Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , , , , , , moment, , applicationinsights, ffc-messaging, govuk-frontend, joi, hapi-pino #98

Closed

Conversation

beclamide
Copy link

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@azure/identity
from 4.3.0 to 4.4.1 | 11 versions ahead of your current version | 2 months ago
on 2024-07-31
@azure/msal-node
from 2.9.2 to 2.13.1 | 9 versions ahead of your current version | 21 days ago
on 2024-08-29
@azure/storage-blob
from 12.13.0 to 12.24.0 | 114 versions ahead of your current version | 2 months ago
on 2024-07-23
@hapi/boom
from 9.1.1 to 9.1.4 | 3 versions ahead of your current version | 3 years ago
on 2021-08-20
@hapi/wreck
from 17.1.0 to 17.2.0 | 1 version ahead of your current version | 2 years ago
on 2022-03-25
@hapi/hapi
from 20.2.1 to 20.3.0 | 2 versions ahead of your current version | 2 years ago
on 2023-02-14
@hapi/inert
from 6.0.3 to 6.0.5 | 2 versions ahead of your current version | 3 years ago
on 2022-01-16
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 9 months ago
on 2023-12-27
@joi/date
from 2.1.0 to 2.1.1 | 1 version ahead of your current version | 5 months ago
on 2024-04-22
applicationinsights
from 2.5.1 to 2.9.6 | 13 versions ahead of your current version | a month ago
on 2024-08-15
ffc-messaging
from 2.10.0 to 2.10.1 | 2 versions ahead of your current version | 2 months ago
on 2024-07-30
govuk-frontend
from 4.7.0 to 4.8.0 | 1 version ahead of your current version | 7 months ago
on 2024-02-05
joi
from 17.4.0 to 17.13.3 | 32 versions ahead of your current version | 3 months ago
on 2024-06-19
hapi-pino
from 10.1.0 to 10.2.0 | 1 version ahead of your current version | 2 years ago
on 2022-08-26

Release notes
Package name: @azure/msal-node
  • 2.13.1 - 2024-08-29
  • 2.13.0 - 2024-08-13

    2.13.0

    Tue, 13 Aug 2024 23:25:05 GMT

    Minor changes

    • Added file-based detection for Azure Arc ([email protected])
    • Bump @ azure/msal-common to v14.14.1 (beachball)
    • Bump eslint-config-msal to v0.0.0 (beachball)

    Patches

  • 2.12.0 - 2024-07-23

    2.12.0

    Tue, 23 Jul 2024 14:19:34 GMT

    Minor changes

    • Track MSAL node SKU for broker flows #7213 ([email protected])
    • Bump @ azure/msal-common to v14.14.0 (beachball)
    • Bump eslint-config-msal to v0.0.0 (beachball)
  • 2.11.1 - 2024-07-16
  • 2.11.0 - 2024-07-12
  • 2.10.0 - 2024-07-01
  • 2.9.3-alpha.2 - 2024-06-25
  • 2.9.3-alpha.1 - 2024-06-19
  • 2.9.3-alpha.0 - 2024-06-19
  • 2.9.2 - 2024-06-10
from @azure/msal-node GitHub release notes
Package name: @hapi/boom
  • 9.1.4 - 2021-08-20

    9.1.4

  • 9.1.3 - 2021-07-02

    9.1.3

  • 9.1.2 - 2021-03-16

    9.1.2

  • 9.1.1 - 2020-12-16
    • Clean up typings comments (#278)
    • Allow custom properties on error payload property in typings (#279)
    • Make isBoom type definition laxer (#275)
    • Upgrade lab dependency to v24 and devDependency of typescript (#273)
from @hapi/boom GitHub release notes
Package name: @hapi/wreck from @hapi/wreck GitHub release notes
Package name: @hapi/hapi from @hapi/hapi GitHub release notes
Package name: @hapi/inert from @hapi/inert GitHub release notes
Package name: moment from moment GitHub release notes
Package name: @joi/date from @joi/date GitHub release notes
Package name: ffc-messaging
  • 2.10.1 - 2024-07-30

    Patch vuln in azure library (#32)

  • 2.10.1-alpha.1 - 2024-07-30
  • 2.10.0 - 2024-07-04

    Support Workload Identity (#31)

from ffc-messaging GitHub release notes
Package name: govuk-frontend
  • 4.8.0 - 2024-02-05

    This release includes the ability to update the crown logo. You must do this between 19 February and 1 March 2024.

    We’ll send reminders to our mailing list and cross-government Slack as soon as you can make this change.

    New features

    Update to the new GOV.UK logo (between 19 February and 1 March 2024)

    We’ve updated the GOV.UK logo to reflect the changing of the monarch. King Charles III uses the Tudor Crown, rather than the St Edward’s Crown chosen by Queen Elizabeth II.

    If your service uses GOV.UK branding, you must update your service to use the new crown.

    These changes were made in the following pull requests:

    Include the new logo assets

    Multiple new image assets are included in this release. You’ll need to copy these to your service's image assets folder if they are not being used directly from the Frontend package. By default this folder is located at /assets/images.

    If you’re using Nunjucks, the asset path may have been changed by the assetPath global variable or assetsPath parameter on the header component.

    Copy the following files from /dist/assets/images into your assets folder. Any images with the same name as an existing image can be safely overwritten.

    • favicon.ico
    • govuk-apple-touch-icon-152x152.png
    • govuk-apple-touch-icon-167x167.png
    • govuk-apple-touch-icon-180x180.png
    • govuk-apple-touch-icon.png
    • govuk-logotype-tudor-crown.png
    • govuk-mask-icon.svg
    • govuk-opengraph-image.png

    Update the logo in the header of your page

    If you are using the govukHeader Nunjucks macro in your service, add the useTudorCrown parameter to the macro instantiation.

    {{ govukHeader({
      ...
      useTudorCrown: true
    }) }}

    If you are not using the Nunjucks macro, locate the HTML for the existing crown and replace it with this updated HTML. Make sure the URL for the new PNG fallback image is correct.

    <!--[if gt IE 8]><!-->
    <svg
      aria-hidden="true"
      focusable="false"
      class="govuk-header__logotype-crown"
      xmlns="http://www.w3.org/2000/svg"
      viewBox="0 0 32 30"
      height="30"
      width="32"
    >
      <path
        fill="currentColor" fill-rule="evenodd"
        d="M22.6 10.4c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4m-5.9 6.7c-.9.4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4m10.8-3.7c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s0 2-1 2.4m3.3 4.8c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4M17 4.7l2.3 1.2V2.5l-2.3.7-.2-.2.9-3h-3.4l.9 3-.2.2c-.1.1-2.3-.7-2.3-.7v3.4L15 4.7c.1.1.1.2.2.2l-1.3 4c-.1.2-.1.4-.1.6 0 1.1.8 2 1.9 2.2h.7c1-.2 1.9-1.1 1.9-2.1 0-.2 0-.4-.1-.6l-1.3-4c-.1-.2 0-.2.1-.3m-7.6 5.7c.9.4 2-.1 2.4-1 .4-.9-.1-2-1-2.4-.9-.4-2 .1-2.4 1s0 2 1 2.4m-5 3c.9.4 2-.1 2.4-1 .4-.9-.1-2-1-2.4-.9-.4-2 .1-2.4 1s.1 2 1 2.4m-3.2 4.8c.9.4 2-.1 2.4-1 .4-.9-.1-2-1-2.4-.9-.4-2 .1-2.4 1s0 2 1 2.4m14.8 11c4.4 0 8.6.3 12.3.8 1.1-4.5 2.4-7 3.7-8.8l-2.5-.9c.2 1.3.3 1.9 0 2.7-.4-.4-.8-1.1-1.1-2.3l-1.2 4c.7-.5 1.3-.8 2-.9-1.1 2.5-2.6 3.1-3.5 3-1.1-.2-1.7-1.2-1.5-2.1.3-1.2 1.5-1.5 2.1-.1 1.1-2.3-.8-3-2-2.3 1.9-1.9 2.1-3.5.6-5.6-2.1 1.6-2.1 3.2-1.2 5.5-1.2-1.4-3.2-.6-2.5 1.6.9-1.4 2.1-.5 1.9.8-.2 1.1-1.7 2.1-3.5 1.9-2.7-.2-2.9-2.1-2.9-3.6.7-.1 1.9.5 2.9 1.9l.4-4.3c-1.1 1.1-2.1 1.4-3.2 1.4.4-1.2 2.1-3 2.1-3h-5.4s1.7 1.9 2.1 3c-1.1 0-2.1-.2-3.2-1.4l.4 4.3c1-1.4 2.2-2 2.9-1.9-.1 1.5-.2 3.4-2.9 3.6-1.9.2-3.4-.8-3.5-1.9-.2-1.3 1-2.2 1.9-.8.7-2.3-1.2-3-2.5-1.6.9-2.2.9-3.9-1.2-5.5-1.5 2-1.3 3.7.6 5.6-1.2-.7-3.1 0-2 2.3.6-1.4 1.8-1.1 2.1.1.2.9-.3 1.9-1.5 2.1-.9.2-2.4-.5-3.5-3 .6 0 1.2.3 2 .9l-1.2-4c-.3 1.1-.7 1.9-1.1 2.3-.3-.8-.2-1.4 0-2.7l-2.9.9C1.3 23 2.6 25.5 3.7 30c3.7-.5 7.9-.8 12.3-.8"></path>
    </svg>
    <!--<![endif]-->
    <!--[if IE 8]>
    <img src="/assets/images/govuk-logotype-tudor-crown.png" class="govuk-header__logotype-crown-fallback-image" width="32" height="30" alt="">
    <![endif]-->
  • 4.7.0 - 2023-07-06

    New features

    Added the Exit This Page component to help users quickly exit a page or service

    You can now choose to use the exit this page component to help users quickly leave a page or service which contains sensitive information.

    This was added in pull request #2545: Add exit this page component.

    Added inverse modifier for buttons on dark backgrounds

    You can now choose to use the govuk-button--inverse class to style buttons on dark backgrounds with a white background colour.

    This change was made in pull request #3556: Add inverse button styles.

    Added inverse modifier for breadcrumbs on dark backgrounds

    You can now choose to use the govuk-breadcrumbs--inverse class to style breadcrumbs on dark backgrounds with white text, links and arrows.

    This change was made in pull request #3774: Add inverse breadcrumb and back link modifiers and styles.

    Added inverse modifier for back links on dark backgrounds

    You can now choose to use the govuk-back-link--inverse class to style back links on dark backgrounds with white links and arrows.

    This change was made in pull request #3774: Add inverse breadcrumb and back link modifiers and styles.

    Fixes

    We’ve made fixes to GOV.UK Frontend in the following pull requests:

from govuk-frontend GitHub release notes
Package name: joi
  • 17.13.3 - 2024-06-19

    17.13.3

  • 17.13.2 - 2024-06-19

    17.13.2

  • 17.13.1 - 2024-05-02

    17.13.1

  • 17.13.0 - 2024-04-23

    17.13.0

  • 17.12.3 - 2024-04-03

    17.12.3

  • 17.12.2 - 2024-02-21

    17.12.2

  • 17.12.1 - 2024-01-29

    17.12.1

  • 17.12.0 - 2024-01-17

    17.12.0

  • 17.11.1 - 2024-01-15

    17.11.1

  • 17.11.0 - 2023-10-04
  • 17.10.2 - 2023-09-17
  • 17.10.1 - 2023-08-31
  • 17.10.0 - 2023-08-27
  • 17.9.2 - 2023-04-24
  • 17.9.1 - 2023-03-21
  • 17.9.0 - 2023-03-20
  • 17.8.4 - 2023-03-14
  • 17.8.3 - 2023-02-21
  • 17.8.2 - 2023-02-21
  • 17.8.1 - 2023-02-19
  • 17.8.0 - 2023-02-19
  • 17.7.1 - 2023-02-10
  • 17.7.0 - 2022-11-01
  • 17.6.4 - 2022-10-22
  • 17.6.3 - 2022-10-11
  • 17.6.2 - 2022-09-29
  • 17.6.1 - 2022-09-22
  • 17.6.0 - 2022-01-26
  • 17.5.0 - 2021-12-02
  • 17.4.3 - 2021-12-01
  • 17.4.2 - 2021-08-01
  • 17.4.1 - 2021-07-11
  • 17.4.0 - 2021-02-08
from joi GitHub release notes
Package name: hapi-pino from hapi-pino GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - @azure/identity from 4.3.0 to 4.4.1.
    See this package in npm: https://www.npmjs.com/package/@azure/identity
  - @azure/msal-node from 2.9.2 to 2.13.1.
    See this package in npm: https://www.npmjs.com/package/@azure/msal-node
  - @azure/storage-blob from 12.13.0 to 12.24.0.
    See this package in npm: https://www.npmjs.com/package/@azure/storage-blob
  - @hapi/boom from 9.1.1 to 9.1.4.
    See this package in npm: https://www.npmjs.com/package/@hapi/boom
  - @hapi/wreck from 17.1.0 to 17.2.0.
    See this package in npm: https://www.npmjs.com/package/@hapi/wreck
  - @hapi/hapi from 20.2.1 to 20.3.0.
    See this package in npm: https://www.npmjs.com/package/@hapi/hapi
  - @hapi/inert from 6.0.3 to 6.0.5.
    See this package in npm: https://www.npmjs.com/package/@hapi/inert
  - moment from 2.29.4 to 2.30.1.
    See this package in npm: https://www.npmjs.com/package/moment
  - @joi/date from 2.1.0 to 2.1.1.
    See this package in npm: https://www.npmjs.com/package/@joi/date
  - applicationinsights from 2.5.1 to 2.9.6.
    See this package in npm: https://www.npmjs.com/package/applicationinsights
  - ffc-messaging from 2.10.0 to 2.10.1.
    See this package in npm: https://www.npmjs.com/package/ffc-messaging
  - govuk-frontend from 4.7.0 to 4.8.0.
    See this package in npm: https://www.npmjs.com/package/govuk-frontend
  - joi from 17.4.0 to 17.13.3.
    See this package in npm: https://www.npmjs.com/package/joi
  - hapi-pino from 10.1.0 to 10.2.0.
    See this package in npm: https://www.npmjs.com/package/hapi-pino

See this project in Snyk:
https://app.snyk.io/org/defra-ffc/project/883432a4-2940-4bd5-9d14-95cfc6eae335?utm_source=github&utm_medium=referral&page=upgrade-pr
@samplackett
Copy link
Contributor

Will be picked up under separate PR, if not already

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants