[Snyk] Security upgrade @openapitools/openapi-generator-cli from 2.17.0 to 2.23.2#9
[Snyk] Security upgrade @openapitools/openapi-generator-cli from 2.17.0 to 2.23.2#9
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-12613773
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
Codex Review: Here are some suggestions.
About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".
| "devDependencies": { | ||
| "@commitlint/cli": "^19.7.1", | ||
| "@commitlint/config-conventional": "^19.7.1", | ||
| "@openapitools/openapi-generator-cli": "2.17.0", | ||
| "@openapitools/openapi-generator-cli": "2.23.2", | ||
| "@release-it/bumper": "^7.0.1", |
There was a problem hiding this comment.
[P1] Update yarn.lock to keep dependency upgrade effective
Changing @openapitools/openapi-generator-cli to 2.23.2 in devDependencies without regenerating yarn.lock leaves the lock file still pinning 2.17.0. On Yarn 4 installs run with --immutable (commonly used in CI) this mismatch will error out, and if installs proceed locally the dependency remains at the vulnerable 2.17.0 so the security fix never applies. Re-run yarn up @openapitools/openapi-generator-cli and commit the updated lockfile/cache.
Useful? React with 👍 / 👎.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
package.jsonNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-AXIOS-12613773
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling