[Snyk] Security upgrade less from 3.9.0 to 3.12.0#187
Conversation
…duce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
![ellipsis-dev[bot]](https://avatars.githubusercontent.com/in/64358?s=60&v=4){kind=small}
There was a problem hiding this comment.
Important
Looks good to me! 👍
Reviewed everything up to 1dbd3dc in 22 seconds. Click for details.
- Reviewed
13lines of code in1files - Skipped
1files when reviewing. - Skipped posting
1draft comments. View those below. - Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. www/build_common/package.json:26
- Draft comment:
Ensure the new less version (3.12.0) is fully compatible: verify that existing less files and tooling (like less-loader) function correctly with this upgrade. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to verify compatibility and ensure that the change is tested, which violates the rules. It does not provide a specific code suggestion or ask for a specific test to be written. Therefore, it should be removed.
Workflow ID: wflow_J1ZcyPhkElsnxA6v
You can customize 
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
www/build_common/package.jsonwww/build_common/yarn.lockNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-QS-14724253
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling
Important
Upgrade
lessto 3.12.0 to fix a high severity security vulnerability.lessfrom 3.9.0 to 3.12.0 inpackage.jsonandyarn.lockto fix a security vulnerability.This description was created by
for 1dbd3dc. You can customize this summary. It will automatically update as commits are pushed.