Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 4 vulnerabilities #127

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

TP-GitHub-Service-User
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
Yes Proof of Concept
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes Proof of Concept
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jest The new version differs by 250 commits.
  • be16e47 v27.0.0
  • 63102ec chore: update changelog for release
  • 564694a docs(blog): Jest 27 blog post (#11131)
  • b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
  • 2226742 chore: minor simplify format results error (#11432)
  • 78eb25d chore: remove needless assign (#11433)
  • 696c455 chore: update lockfile after publish
  • e2eb9ae v27.0.0-next.11
  • 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
  • 27bee72 fix: run GC before collecting open handles (#11278)
  • 50451df feat: use fallback if prettier not found (#11400)
  • 150dbd8 chore: update lockfile after publish
  • 6f44529 v27.0.0-next.10
  • cbcec7d Upgrade fsevents in jest-haste-map (#11428)
  • 9633a26 feat: support reporters written in ESM (#11427)
  • 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
  • 57e32e9 Detect open handles with done callbacks (#11382)
  • a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
  • 4fa3a0b feat: custom haste (#11107)
  • 2047a36 chore: bump deps (#11419)
  • a4358d6 chore: run prettier on changelog
  • bdd6282 Move all default values into `jest-config` (#9924)
  • db643a1 Link to Jest config (#11106)
  • b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: semantic-release The new version differs by 221 commits.
  • 11788ed Merge pull request #2934 from semantic-release/beta
  • b93bef4 feat(node-versions): raised the minimum supported node version w/in the v20 range to v20.6.1
  • 6604153 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
  • e623cc6 feat(node-versions): raised the minimum node v20 requirement to v20.6
  • 42f7b82 chore(deps): update dependency testdouble to v3.19.0 (#2961)
  • 1017e1a fix(deps): update dependency aggregate-error to v5 (#2956)
  • a23b718 fix(deps): upgraded to the latest version of the npm plugin with npm v10
  • fb850ff Merge branch 'master' of github.com:semantic-release/semantic-release into beta
  • b9f294d feat(node-versions): raised the minimum required node version to v18.17 and dropped v19 support
  • 03a687b fix(deps): updated to the latest beta of the commit analyzer plugin
  • 86a639d ci(action): update github/codeql-action action to v2.21.7 (#2958)
  • da56201 chore(deps): update dependency sinon to v16 (#2954)
  • 89d51e7 ci(action): update github/codeql-action action to v2.21.6 (#2953)
  • de8e4e0 fix(deps): updated to the latest betas of the commit-analyzer and release-notes-generator plugins
  • 0fd3bb8 chore(deps): lock file maintenance (#2948)
  • c39513f ci(action): update actions/upload-artifact action to v3.1.3 (#2943)
  • 6a5d961 docs(plugins): add @ terrestris/maven-semantic-release (#2939)
  • 19c0965 ci(action): update actions/checkout action to v4 (#2938)
  • 32a2480 chore(deps): lock file maintenance (#2936)
  • 72ab317 feat: defined exports for the package
  • 07a79ea feat(conventional-changelog-presets): supported new preset format
  • 0d92579 chore(deps): update dependency prettier to v3.0.3 (#2930)
  • cb6613e ci(action): update github/codeql-action action to v2.21.5 (#2928)
  • 9e10e44 chore(deps): lock file maintenance (#2923)

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.
  • c9271b9 chore(release): 4.0.0
  • 18bf369 test: fix stability (#3676)
  • cdcabb2 fix: respect protocol from browser for manual setup (#3675)
  • 1768d6b fix: initial reloading for lazy compilation (#3662)
  • 4f5bab1 docs: improve examples (#3672)
  • f2d87fb fix: improve https CLI output (#3673)
  • 0277c5e chore: remove redundant console statements (#3671)
  • 16fcdbc docs: add `ipc` example (#3667)
  • 8915fb8 test: add e2e tests for built in routes (#3669)
  • 4d1cbe1 docs: ask `version` information in issue template (#3668)
  • b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
  • ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
  • f1fdaa7 chore(release): 4.0.0-rc.1
  • c4678bc fix: legacy API (#3660)
  • d8bdd03 test: fix stability (#3661)
  • 22b1414 refactor: remove `killable` (#3657)
  • 75bafbf test: add e2e tests for module federation (#3658)
  • 493ccbd chore(deps): update `ws` (#3652)
  • ae8c523 test: add e2e test for universal compiler (#3656)
  • f94b84f chore(deps): update (#3655)
  • 1923132 test: fix cli
  • 2adfd01 test: fix todo (#3653)
  • 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
  • c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants