[Snyk] Security upgrade aegir from 37.12.1 to 38.1.6 #23
Conversation
Upgrades all deps to support `libp2p@0.40.x`. BREAKING CHANGE: ipfs is now bundled with libp2p@0.40.x which has different config
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Add guides for the last few releases.
Improve docs around upgrading ts projects to use esm.
If we specify the return type of the `getIt` util, tsc will know what type `this` is in the test context so we can remove the error overrides.
) `multiformats@11.x.x` shipped with a [breaking change](multiformats/js-multiformats#230) so update all deps using multiformats to the latest version.
Lerna is required for monorepo prereleases
Updates to latest version with new multiformats dependency
Use the new `release-rc` command in aegir to publish release candidates instead of lerna.
Recent node versions ship with a global fetch which requires the duplex option to be set when sending readable streams as the request body so ensure we have the latest ipfs-utils that sets that option.
Updates to version with latest multiformats dep
Use the default gossipsub behaviour of not allowing publishing message to zero peers. If a user publishes a message they may be surprised to find it's not been recieved by anyone, so instead an error should be thrown when there are no peers that will receive a message.
If you write to an MFS directory with `rawLeaves: true`, it'll error out when doing a read saying `Error: /example-0/example.txt was not a file`. This accounts for that case by handling the `raw` type the same as a file. Co-authored-by: Mauve Signweaver <RangerMauve@mauve.moe> Co-authored-by: Alex Potsides <alex@achingbrain.net>
Update to release version of libp2p
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Update deps to use latest multiformats
Update readme badges and align dep versions
Build file is `test.yml` not `js-test-and-release.yml`
Removes out of date link
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Socket Security Pull Request ReportDependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again. 📜 Install scriptsInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with
Powered by socket.dev |
adamlaska
force-pushed
the
snyk-fix-cf2e089a63d3684928e328e5a34429fd
branch
from
bd03093
to
b64d4af
Compare
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 7.5
SNYK-JS-GHPAGES-3042993
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: aegir
The new version differs by 24 commits.See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution