Bump justgage from 1.6.1 to 1.7.0 in /components

[dependabot]

Bumps justgage from 1.6.1 to 1.7.0.

Release notes

Sourced from justgage's releases.

Release 1.7.0

• style: fix lint issues (3296e33)
• chore: fix some audit issue (40f79b9)
• feat: add targetLine (#398) (e6e488c)
• chore: bump vm2 from 3.9.17 to 3.9.18 (#393) (dd02e7f)
• chore: bump vm2 from 3.9.16 to 3.9.17 (#391) (3a0ff95)
• chore: bump vm2 from 3.9.15 to 3.9.16 (#389) (fac0d26)
• chore: bump vm2 from 3.9.11 to 3.9.15 (#388) (143c4fa)
• docs: improved destroy example (d62b827)
• chore: bump cacheable-request from 10.2.3 to 10.2.7 (#387) (c95ea1c)
• chore: bump qs from 6.10.2 to 6.11.0 (#383) (16c60f3)
• chore: bump http-cache-semantics from 4.1.0 to 4.1.1 (#386) (f5ab2f9)

Changelog

Sourced from justgage's changelog.

v1.7.0

• feat: add targetLine [#398](https://github.com/toorshia/justgage/issues/398)
• chore: bump vm2 from 3.9.17 to 3.9.18 [#393](https://github.com/toorshia/justgage/issues/393)
• chore: bump vm2 from 3.9.16 to 3.9.17 [#391](https://github.com/toorshia/justgage/issues/391)
• chore: bump vm2 from 3.9.15 to 3.9.16 [#389](https://github.com/toorshia/justgage/issues/389)
• chore: bump vm2 from 3.9.11 to 3.9.15 [#388](https://github.com/toorshia/justgage/issues/388)
• chore: bump cacheable-request from 10.2.3 to 10.2.7 [#387](https://github.com/toorshia/justgage/issues/387)
• chore: bump qs from 6.10.2 to 6.11.0 [#383](https://github.com/toorshia/justgage/issues/383)
• chore: bump http-cache-semantics from 4.1.0 to 4.1.1 [#386](https://github.com/toorshia/justgage/issues/386)
• chore: fix some audit issue 40f79b9
• style: fix lint issues 3296e33
• docs: improved destroy example d62b827

Commits

• 53d6e4e Release 1.7.0
• 3296e33 style: fix lint issues
• 40f79b9 chore: fix some audit issue
• e6e488c feat: add targetLine (#398)
• dd02e7f chore: bump vm2 from 3.9.17 to 3.9.18 (#393)
• 3a0ff95 chore: bump vm2 from 3.9.16 to 3.9.17 (#391)
• fac0d26 chore: bump vm2 from 3.9.15 to 3.9.16 (#389)
• 143c4fa chore: bump vm2 from 3.9.11 to 3.9.15 (#388)
• d62b827 docs: improved destroy example
• c95ea1c chore: bump cacheable-request from 10.2.3 to 10.2.7 (#387)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

This pull request updates the justgage dependency from version ^1.6.1 to ^1.7.0 in the package.json and yarn.lock files, which is considered a routine dependency update that can provide bug fixes, security patches, and new features, and is unlikely to have a significant impact on the application's security posture.

Expand for full summary

Summary:

The code changes in this pull request update the version of the justgage dependency from ^1.6.1 to ^1.7.0 in the package.json file and the corresponding yarn.lock file. These changes are considered routine dependency updates, which are generally a good practice as they can provide bug fixes, security patches, and new features.

From an application security perspective, these changes are not particularly concerning. The justgage library is a JavaScript-based library for creating animated, interactive, and responsive gauges, and it is not a security-critical component of the application. The version update from 1.6.1 to 1.7.0 is a minor one, and unless there are known security vulnerabilities in the previous version that have been addressed in the newer version, this change is unlikely to have a significant impact on the application's security posture.

However, it is important to thoroughly test the application after any dependency updates to ensure that the changes do not introduce any regressions or unintended behavior. Additionally, it is recommended to review the release notes or change logs of the updated library to verify that there are no security-related fixes or changes that might impact the application.

Files Changed:

1. components/package.json: This file has been updated to change the version of the justgage dependency from ^1.6.1 to ^1.7.0.
2. components/yarn.lock: This file has been updated to reflect the change in the justgage dependency version.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[mtesauro]

Approved