From ee7a115763503635edbb3735d3c82d5559835b39 Mon Sep 17 00:00:00 2001 From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Date: Thu, 1 May 2025 08:59:24 +0700 Subject: [PATCH 1/9] fix: examples/webhook-signing/nestjs/package.json to reduce vulnerabilities (#20) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NESTJSCOMMON-9538801 Co-authored-by: snyk-bot --- examples/webhook-signing/nestjs/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/webhook-signing/nestjs/package.json b/examples/webhook-signing/nestjs/package.json index 4b70c8ac70..08c6cb5d42 100644 --- a/examples/webhook-signing/nestjs/package.json +++ b/examples/webhook-signing/nestjs/package.json @@ -11,7 +11,7 @@ "author": "Ali karimi", "license": "ISC", "dependencies": { - "@nestjs/common": "^10.2.1", + "@nestjs/common": "^11.0.16", "@nestjs/config": "^3.0.0", "@nestjs/core": "^10.2.1", "dotenv": "^16.3.1", From 18a931111a137d2a6cba564a763154d4bcd46a3f Mon Sep 17 00:00:00 2001 From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Date: Thu, 1 May 2025 08:59:59 +0700 Subject: [PATCH 2/9] feat: upgrade stripe from 11.18.0 to 17.5.0 (#1) Snyk has created this PR to upgrade stripe from 11.18.0 to 17.5.0. See this package in npm: stripe See this project in Snyk: https://app.snyk.io/org/dargon789/project/4f7b9dfb-2d1d-4c98-8e50-bb9a36d4fe16?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot --- examples/webhook-signing/koa/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/webhook-signing/koa/package.json b/examples/webhook-signing/koa/package.json index b0da7281e6..093603fdeb 100644 --- a/examples/webhook-signing/koa/package.json +++ b/examples/webhook-signing/koa/package.json @@ -12,7 +12,7 @@ "dependencies": { "dotenv": "^8.2.0", "koa": "^2.14.1", - "stripe": "^11.9.1", + "stripe": "^17.5.0", "koa-bodyparser": "^4.3.0" }, "devDependencies": { From 715329e8eca11123a5be69c81219a09c115a6252 Mon Sep 17 00:00:00 2001 From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Date: Thu, 1 May 2025 09:00:21 +0700 Subject: [PATCH 3/9] feat: upgrade dotenv from 8.6.0 to 16.4.7 (#2) Snyk has created this PR to upgrade dotenv from 8.6.0 to 16.4.7. See this package in npm: dotenv See this project in Snyk: https://app.snyk.io/org/dargon789/project/4f7b9dfb-2d1d-4c98-8e50-bb9a36d4fe16?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot --- examples/webhook-signing/koa/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/webhook-signing/koa/package.json b/examples/webhook-signing/koa/package.json index 093603fdeb..500f87cc15 100644 --- a/examples/webhook-signing/koa/package.json +++ b/examples/webhook-signing/koa/package.json @@ -10,7 +10,7 @@ "author": "", "license": "ISC", "dependencies": { - "dotenv": "^8.2.0", + "dotenv": "^16.4.7", "koa": "^2.14.1", "stripe": "^17.5.0", "koa-bodyparser": "^4.3.0" From d495f75a0b8f0b985b71cf548554154c19d58326 Mon Sep 17 00:00:00 2001 From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Date: Thu, 1 May 2025 09:06:59 +0700 Subject: [PATCH 4/9] Create SECURITY.md (#21) --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..034e848032 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 14d334b2edc2f24a48c149ec2198168e33dec321 Mon Sep 17 00:00:00 2001 From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Date: Sat, 12 Jul 2025 09:31:32 +0700 Subject: [PATCH 5/9] fix: package.json to reduce vulnerabilities (#24) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 Co-authored-by: snyk-bot --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 7da575c582..70f51f9be3 100644 --- a/package.json +++ b/package.json @@ -36,12 +36,12 @@ "@typescript-eslint/parser": "^4.33.0", "chai": "^4.3.6", "chai-as-promised": "~7.1.1", - "eslint": "^7.32.0", + "eslint": "^9.0.0", "eslint-config-prettier": "^8.5.0", "eslint-plugin-chai-friendly": "^0.7.2", "eslint-plugin-import": "^2.27.5", "eslint-plugin-prettier": "^3.4.1", - "mocha": "^8.4.0", + "mocha": "^11.0.1", "mocha-junit-reporter": "^2.1.0", "nock": "^13.2.9", "node-fetch": "^2.6.7", From 18f61d9e3d7feee66f8270c871e3570b75e15e21 Mon Sep 17 00:00:00 2001 From: Dargon789 <64915515+Dargon789@users.noreply.github.com> Date: Thu, 13 Nov 2025 16:10:59 +0700 Subject: [PATCH 6/9] Create config.yml (#31) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --- .circleci/config.