Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #64

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #64

wants to merge 1 commit into from

Conversation

PDSSnyk
Copy link
Owner

@PDSSnyk PDSSnyk commented May 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: check-dependencies
  • 2.0.0 - 2023-11-15

    Notable non-breaking changes:

    • support npm package aliases (#50)
    • reduced a number of external dependencies
    • npm prune is no longer called asnpm install already prunes

    Breaking changes:

    • dropped the callback interface - use promises instead
    • dropped the checkCustomPackageNames option
    • CLI argument parsing is more strict now; camelCase parameter versions like --packageDir are no longer supported; use their kebab-case versions like --package-dir.
    • dropped Bower support
    • dropped support for Node.js <18.3
  • 1.1.1 - 2023-11-14

    Add basic validation of the packageManager option; document that it's not safe to pass untrusted input there.

  • 1.1.0 - 2017-08-16
    • Always run the install command if prune is necessary.
    • Unify the Windows & UNIX spawnSync code paths using shell: true where supported.
    • Officially support Node.js 8 & npm 5
from check-dependencies GitHub release notes
Package name: jest
  • 29.0.0 - 2022-08-25

    Blog post: https://jestjs.io/blog/2022/08/25/jest-29

    Features

    • [expect] [BREAKING] Differentiate between MatcherContext MatcherUtils and MatcherState types (#13141)
    • [jest-circus] Add support for test.failing.each (#13142)
    • [jest-config] [BREAKING] Make snapshotFormat default to escapeString: false and printBasicPrototype: false (#13036)
    • [jest-config] [BREAKING] Remove undocumented collectCoverageOnlyFrom option (#13156)
    • [jest-environment-jsdom] [BREAKING] Upgrade to jsdom@20 (#13037, #13058)
    • [@ jest/globals] Add jest.Mocked, jest.MockedClass, jest.MockedFunction and jest.MockedObject utility types (#12727)
    • [jest-mock] [BREAKING] Refactor Mocked* utility types. MaybeMockedDeep and MaybeMocked became Mocked and MockedShallow respectively; only deep mocked variants of MockedClass, MockedFunction and MockedObject are exported (#13123, #13124)
    • [jest-mock] [BREAKING] Change the default jest.mocked helper’s behavior to deep mocked (#13125)
    • [jest-snapshot] [BREAKING] Let babel find config when updating inline snapshots (#13150)
    • [@ jest/test-result, @ jest/types] [BREAKING] Replace Bytes and Milliseconds types with number (#13155)
    • [jest-worker] Adds workerIdleMemoryLimit option which is used as a check for worker memory leaks >= Node 16.11.0 and recycles child workers as required (#13056, #13105, #13106, #13107)
    • [pretty-format] [BREAKING] Remove ConvertAnsi plugin in favour of jest-serializer-ansi-escapes (#13040)
    • [pretty-format] Allow to opt out from sorting object keys with compareKeys: null (#12443)

    Fixes

    • [jest-config] Fix testing multiple projects with TypeScript config files (#13099)
    • [@ jest/expect-utils] Fix deep equality of ImmutableJS Record (#13055)
    • [jest-haste-map] Increase the maximum possible file size that jest-haste-map can handle (#13094)
    • [jest-runtime] Properly support CJS re-exports from dual packages (#13170)
    • [jest-snapshot] Make prettierPath optional in SnapshotState (#13149)
    • [jest-snapshot] Fix parsing error from inline snapshot files with JSX (#12760)
    • [jest-worker] When a process runs out of memory worker exits correctly and doesn't spin indefinitely (#13054)

    Chore & Maintenance

    • [*] [BREAKING] Drop support for Node v12 and v17 (#13033)
    • [docs] Fix webpack name (#13049)
    • [docs] Explicit how to set n for --bail (#13128)
    • [docs] Update Enzyme URL (#13166)
    • [jest-leak-detector] Remove support for weak-napi (#13035)
    • [jest-snapshot] [BREAKING] Require rootDir as argument to SnapshotState (#13150)

    New Contributors

    Full Changelog: v28.1.3...v29.0.0

  • 29.0.0-alpha.6 - 2022-08-19

    What's Changed

    • chore: update @ jridgewell/trace-mapping by @ SimenB in #13119
    • refactor(jest-mock)!: rework Mocked* utility types by @ mrazauskas in #13123
    • fix(jest-mock): export MockedShallow type by @ mrazauskas in #13124
    • feat(@ jest/globals): add jest.Mocked, jest.MockedClass, jest.MockedFunction and jest.MockedObject utility types by @ mrazauskas in #12727
    • refactor(jest-mock)!: change the default jest.mocked helper’s behaviour to deep mocked by @ mrazauskas in #13125
    • chore(types): separate MatcherContext, MatcherUtils and MatcherState by @ SimenB in #13141
    • feat(circus): added each to failing tests by @ kkyusufk in #13142
    • chore: make prettierPath optional in SnapshotState by @ SimenB in #13149
    • feat: Let babel find config when updating inline snapshots by @ SimenB in #13150
    • fix: Allow updating inline snapshots when test includes JSX by @ eps1lon in #12760

    New Contributors

    Full Changelog: v29.0.0-alpha.5...v29.0.0-alpha.6

  • 29.0.0-alpha.5 - 2022-08-11

    What's Changed

    • fix: pipe workerIdleMemoryLimit to globalConfig by @ backmask in #13106
    • fix: worker being killed after being spawned and other worker bugs by @ phawxby in #13107

    New Contributors

    Full Changelog: v29.0.0-alpha.4...v29.0.0-alpha.5

  • 29.0.0-alpha.4 - 2022-08-08

    What's Changed

    New Contributors

    Full Changelog: v29.0.0-alpha.3...v29.0.0-alpha.4

  • 29.0.0-alpha.3 - 2022-08-07

    Features

    • [jest-worker] Adds workerIdleMemoryLimit option which is used as a check for worker memory leaks >= Node 16.11.0 and recycles child workers as required. (#13056)

    Fixes

    • [jest-haste-map] Increase the maximum possible file size that jest-haste-map can handle (#13094)

    New Contributors

    Full Changelog: v29.0.0-alpha.1...v29.0.0-alpha.3

  • 29.0.0-alpha.1 - 2022-08-04

    Features

    • [pretty-format] [BREAKING] Remove ConvertAnsi plugin in favour of jest-serializer-ansi-escapes (#13040)

    Fixes

    • [jest-worker] When a process runs out of memory worker exits correctly and doesn't spin indefinitely (#13054)
    • [@ jest/expect-utils] Fix deep equality of ImmutableJS Record (#13055)

    New Contributors

    Full Changelog: v29.0.0-alpha.0...v29.0.0-alpha.1

  • 29.0.0-alpha.0 - 2022-07-17

    Features

    • [jest-config] [BREAKING] Make snapshotFormat default to escapeString: false and printBasicPrototype: false (#13036)
    • [jest-environment-jsdom] [BREAKING] Upgrade to jsdom@20 (#13037)

    Chore & Maintenance

    • [*] [BREAKING] Drop support for Node v12 and v17 (#13033)
    • [jest-leak-detector] Remove support for weak-napi (#13035)

    Full Changelog: v28.1.3...v29.0.0-alpha.0

  • 28.1.3 - 2022-07-13

    Features

    • [jest-leak-detector] Use native FinalizationRegistry when it exists to get rid of external C dependency (#12973)

    Fixes

    • [jest-changed-files] Fix a lock-up after repeated invocations (#12757)
    • [@ jest/expect-utils] Fix deep equality of ImmutableJS OrderedSets (#12977)
    • [jest-mock] Add index signature support for spyOn types (#13013, #13020)
    • [jest-snapshot] Fix indentation of awaited inline snapshots (#12986)

    Chore & Maintenance

    • [*] Replace internal usage of pretty-format/ConvertAnsi with jest-serializer-ansi-escapes (#12935, #13004)
    • [docs] Update spyOn docs (#13000)

    New Contributors

    Full Changelog: v28.1.2...v28.1.3

  • 28.1.2 - 2022-06-29

    Fixes

    • [jest-runtime] Avoid star type import from @ jest/globals (#12949)

    Chore & Maintenance

    • [docs] Mention that jest-codemods now supports Sinon (#12898)

    New Contributors

    Full Changelog: v28.1.1...v28.1.2

  • 28.1.1 - 2022-06-07

    Features

    • [jest] Expose Config type (#12848)
    • [@ jest/reporters] Improve GitHubActionsReporters annotation format (#12826)
    • [@ jest/types] Infer argument types passed to test and describe callback functions from each tables (#12885, #12905)

    Fixes

    • [@ jest/expect-utils] Fix deep equality of ImmutableJS OrderedMaps (#12763)
    • [jest-docblock] Handle multiline comments in parseWithComments (#12845)
    • [jest-mock] Improve spyOn error messages (#12901)
    • [jest-runtime] Correctly report V8 coverage with resetModules: true (#12912)
    • [jest-worker] Make JestWorkerFarm helper type to include methods of worker module that take more than one argument (#12839)

    Chore & Maintenance

    • [docs] Updated docs to indicate that jest-environment-jsdom is a separate package #12828

    • [docs] Document the comments used by coverage providers #12835

    • [docs] Use docusaurus-remark-plugin-tab-blocks to format tabs with code examples (#12859)

    • [jest-haste-map] Bump walker version (#12324)

    • [expect] Adjust typings of lastCalledWith, nthCalledWith, toBeCalledWith matchers to allow a case there a mock was called with no arguments (#12807)

    • [@ jest/expect-utils] Fix deep equality of ImmutableJS Lists (#12763)

    • [jest-core] Do not collect SIGNREQUEST as open handles (#12789)

    New Contributors

    Full Changelog: v28.1.0...v28.1.1

  • 28.1.0 - 2022-05-06
  • 28.0.3 - 2022-04-29
  • 28.0.2 - 2022-04-27
  • 28.0.1 - 2022-04-26
  • 28.0.0 - 2022-04-25
  • 28.0.0-alpha.11 - 2022-04-20
  • 28.0.0-alpha.10 - 2022-04-20
  • 28.0.0-alpha.9 - 2022-04-19
  • 28.0.0-alpha.8 - 2022-04-05
  • 28.0.0-alpha.7 - 2022-03-06
  • 28.0.0-alpha.6 - 2022-03-01
  • 28.0.0-alpha.5 - 2022-02-24
  • 28.0.0-alpha.4 - 2022-02-22
  • 28.0.0-alpha.3 - 2022-02-17
  • 28.0.0-alpha.2 - 2022-02-16
  • 28.0.0-alpha.1 - 2022-02-15
  • 28.0.0-alpha.0 - 2022-02-10
  • 27.5.1 - 2022-02-08
  • 27.5.0 - 2022-02-05
  • 27.4.7 - 2022-01-05
  • 27.4.6 - 2022-01-04
  • 27.4.5 - 2021-12-13
  • 27.4.4 - 2021-12-10
  • 27.4.3 - 2021-12-01
  • 27.4.2 - 2021-11-30
  • 27.4.1 - 2021-11-30
  • 27.4.0 - 2021-11-29
  • 27.3.1 - 2021-10-19
  • 27.3.0 - 2021-10-17
  • 27.2.5 - 2021-10-08
  • 27.2.4 - 2021-09-29
  • 27.2.3 - 2021-09-28
  • 27.2.2 - 2021-09-25
  • 27.2.1 - 2021-09-20
  • 27.2.0 - 2021-09-13
  • 27.1.1 - 2021-09-08
  • 27.1.0 - 2021-08-27
  • 27.0.6 - 2021-06-28
  • 27.0.5 - 2021-06-22
  • 27.0.4 - 2021-06-03
  • 27.0.3 - 2021-05-29
  • 27.0.2 - 2021-05-29
  • 27.0.1 - 2021-05-25
  • 27.0.0 - 2021-05-25
  • 27.0.0-next.11 - 2021-05-20
  • 27.0.0-next.10 - 2021-05-20
  • 27.0.0-next.9 - 2021-05-04
  • 27.0.0-next.8 - 2021-04-12
  • 27.0.0-next.7 - 2021-04-02
  • 27.0.0-next.6 - 2021-03-25
  • 27.0.0-next.5 - 2021-03-15
  • 27.0.0-next.4 - 2021-03-08
  • 27.0.0-next.3 - 2021-02-18
  • ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@PDSSnyk @snyk-bot