[Snyk] Upgrade @strapi/strapi from 4.2.3 to 4.24.0 #32

VolkovDani · 2024-05-18T20:07:55Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @strapi/strapi from 4.2.3 to 4.24.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 170 versions ahead of your current version.
The recommended version was released 24 days ago, on 2024-04-24.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	375/1000 Why? CVSS 7.5	No Known Exploit
SQL Injection SNYK-JS-KNEX-3175610	375/1000 Why? CVSS 7.5	Proof of Concept
Origin Validation Error SNYK-JS-KOACORS-6117545	375/1000 Why? CVSS 7.5	No Known Exploit
Sandbox Bypass SNYK-JS-WEBPACK-3358798	375/1000 Why? CVSS 7.5	Proof of Concept
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-STRAPISTRAPI-5431394	375/1000 Why? CVSS 7.5	Proof of Concept
Access Restriction Bypass SNYK-JS-STRAPISTRAPI-5457880	375/1000 Why? CVSS 7.5	No Known Exploit
Improper Access Control SNYK-JS-STRAPISTRAPI-6046426	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-STRAPIADMIN-5901529	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	375/1000 Why? CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-STRAPIDATABASE-5805288	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LUXON-3225081	375/1000 Why? CVSS 7.5	Proof of Concept
Session Fixation SNYK-JS-PASSPORT-2840631	375/1000 Why? CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-POSTCSS-5926692	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	375/1000 Why? CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-STRAPISTRAPI-5805052	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-STRAPIADMIN-5901493	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-STRAPIDATABASE-5805053	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-SANITIZEHTML-6256334	375/1000 Why? CVSS 7.5	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	375/1000 Why? CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	375/1000 Why? CVSS 7.5	Proof of Concept
Incorrect Authorization SNYK-JS-STRAPIPLUGINCONTENTMANAGER-5901525	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	375/1000 Why? CVSS 7.5	Proof of Concept
Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	375/1000 Why? CVSS 7.5	Mature
Information Exposure SNYK-JS-STRAPIPLUGINCONTENTMANAGER-5901494	375/1000 Why? CVSS 7.5	Proof of Concept
Improper Neutralization of Special Elements Used in a Template Engine SNYK-JS-STRAPIPLUGINEMAIL-5431383	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @strapi/strapi

4.24.0 - 2024-04-24
🔥 Bug fix
- [core:admin] fix: ee not being extended because no default export (#20171) @ alexandrebodin
- [core:content-manager] fix: content could be undefined (#20180) @ alexandrebodin
- [core:database] fix(database): add prefix to avoid join column name conflicts (#20027) @ innerdvations
- [core:upload] enhancement: use file path in place of streams to optimize sharp fragmentation & libvips caching (#20080) @ alexandrebodin
⚙️ Chore
- [core:core] Make cors middleware compliant with the intended spec (#20044) @ alexandrebodin
- [dependencies] Chore: Upgrade mysql2 from 3.6.0 to 3.9.4 (#20123) @ derrickmehaffy
📚 Update and Migration Guides
- General update guide can be found here
- Migration guides can be found here 📚
4.23.2 - 2024-05-01
4.23.1 - 2024-04-17
📖 Documentation
- [docs] Add Local Search plugin to Contributor docs (#20036) @ pwizla
⚙️ Chore
- [dependencies] chore(pack-up): remove from monorepo (#20082) @ joshuaellis
- [dependencies] chore(deps): bump @ strapi/design-system from 1.16.0 to 1.18.0 (#20115) @ markkaylor
🔥 Bug fix
- [core:content-releases] fix(content-releases): fix e2e failing test (#20094) @ simotae14
📚 Update and Migration Guides
- General update guide can be found here
- Migration guides can be found here 📚
4.23.1-alpha.0 - 2024-04-16
4.23.0 - 2024-04-10
⚙️ Chore
- [dependencies] Chore: Update vite and webpack-dev-middleware (#20037) @ derrickmehaffy
- ~~[external] Update sharp package to version v0.33.3 (#19311) @ mariansimecek~~
- [tooling] chore: ignore nx cache (#20023) @ innerdvations
- [tooling] chore: add watch script for all projects (#20068) @ innerdvations
🔥 Bug fix
- [core:admin] fix(admin): force an absolute URL if the BACKEND_URL is relative (#19950) @ joshuaellis
- [core:content-releases] Hide Locale column and grouping option when i18n plugin is not installed (#19358) @ simotae14
- [core:content-releases] fix: fix boot issue when removing i18n from an app (#20073) @ Marc-Roig
- [core:helper-plugin] fix issue #19532 (#19970) @ alexandrebodin
- [core:strapi] fix(content-manager): populate media and nested components on cloning (#19958) @ simotae14
- [core:upload] Revert sharp to 0.32.6 (#20066) @ markkaylor
🚀 New feature
- [core:content-releases] Feat(releases): add release column to CM list view (#19926) @ madhurisandbhor
💅 Enhancement
- [core:database] feat: support media deep filtering & relation shortcut filters (#19971) @ alexandrebodin
📚 Update and Migration Guides
- General update guide can be found here
- Migration guides can be found here 📚
4.22.1 - 2024-04-05
What's Changed
- Chore: Revert @ koa/cors upgrade to 5.0.0 due to breaking cors middleware by @ derrickmehaffy in #20041
Full Changelog: v4.22.0...v4.22.1
4.22.0 - 2024-04-03
⚠️ Security Warning and Notice ⚠️