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000000..d5d401c518 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,31 @@ +# Use the latest 2.1 version of CircleCI pipeline process engine. +# See: https://circleci.com/docs/configuration-reference +version: 2.1 + +# Define a job to be invoked later in a workflow. +# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs +jobs: + say-hello: + # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub. + # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job + docker: + # Specify the version you desire here + # See: https://circleci.com/developer/images/image/cimg/base + - image: cimg/base:current + + # Add steps to the job + # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps + steps: + # Checkout the code as the first step. + - checkout + - run: + name: "Say hello" + command: "echo Hello, World!" + +# Orchestrate jobs using workflows +# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows +workflows: + say-hello-workflow: # This is the name of the workflow, feel free to change it to better match your workflow. + # Inside the workflow, you define the jobs you want to run. + jobs: + - say-hello From 37e72d1ad354b67b9e49e96497be67fdb920a401 Mon Sep 17 00:00:00 2001 From: Dargon789 <64915515+Dargon789@users.noreply.github.com> Date: Tue, 3 Feb 2026 09:35:56 +0000 Subject: [PATCH 7/9] Delete .circleci directory (#46) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --- .circleci/config.yml | 31 ------------------------------- 1 file changed, 31 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index d5d401c518..0000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Use the latest 2.1 version of CircleCI pipeline process engine. -# See: https://circleci.com/docs/configuration-reference -version: 2.1 - -# Define a job to be invoked later in a workflow. -# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs -jobs: - say-hello: - # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub. - # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job - docker: - # Specify the version you desire here - # See: https://circleci.com/developer/images/image/cimg/base - - image: cimg/base:current - - # Add steps to the job - # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps - steps: - # Checkout the code as the first step. - - checkout - - run: - name: "Say hello" - command: "echo Hello, World!" - -# Orchestrate jobs using workflows -# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows -workflows: - say-hello-workflow: # This is the name of the workflow, feel free to change it to better match your workflow. - # Inside the workflow, you define the jobs you want to run. - jobs: - - say-hello From 567aa61aa8530e3018b212b9b0bfd1ac3d274678 Mon Sep 17 00:00:00 2001 From: Dargon789 <64915515+Dargon789@users.noreply.github.com> Date: Tue, 3 Feb 2026 09:49:47 +0000 Subject: [PATCH 8/9] Update issue templates (#49) * Update issue templates * Update .github/ISSUE_TEMPLATE/bug_report.md Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/bug_report.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/bug_report.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/custom.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/custom.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/feature_request.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- .github/ISSUE_TEMPLATE/bug_report.md | 38 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/custom.md | 16 ++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 ++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/custom.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000000..1768c06866 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '[Bug]: ' +labels: 'bug' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. Windows 10, macOS Big Sur] + - Browser [e.g. Chrome, Safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/custom.md b/.github/ISSUE_TEMPLATE/custom.md new file mode 100644 index 0000000000..2857723103 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/custom.md @@ -0,0 +1,16 @@ +--- +name: Other issue +about: Use this for issues that don't fit other categories +title: '' +labels: '' +assignees: '' + +--- + +**Summary** + +A clear and concise description of the issue. + +**Additional context** + +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000000..5c8a425afa --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '[Feature]: ' +labels: 'enhancement' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From e9c0770b2d143fb40ecff11b5bae904c2b06817f Mon Sep 17 00:00:00 2001 From: Dargon789 <64915515+Dargon789@users.noreply.github.com> Date: Tue, 3 Feb 2026 09:58:35 +0000 Subject: [PATCH 9/9] [Snyk] Security upgrade next from 13.5.11 to 15.5.10 (#48) * fix: examples/webhook-signing/nextjs/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-15104645 * Update examples/webhook-signing/nextjs/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: snyk-bot Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- examples/webhook-signing/nextjs/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/webhook-signing/nextjs/package.json b/examples/webhook-signing/nextjs/package.json index dc42ce7396..a371407867 100644 --- a/examples/webhook-signing/nextjs/package.json +++ b/examples/webhook-signing/nextjs/package.json @@ -13,7 +13,7 @@ "license": "ISC", "dependencies": { "dotenv": "^8.2.0", - "next": "^13.1.6", + "next": "^14.2.4-canary.17", "react": "^18.2.0", "react-dom": "^18.2.0", "stripe": "^11.9.1"