[Snyk] Security upgrade simple-git from 3.28.0 to 3.32.0#38
[Snyk] Security upgrade simple-git from 3.28.0 to 3.32.0#38mustansirali wants to merge 1 commit into
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-16032290
🤖 Augment PR SummarySummary: Updates the Changes:
🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| "fs-extra": "^11.0.0", | ||
| "joi": "^17.0.0", | ||
| "simple-git": "^3.0.0", | ||
| "simple-git": "^3.32.0", |
There was a problem hiding this comment.
package.json:28 – Since this is a security-driven bump, can you double-check package-lock.json actually resolves simple-git to >= 3.32.0 (e.g., via npm ci in CI) so installs don’t remain pinned to the previously vulnerable version?
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
![augment-app-staging[bot]](https://avatars.githubusercontent.com/in/1008152?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review completed. No suggestions at this time.
Code Review Triage 🛡️ · Low Risk
Recommendation: ✅ Approve — Low-Risk Change
Justification
This PR updates an npm dependency version (`simple-git`) and the lockfile to address a known vulnerability. No application source code or tests are modified.If you don't agree with this auto-approval recommendation, please reach out to #feedback-code-review-agent.
Comment augment review to trigger a new review at any time.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-SIMPLEGIT-16032290
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Command Injection