fix(deps): update dependency thulite from 2.5.0 to v2.6.0 (docs/package.json) #12781
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
This pull request introduces the thulite dependency in package.json, which presents a potential supply chain risk but currently has no known vulnerabilities. While the risk is considered passing, it is recommended to conduct a thorough security review and follow best practices for dependency management.
Supply Chain Risk in
|
| Vulnerability | Supply Chain Risk |
|---|---|
| Description | While the addition of the thulite dependency raises potential supply chain concerns, no specific known vulnerabilities were identified for version 2.6.0. However, the general risk of introducing a new third-party dependency remains. Best practices recommend: 1. Conducting a thorough security review of the package 2. Checking the package's maintenance status 3. Verifying the package's source and reputation 4. Regularly updating and auditing dependencies |
django-DefectDojo/docs/package.json
Lines 17 to 23 in 3d6395f
All finding details can be found in the DryRun Security Dashboard.
| @@ -17,7 +17,7 @@ | |||
| "@thulite/inline-svg": "1.2.0", | |||
| "@thulite/seo": "2.4.1", | |||
| "@tabler/icons": "3.34.0", | |||
| "thulite": "2.5.0" | |||
| "thulite": "2.6.0" | |||
There was a problem hiding this comment.
This is causing build failures in Hugo
|
@paulOsinski can you please look into this one? |
|
Why is this theme upgrade necessary? If we don’t need any new features of this theme, then there should be no need to upgrade. We might end up having to upgrade Hugo in order to accommodate this, which could introduce more breaking changes... etc... |
|
Understood - thank you for taking a look! Feels like we can pass on this one for now |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update ( If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
2.5.0->2.6.0Release Notes
thuliteio/thulite (thulite)
v2.6.0Compare Source
Minor Changes
ae2274aThanks @h-enk! - Bump dependencies to their latest versionsConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.