Strapi was made aware of a vulnerably that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.

🔥 Bug fix
- [core:content-manager] fix: Creating a new locale doesn't pre-fill the non-internationalized fields (#18773) @ derrickmehaffy
- [core:content-manager] fix: show name of relations when lazy loading them (#19915) @ Marc-Roig
- [core:content-releases] fix(releases): Scheduling info capitalization (#19945) @ madhurisandbhor
- [core:content-releases] fix(releases): On edit release error dont close modal (#19946) @ madhurisandbhor
- [core:upload] fix: sanitize file name when uploading image (#19913) @ Marc-Roig
- [plugin:i18n] fix:issue on do not validate locale if not creating for all locales (#19799) @ binar1
🚀 New feature
- [core:content-releases] Feat(releases): Bulk Release (#19891) @ madhurisandbhor
- [plugin:graphql] fix(plugin-graphql): allow to use GET queries for graphql (#19168) @ mcfedr
⚙️ Chore
- [dependencies] chore(deps): bump @ koa/cors from 3.4.3 to 5.0.0 (#19921) @ derrickmehaffy
- [dependencies] chore(deps): bump sanitize-html (and types) from 2.11.0 to 2.13.0 (#19922) @ derrickmehaffy
📚 Update and Migration Guides
- General update guide can be found here
- Migration guides can be found here 📚
4.21.1 - 2024-03-27
💅 Enhancement
- [core:content-manager] feat(Releases): Bulk actions renderer (#19749) @ madhurisandbhor
🔥 Bug fix
- [core:admin] fix(admin): show purchase pages also with Cloud plans and change message (#19855) @ simotae14
- [core:content-releases] fix(content-releases): fix creation of utc time based when sending to back (#19865) @ Feranchz
- [core:content-type-builder] fix: reload ctb after save (#19811) @ Bassel17
- [core:data-transfer] fix: add support for private upload providers (#19863) @ Bassel17
- [core:data-transfer] Solve foreign key error on push transfers (#19870) @ christiancp100
📚 Update and Migration Guides
- General update guide can be found here
- Migration guides can be found here 📚
4.21.0 - 2024-03-20
4.20.5 - 2024-03-13
4.20.4 - 2024-03-06
4.20.3 - 2024-02-28
4.20.2 - 2024-02-21
4.20.1 - 2024-02-14
4.20.0 - 2024-02-07
4.19.1 - 2024-01-31
4.19.0 - 2024-01-24
4.18.1-experimental.0 - 2024-01-12
4.18.1-beta.1 - 2024-01-12
4.18.1-beta.0 - 2024-01-12
4.18.0 - 2024-01-12
4.17.1 - 2024-01-16
4.17.0 - 2024-01-10
4.16.2 - 2023-12-21
4.16.1 - 2023-12-21
4.16.0 - 2023-12-20
4.15.5 - 2023-11-29
4.15.5-alpha.6 - 2023-11-27
4.15.5-alpha.5 - 2023-11-21
4.15.5-alpha.4 - 2023-11-15
4.15.5-alpha.3 - 2023-11-15
4.15.5-alpha.2 - 2023-11-14
4.15.5-alpha.1 - 2023-11-14
4.15.5-alpha.0 - 2023-11-13
4.15.4 - 2023-11-11
4.15.3 - 2023-11-11
4.15.3-alpha.3 - 2023-11-11
4.15.3-alpha.2 - 2023-11-11
4.15.3-alpha.1 - 2023-11-11
4.15.3-alpha.0 - 2023-11-11
4.15.2 - 2023-11-08
4.15.1 - 2023-11-02
4.15.0 - 2023-10-25
4.15.0-alpha.0 - 2023-10-02
4.14.6 - 2023-11-03
4.14.5 - 2023-10-18
4.14.4 - 2023-10-11
4.14.3 - 2023-10-04
4.14.2 - 2023-10-02
4.14.1 - 2023-10-02
4.14.0 - 2023-09-28
