axios](https://github.com/axios/axios) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `axios` from 1.9.0 to 1.12.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.9.0...v1.12.2) Updates `vite` from 5.4.20 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) --- updated-dependencies: - dependency-name: axios dependency-version: 1.12.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 11: Clear text storage of sensitive information (#48) * Potential fix for code scanning alert no. 11: Clear text storage of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 15: Use of password hash with insufficient computational effort Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 16: Use of password hash with insufficient computational effort Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update account-kit/signer/src/session/manager.ts Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update account-kit/signer/src/session/manager.ts Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * build(deps-dev): bump the npm_and_yarn group across 4 directories with 1 update Bumps the npm_and_yarn group with 1 update in the / directory: [@react-native-community/cli](https://github.com/react-native-community/cli/tree/HEAD/packages/cli). Bumps the npm_and_yarn group with 1 update in the /account-kit/rn-signer directory: [@react-native-community/cli](https://github.com/react-native-community/cli/tree/HEAD/packages/cli). Bumps the npm_and_yarn group with 1 update in the /account-kit/rn-signer/example directory: [@react-native-community/cli](https://github.com/react-native-community/cli/tree/HEAD/packages/cli). Bumps the npm_and_yarn group with 1 update in the /examples/react-native-bare-example directory: [@react-native-community/cli](https://github.com/react-native-community/cli/tree/HEAD/packages/cli). Updates `@react-native-community/cli` from 15.0.1 to 20.0.0 - [Release notes](https://github.com/react-native-community/cli/releases) - [Changelog](https://github.com/react-native-community/cli/blob/main/packages/cli/CHANGELOG.md) - [Commits](https://github.com/react-native-community/cli/commits/v20.0.0/packages/cli) Updates `@react-native-community/cli` from 15.0.1 to 20.0.0 - [Release notes](https://github.com/react-native-community/cli/releases) - [Changelog](https://github.com/react-native-community/cli/blob/main/packages/cli/CHANGELOG.md) - [Commits](https://github.com/react-native-community/cli/commits/v20.0.0/packages/cli) Updates `@react-native-community/cli` from 15.0.1 to 20.0.0 - [Release notes](https://github.com/react-native-community/cli/releases) - [Changelog](https://github.com/react-native-community/cli/blob/main/packages/cli/CHANGELOG.md) - [Commits](https://github.com/react-native-community/cli/commits/v20.0.0/packages/cli) Updates `@react-native-community/cli` from 15.0.1 to 20.0.0 - [Release notes](https://github.com/react-native-community/cli/releases) - [Changelog](https://github.com/react-native-community/cli/blob/main/packages/cli/CHANGELOG.md) - [Commits](https://github.com/react-native-community/cli/commits/v20.0.0/packages/cli) --- updated-dependencies: - dependency-name: "@react-native-community/cli" dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@react-native-community/cli" dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@react-native-community/cli" dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@react-native-community/cli" dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Update config.yml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .circleci/config.yml Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * build(deps-dev): bump @react-native-community/cli Bumps the npm_and_yarn group with 1 update in the / directory: [@react-native-community/cli](https://github.com/react-native-community/cli/tree/HEAD/packages/cli). Updates `@react-native-community/cli` from 15.0.1 to 17.0.1 - [Release notes](https://github.com/react-native-community/cli/releases) - [Changelog](https://github.com/react-native-community/cli/blob/main/packages/cli/CHANGELOG.md) - [Commits](https://github.com/react-native-community/cli/commits/v17.0.1/packages/cli) --- updated-dependencies: - dependency-name: "@react-native-community/cli" dependency-version: 17.0.1 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * fix: examples/react-native-bare-example/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 * fix: examples/react-native-expo-example/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 * fix: account-kit/rn-signer/example/package.json to reduce vulnerabilities (#60) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EXPRESS-14157151 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: examples/ui-demo/package.json to reduce vulnerabilities (#61) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: account-kit/react/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PREACT-14897824 - https://snyk.io/vuln/SNYK-JS-REMIXRUNROUTER-14908530 - https://snyk.io/vuln/SNYK-JS-REMIXRUNROUTER-14908287 --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: noam-alchemy <76969113+noam-alchemy@users.noreply.github.com> Co-authored-by: Blake Duncan <blake.duncan@alchemy.com> Co-authored-by: Dan <dan.coombs@alchemy.com> Co-authored-by: Alchemy Bot <alchemy-bot@alchemy.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
yarn test)sitefolder, and guidelines for updating/adding docs can be found in the contribution guide)feat!: breaking change)yarn lint:check) and fix any issues? (yarn lint:write)PR-Codex overview
This PR introduces enhancements to documentation and CI/CD configuration by adding a security policy, updating a CircleCI configuration, and establishing a new GitHub Actions workflow for linting documentation.
Detailed summary
permissionssection to.github/workflows/on-pull-request.yml.SECURITY.mdwith supported versions and reporting guidelines.versionto2.1in.circleci/config.yml.say-hellojob in CircleCI to echo "Hello, World!".say-hello-workflowin CircleCI.