[Snyk] Security upgrade @types/cypress from 1.1.3 to 1.1.6#51
[Snyk] Security upgrade @types/cypress from 1.1.3 to 1.1.6#51
Conversation
…nerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253
There was a problem hiding this comment.
Pull request overview
This PR is an automated Snyk security upgrade that updates @types/cypress from version 1.1.3 to 1.1.6, claiming to fix a high severity vulnerability (SNYK-JS-QS-14724253) related to "Allocation of Resources Without Limits or Throttling" in the qs package. However, @types/cypress is a stub types package that simply depends on the cypress package itself, which provides its own type definitions. The actual security fix would come from upgrading the cypress dependency, not the @types stub package.
Key changes:
- Updates
@types/cypressversion constraint from^1.1.3to^1.1.6in optionalDependencies - Updates package-lock.json to reflect the new version with updated integrity hash
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| frontend/package.json | Updates the @types/cypress version constraint in optionalDependencies from ^1.1.3 to ^1.1.6 |
| frontend/package-lock.json | Updates the resolved version, integrity hash, and deprecation message for @types/cypress; however, incorrectly adds the package to the main dependencies section |
Files not reviewed (1)
- frontend/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@fortawesome/free-solid-svg-icons": "~6.6.0", | ||
| "@mempool/mempool.js": "2.3.0", | ||
| "@ng-bootstrap/ng-bootstrap": "^16.0.0", | ||
| "@types/cypress": "^1.1.6", |
There was a problem hiding this comment.
The package-lock.json incorrectly adds @types/cypress to the main dependencies section, but the package.json file shows it should only be in optionalDependencies. This creates an inconsistency between the two files. The package-lock.json should not list @types/cypress in the dependencies section at line 31, as it's not present in the dependencies of package.json.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
frontend/package.jsonfrontend/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-QS-14724253
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling