Skip to content
This repository has been archived by the owner on Feb 4, 2023. It is now read-only.

[Snyk] Security upgrade @strapi/strapi from 4.0.2 to 4.2.0 #5

Closed
wants to merge 1 commit into from
Closed

[Snyk] Security upgrade @strapi/strapi from 4.0.2 to 4.2.0 #5

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @strapi/strapi The new version differs by 250 commits.
  • 12c8ee3 v4.2.0
  • 2cc62a0 Merge pull request #13561 from strapi/master
  • aeb21ff Merge pull request #13105 from jorgeRambla/fix/upload-plugin
  • b21bfb0 Merge pull request #13543 from strapi/features/providers
  • e75fbef Merge pull request #13546 from strapi/providers/submit-provider-button
  • 07bc405 Merge pull request #13442 from kiri-rin/PR/karakalpak-locale
  • 6ebc596 update translation
  • db343dc remove your from cta
  • 54d5f9d add tests
  • e6f395e use default prop
  • 9c30260 add submit provider button
  • a7bb953 Merge branch 'master' of github.com:strapi/strapi into features/providers
  • c8cf579 Merge pull request #13501 from strapi/providers/search
  • 1b93931 Merge pull request #13462 from strapi/providers/add-tabs
  • c85b2a8 update snapshot
  • cf22c0f Add tests for provider search
  • c01c8b0 Update search translations
  • 68b0c27 Add providers search to marketplace
  • 9d40d0c add tests for providers tab
  • 00f5dd3 add tests for plugins tab
  • e9288e2 update snapshot
  • c12bde7 Merge branch 'master' into releases/4.2.0
  • 86e57e1 Merge pull request #13484 from strapi/dependabot/npm_and_yarn/qs-6.10.5
  • f35de37 Bump qs from 6.10.3 to 6.10.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Learn about vulnerability in an interactive lesson of Snyk Learn.

@DzmitrySha DzmitrySha closed this Jan 26, 2023
@DzmitrySha DzmitrySha deleted the snyk-fix-1ced8d9e686e728f0707eb2a783c96cd branch January 26, 2023 15:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@snyk-bot @DzmitrySha