Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade electron-serve from 1.1.0 to 1.2.0 #32726

Closed
melvin-bot bot opened this issue Dec 8, 2023 · 9 comments
Closed

[Snyk] Upgrade electron-serve from 1.1.0 to 1.2.0 #32726

melvin-bot bot opened this issue Dec 8, 2023 · 9 comments
Assignees
@mananjadhav
Labels
Internal Requires API changes or must be handled by Expensify staff Monthly KSv2

Comments

@melvin-bot
Copy link

melvin-bot bot commented Dec 8, 2023
edited
Loading

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade electron-serve from 1.1.0 to 1.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released a month ago, on 2023-11-01.
Release notes
Package name: electron-serve from electron-serve GitHub release notes
Commit messages
Package name: electron-serve

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Upwork Automation - Do Not Edit
  • Upwork Job URL: https://www.upwork.com/jobs/~01c531af997d91ba4d
  • Upwork Job ID: 1733135506350129152
  • Last Price Increase: 2023-12-08
@melvin-bot melvin-bot bot added Internal Requires API changes or must be handled by Expensify staff Weekly KSv2 labels Dec 8, 2023
@melvin-bot Melvin Bot
Copy link
Author

melvin-bot bot commented Dec 8, 2023

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.

@melvin-bot Melvin Bot
Copy link
Author

melvin-bot bot commented Dec 8, 2023

Job added to Upwork: https://www.upwork.com/jobs/~01c531af997d91ba4d

@melvin-bot Melvin Bot
Copy link
Author

melvin-bot bot commented Dec 8, 2023

Triggered auto assignment to Contributor Plus for review of internal employee PR - @mananjadhav (Internal)

@mananjadhav
Copy link
Collaborator

I'll check through this list here and post my updates.

@melvin-bot melvin-bot bot added Monthly KSv2 and removed Weekly KSv2 labels Jan 4, 2024
@melvin-bot Melvin Bot
Copy link
Author

melvin-bot bot commented Jan 4, 2024

This issue has not been updated in over 15 days. @mananjadhav eroding to Monthly issue.

P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!

@mananjadhav
Copy link
Collaborator

mananjadhav commented Jan 20, 2024
edited
Loading

I missed updating this issue. The linked issue is to update electron-serve. I checked the change log from 1.1.0 to 1.2.0, and I can only see one important commit. I don't think it is critical for us to update the dependency right now.

  • The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
  • If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
  • Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
  • Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.

@mananjadhav
Copy link
Collaborator

mananjadhav commented Jan 30, 2024
edited
Loading

A PR for this was already merged. So I think we can close this one out.

@mananjadhav
Copy link
Collaborator

mananjadhav commented Feb 6, 2024
edited
Loading

@marcochavezf @mountiny Can one of you please close this issue? As the PR linked in the previous comment already resolves this.

@marcochavezf
Copy link
Contributor

Sure, closing it out

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mananjadhav mananjadhav

Labels
Internal Requires API changes or must be handled by Expensify staff Monthly KSv2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mananjadhav @marcochavezf