Skip to content
This repository has been archived by the owner on Feb 4, 2023. It is now read-only.

[Snyk] Security upgrade @strapi/strapi from 4.0.2 to 4.3.0 #6

Closed
wants to merge 1 commit into from
Closed

[Snyk] Security upgrade @strapi/strapi from 4.0.2 to 4.3.0 #6

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 454/1000
Why? Has a fix available, CVSS 4.8		 Session Fixation
SNYK-JS-PASSPORT-2840631		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @strapi/strapi The new version differs by 250 commits.
  • 74a2b90 v4.3.0
  • 46fdad0 Merge pull request #13499 from strapi/features/ML-folder
  • 608c4e6 Merge branch 'releases/4.3.0' into features/ML-folder
  • b18253f Merge branch 'master' into releases/4.3.0
  • 887e7b8 ML: Add useTracking mocks in tests
  • 6b447a7 Merge pull request #13197 from finnsnape/fix/deprecated-uuid
  • 39eb8ab chore: Downgrade react-intl back to 5.20.2
  • 8f32d44 Merge pull request #13862 from strapi/fix/tests-jest-26-compatible
  • d886f50 Jest: add closeTo() utility temporarily
  • 8907153 Merge branch 'features/ML-folder' into fix/tests-jest-26-compatible
  • 7e3c08b Merge branch 'releases/4.3.0' into features/ML-folder
  • ba91f47 Merge branch 'master' into releases/4.3.0
  • c1366d4 Merge pull request #13861 from strapi/fix/rollback-jest-26
  • 5ca0538 Upload: Make metrics tests compatible with jest@26
  • c77a54f Chore: Rollback jest-watch-typeahead to 0.6.5
  • 13d9650 Chore: Rollback to jest@26.x
  • 2d6afbf Merge branch 'releases/4.3.0' into features/ML-folder
  • cd963b7 Merge pull request #13860 from strapi/fix/numbre-0-null
  • af565b0 Merge pull request #13815 from strapi/fix/ui-bug-datetimepicker-from-another-locale-13674
  • a4c2f3b Merge branch 'master' into releases/4.3.0
  • 0ad69d7 Merge pull request #12789 from strapi/features/typescript
  • f74ec11 EditViewDataManagerProvider: Ensure 0 is not converted to null
  • 1a4ac39 Fix unit tests
  • c83427e Merge pull request #13854 from strapi/fix/13853-get-trad

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Learn about vulnerability in an interactive lesson of Snyk Learn.

@DzmitrySha DzmitrySha closed this Jan 26, 2023
@DzmitrySha DzmitrySha deleted the snyk-fix-f17808e4bc11f67860edc0336b01b9f1 branch January 26, 2023 15:55
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@snyk-bot @DzmitrySha