forked from amzn/style-dictionary
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Fix for 2 vulnerable dependencies #1
Open
snyk-bot
wants to merge
1
commit into
master
Choose a base branch
from
snyk-fix-cv8vc0
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639
josephyi
pushed a commit
that referenced
this pull request
Oct 4, 2019
* improved error messages for registerTemplate * updated error message * Introduce option to control the generation of the "Do not edit" header (amzn#132) * stage #1 - formats.js * stage #2 - templates * reset changes to template + simplified changes to formats (now the “options” object is assigned to the “file” element) * fixed wrong parameter passed to fileHeader function * updated documentation * updates after PR comments * removing the confusing static-style-guide stuff (amzn#157) * Fixes amzn#72 * handle no command and invalid commands with friendly console output (amzn#156) * Add json5 support (amzn#165) * Removing unnecessary backticks (amzn#172) * Merge Jest Branch (amzn#169) * Jest testing (amzn#133) * moved all the existing tests to Jest * finalised Jest tests for “utils” removing assert dependency * finalised Jest tests for “register” removing assert dependency + moved tests under correct folder * finalised Jest tests for “transform” removing assert dependency + moved tests under correct folder + removed extra file * updated path for “service” files/folders * removed output folder * updated the paths to ignore in the Jest config in package.json * finalised Jest tests for “clean” removing assert dependency + other small changes * added “__output” to the list of folders ignored by Jest * some tunings + more tests * more tests cleanup * fixed test for exportPlatform * fixed last tests, and now all tests are green! * Added first snapshot tests! Yay! * added mock for dates to avoid failing snapshots tests * updated tests * first attempt to fix the UTC date problem on CI (reference: boblauer/MockDate#9) * second attempt to fix the UTC date problem on CI * removed the TZ=UTC env environment to test if is really needed * updated all the occurrences of new Date in the templates * restored linting before running the tests suite * code style fix * fixed wrong porting of the test for buildAllPlatforms * test(all): Fix for all tests to match the date and remove of mockdate (amzn#148) inspiration jestjs/jest#2234 * test(javascript/es6): Add test for es6 (amzn#149) * test: add registerTemplate (amzn#147) * add tests for transform object (amzn#151) * add tests for transform object * split up complex test in multiple smaller tests * Jest flatten props (amzn#163) * Adding tests for lib/utils/flattenProperties.js (amzn#146) * Adding tests for lib/utils/flattenProperties.js * update to use lodash sortby function * update to use lodash sortby function * Add babel-jest (amzn#173) * feat(json-nested): Add JSON nested transform (amzn#167) Added JSON nested transform, Added test for it and Documentation update re amzn#139 * Fix errors and improve error messaging (amzn#158) * updated error messaging. Fixes for issues with references. * adding in didoo's test from amzn#118 * cleanup of terminology * fixed resolveObject to correctly replace multiple references. modified testing suite to reflect new test. * updates per comments by didoo and dbanksdesign * case sensitive, oops. * case sensitive, oops. * minor updates based on PR feedback * merging with develop to ensure we stay synched * removing cli error handling and moving to module * removing per dannys comments * making constants for group errors per Dannys comments * switch to error grouping mindset and naming * switch to error grouping mindset and naming * per danny's comment * fix flush to execute across all groups if called with no group; remove flush on uncaught exceptions to prevent confusion * simplify, simplify, simplify * changed out error naming to message mindset, cleaned out console.log, fixed issues with simplified GroupMessages * sepearate circular reference tests into separate expects * avoid using string so we dont get it confused with String * Deprecating templates (amzn#152) * Displaying a warning when using templates in the config or registerTemplate * Moving built-in templates to formats * Porting over a stragler test (amzn#190) * 2.5.0
josephyi
pushed a commit
that referenced
this pull request
Oct 4, 2019
* improved error messages for registerTemplate * updated error message * Introduce option to control the generation of the "Do not edit" header (amzn#132) * stage #1 - formats.js * stage #2 - templates * reset changes to template + simplified changes to formats (now the “options” object is assigned to the “file” element) * fixed wrong parameter passed to fileHeader function * updated documentation * updates after PR comments * removing the confusing static-style-guide stuff (amzn#157) * Fixes amzn#72 * handle no command and invalid commands with friendly console output (amzn#156) * Add json5 support (amzn#165) * Removing unnecessary backticks (amzn#172) * Merge Jest Branch (amzn#169) * Jest testing (amzn#133) * moved all the existing tests to Jest * finalised Jest tests for “utils” removing assert dependency * finalised Jest tests for “register” removing assert dependency + moved tests under correct folder * finalised Jest tests for “transform” removing assert dependency + moved tests under correct folder + removed extra file * updated path for “service” files/folders * removed output folder * updated the paths to ignore in the Jest config in package.json * finalised Jest tests for “clean” removing assert dependency + other small changes * added “__output” to the list of folders ignored by Jest * some tunings + more tests * more tests cleanup * fixed test for exportPlatform * fixed last tests, and now all tests are green! * Added first snapshot tests! Yay! * added mock for dates to avoid failing snapshots tests * updated tests * first attempt to fix the UTC date problem on CI (reference: boblauer/MockDate#9) * second attempt to fix the UTC date problem on CI * removed the TZ=UTC env environment to test if is really needed * updated all the occurrences of new Date in the templates * restored linting before running the tests suite * code style fix * fixed wrong porting of the test for buildAllPlatforms * test(all): Fix for all tests to match the date and remove of mockdate (amzn#148) inspiration jestjs/jest#2234 * test(javascript/es6): Add test for es6 (amzn#149) * test: add registerTemplate (amzn#147) * add tests for transform object (amzn#151) * add tests for transform object * split up complex test in multiple smaller tests * Jest flatten props (amzn#163) * Adding tests for lib/utils/flattenProperties.js (amzn#146) * Adding tests for lib/utils/flattenProperties.js * update to use lodash sortby function * update to use lodash sortby function * Add babel-jest (amzn#173) * feat(json-nested): Add JSON nested transform (amzn#167) Added JSON nested transform, Added test for it and Documentation update re amzn#139 * Fix errors and improve error messaging (amzn#158) * updated error messaging. Fixes for issues with references. * adding in didoo's test from amzn#118 * cleanup of terminology * fixed resolveObject to correctly replace multiple references. modified testing suite to reflect new test. * updates per comments by didoo and dbanksdesign * case sensitive, oops. * case sensitive, oops. * minor updates based on PR feedback * merging with develop to ensure we stay synched * removing cli error handling and moving to module * removing per dannys comments * making constants for group errors per Dannys comments * switch to error grouping mindset and naming * switch to error grouping mindset and naming * per danny's comment * fix flush to execute across all groups if called with no group; remove flush on uncaught exceptions to prevent confusion * simplify, simplify, simplify * changed out error naming to message mindset, cleaned out console.log, fixed issues with simplified GroupMessages * sepearate circular reference tests into separate expects * avoid using string so we dont get it confused with String * Deprecating templates (amzn#152) * Displaying a warning when using templates in the config or registerTemplate * Moving built-in templates to formats * Porting over a stragler test (amzn#190) * 2.5.0 * Added 'json/flat' format (amzn#192) * Fix: amzn#195 (amzn#196) * updating contributing to reflect the package manager and testing suite correctly (amzn#197) * Add Sass maps formats (amzn#193) * added ‘sass/map-flat’ and ‘sass/map-deep’ formats + updated tests * fixed inconsistend newlines in templates for sass maps * improved recursive processJsonNode function * updated snapshots tests * removed unused function * Better examples (amzn#164) * changed folder structure * removed table in Readme of Basic example (not clear and probably also some cells were wrong) * small update for the Basic example to make it more clear how aliases are referenced * renamed the “npm” example to “npm module” * updated “npm” example to use the same config and properties as the “basic” example * removed license (no sense here) and updated package.json * updated the s3 example making it more similar to other examples and adding some more assets to be uploaded and linked/embedded in tokens * updated logo in main Readme in example folder * updated the Readme for the S3 example * tried to re-organise the “react” folder in two separate folders the web app doesn’t compile * removed spaces from “example” sub-folder * renamed “example” folder to “examples” * removed numbers from “examples” sub-folder names * removed space in sub-folder names * added advanced example on how to use a watcher to auto-rebuild see: amzn#171 * small update to Readme for “auto-rebuild-watcher” * added advanced example on how to have a multi-platform multi-brand suite * added advanced example on how to use custom templates * fixed “watch” npm script declaration * moved packages under “devDependencies” for “custom templates” package * added a comment in an example of the lodash templating syntax * remove invisible characters from Readme * added “clean” npm script call where missing in examples package.json * added .gitignore file where was missing in examples folder * updated the config file for the “npm module” example * added a comment to explain better how the “formatter” function works * updated the “init” command to expose only the possible/meaningful options + updated documentation for the “examples” page * added comment about collecting more examples * updated the Readme for the “examples” folder * updated “version.js” script as per Danny suggestion * added advanced example on how to use custom transforms * updated basic example to use “format” instead of “template” to avoid the alert in console * added advanced example about referencing/aliasing * updated example to show reference to an “object-like” value * removed the advanced examples for react and react native * added a “create react app” example (with Sass) * better config for S3 example * simplified the example for “S3” * re-introduced android + ios in S3 example * added a “assets-base64-embed” example * finalised the “assets-base64-embed” example * updated Readme for “npm” example + fixed the “prepublishOnly” script option (previous one was deprecated) * removed the “create-react-app-sass” example (I’ll add it later in a separate ticket) * updated the documentation * New cut at documentation PR using current develop branch (amzn#198) * New cut at documentation PR using current develop branch * Apply @didoo's suggestions from code review Co-Authored-By: chazzmoney <[email protected]> * updates based on didoo's thoughts * Updating the architecture documentation page (amzn#200) * updates per didoo and dbanks * typo * generation differences * minor fixes and updates * making sure sd init command documentation is correct, for now * updates for clarity around properties and references * fixing up another alias piece * Addressing some comments in architecture diagram (amzn#204) * Final touches on build diagram and architecture (amzn#206) * Final touches on build diagram and architecture * Updating build diagram * Updating build diagram * Configuration doc update * fixing snapshot whitespace issues, discovered actual failing test on merge... * Fixing merge conflict issues * v2.6.0 release (amzn#210)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes one or more vulnerable packages in the
npm
dependencies of this project.See the Snyk test report for more details.
Snyk Project: josephyi/style-dictionary:package.json
Snyk Organization: josephyi
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
You can read more about Snyk's upgrade and patch logic in Snyk's documentation.
Check the changes in this PR to ensure they won't cause issues with your project.
Stay secure,
The Snyk team
Note: You are seeing this because you or someone else with access to this repository has authorised Snyk to open Fix PRs. To review the settings for this Snyk project please go to the project settings page.