4.14.0-beta.0 - 2023-09-14
4.14.0-alpha.0 - 2023-09-08
4.13.7 - 2023-09-20
4.13.6 - 2023-09-13
4.13.5 - 2023-09-12
4.13.4 - 2023-09-11
4.13.3 - 2023-09-06
4.13.2 - 2023-09-04
4.13.1 - 2023-08-30
4.13.0 - 2023-08-30
4.13.0-beta.0 - 2023-08-10
4.13.0-alpha.2 - 2023-08-30
4.13.0-alpha.1 - 2023-08-30
4.13.0-alpha.0 - 2023-08-30
4.12.7 - 2023-08-25
4.12.6 - 2023-08-23
4.12.5 - 2023-08-16
4.12.4 - 2023-08-09
4.12.2 - 2023-08-09
4.12.1 - 2023-08-02
4.12.0 - 2023-07-27
4.12.0-beta.5 - 2023-07-24
4.12.0-beta.4 - 2023-07-21
4.12.0-beta.3 - 2023-07-18
4.12.0-beta.1 - 2023-07-12
4.12.0-beta.0 - 2023-07-10
4.11.7 - 2023-07-19
4.11.6 - 2023-07-19
4.11.5 - 2023-07-12
4.11.4 - 2023-07-05
4.11.3 - 2023-06-28
4.11.2 - 2023-06-21
4.11.1 - 2023-06-12
4.11.1-beta.2 - 2023-06-12
4.11.1-beta.1 - 2023-06-12
4.11.1-beta.0 - 2023-06-12
4.11.0 - 2023-06-07
4.11.0-exp.push-transfer-push-stuck - 2023-05-31
4.11.0-exp.9xg4-3qfm-9w8f.1 - 2023-06-06
4.11.0-exp.9xg4-3qfm-9w8f - 2023-05-31
4.11.0-exp.2 - 2023-06-07
4.11.0-exp.0 - 2023-06-07
4.11.0-beta.1 - 2023-05-31
4.11.0-beta.0 - 2023-05-25
4.11.0-alpha.0 - 2023-05-11
4.10.8 - 2023-06-07
4.10.8-exp.0 - 2023-06-07
4.10.7 - 2023-05-31
4.10.6 - 2023-05-24
4.10.5 - 2023-05-11
4.10.4 - 2023-05-10
4.10.2 - 2023-05-03
4.10.2-alpha.0 - 2023-04-28
4.10.1 - 2023-04-26
4.10.1-experimental.0 - 2023-04-26
4.10.0 - 2023-04-26
4.10.0-beta.1 - 2023-04-19
4.10.0-beta.0 - 2023-03-30
4.9.2 - 2023-04-19
4.9.1 - 2023-04-12
4.9.0 - 2023-03-29
4.9.0-exp.90df253ba90fd6879eb56a720a1f80d04ff745b8 - 2023-03-16
4.9.0-beta.2 - 2023-03-20
4.9.0-beta.1 - 2023-03-20
4.9.0-alpha.0 - 2023-02-15
4.8.2 - 2023-03-16
4.8.1 - 2023-03-15
4.8.0 - 2023-03-15
4.7.2-exp.24dd7d95972fa822bf43e9b095b51027402c229e - 2023-03-02
4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb - 2023-03-02
4.7.1 - 2023-03-02
4.7.0 - 2023-02-27
4.7.0-exp.3d6a31eb083e9d44afcf98f68c107fb7567e5720 - 2023-02-24
4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d - 2023-02-24
4.7.0-beta.0 - 2023-02-09
4.6.2 - 2023-02-22
4.6.1 - 2023-02-08
4.6.0 - 2023-01-25
4.6.0-beta.2 - 2023-01-18
4.6.0-beta.1 - 2022-12-21
4.6.0-beta.0 - 2022-12-14
4.6.0-alpha.1 - 2022-12-14
4.6.0-alpha.0 - 2022-11-25
4.5.6 - 2023-01-11
4.5.5 - 2022-12-28
4.5.4 - 2022-12-14
4.5.3 - 2022-11-30
4.5.2 - 2022-11-22
4.5.1 - 2022-11-16
4.5.0 - 2022-11-09
4.5.0-beta.0 - 2022-10-12
4.5.0-alpha.0 - 2022-09-23
4.4.7 - 2022-11-04
4.4.6 - 2022-11-02
4.4.5 - 2022-10-19
4.4.4 - 2022-10-19
4.4.3 - 2022-10-05
4.4.2 - 2022-10-05
4.4.1 - 2022-09-29
4.4.0 - 2022-09-28
4.4.0-rc.1 - 2022-09-22
4.4.0-rc.0 - 2022-09-21
4.4.0-beta.4 - 2022-09-15
4.4.0-beta.3 - 2022-09-15
4.4.0-beta.1 - 2022-09-09
4.4.0-alpha.0 - 2022-08-25
4.3.9 - 2022-09-21
4.3.8 - 2022-09-07
4.3.7 - 2022-09-07
4.3.6 - 2022-08-24
4.3.5 - 2022-08-24
4.3.4 - 2022-08-11
4.3.3 - 2022-08-10
4.3.2 - 2022-08-01
4.3.2-alpha.0 - 2022-08-01
4.3.1 - 2022-08-01
4.3.0 - 2022-07-27
4.3.0-beta.2 - 2022-07-07
4.3.0-beta.1 - 2022-06-15
4.2.3 - 2022-07-13

from @strapi/strapi GitHub release notes

Commit messages

Package name: @strapi/strapi

bfa5109 v4.24.0
6ad256c Merge pull request #20180 from strapi/fix/issue-19660
e8698b6 fix: content could be undefined
0e2e3db Merge pull request #20044 from strapi/fix/cors-5
8515737 Merge branch 'develop' into fix/cors-5
0742c57 enhancement: use file path in place of streams to optimize sharp fragmentation & libvips caching (#20080)
469f8c0 Merge branch 'develop' into fix/cors-5
896ff28 Merge branch 'releases/4.23.1' into develop
7237fd8 fix(database): add prefixed alias to avoid join column name conflicts
655449a v4.23.1
9f8bd63 chore: upgrade mysql2 from 3.6.0 to 3.9.4
de4c825 tests(content-releases): add API tests for Content Releases (#20048)
dd46ee6 Merge branch 'develop' into fix/cors-5
6f96608 chore(deps): bump @ strapi/design-system from 1.16.0 to 1.18.0 (#20115)
0ddbe58 chore(pack-up): remove from monorepo (#20082)
463b44b fix(content-releases): fix e2e test (#20094)
24613c1 chore: support arrays
1ae222a fix: cors v5
40e16fb chore: fix prettier
cfecf3a Merge pull request #20036 from strapi/docusaurus-local-search
450055e release: 4.23.0 to develop (#20078)
6a87b37 fix(i18n): Add some space to show the Locale values in the CM (#20059)
cb00a17 chore: add watch script for all projects (#20068)
4dbfc9c Hide Locale column and grouping option when i18n plugin is not installed (#19358)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Snyk has created this PR to upgrade @strapi/strapi from 4.2.3 to 4.24.0. See this package in npm: @strapi/strapi See this project in Snyk: https://app.snyk.io/org/danilcrazy99/project/2d6e845b-5039-4b9f-974d-b701bb99023f?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @strapi/strapi from 4.2.3 to 4.24.0 #32

[Snyk] Upgrade @strapi/strapi from 4.2.3 to 4.24.0 #32

VolkovDani commented May 18, 2024

🔥 Bug fix

⚙️ Chore

📚 Update and Migration Guides

📖 Documentation

⚙️ Chore

🔥 Bug fix

📚 Update and Migration Guides

⚙️ Chore

🔥 Bug fix

🚀 New feature

💅 Enhancement

📚 Update and Migration Guides

What's Changed

⚠️ Security Warning and Notice ⚠️

🔥 Bug fix

🚀 New feature

⚙️ Chore

📚 Update and Migration Guides

💅 Enhancement

🔥 Bug fix

📚 Update and Migration Guides

[Snyk] Upgrade @strapi/strapi from 4.2.3 to 4.24.0 #32

Are you sure you want to change the base?

[Snyk] Upgrade @strapi/strapi from 4.2.3 to 4.24.0 #32

Conversation

VolkovDani commented May 18, 2024

Snyk has created this PR to upgrade @strapi/strapi from 4.2.3 to 4.24.0.

🔥 Bug fix

⚙️ Chore

📚 Update and Migration Guides

📖 Documentation

⚙️ Chore

🔥 Bug fix

📚 Update and Migration Guides

⚙️ Chore

🔥 Bug fix

🚀 New feature

💅 Enhancement

📚 Update and Migration Guides

What's Changed

⚠️ Security Warning and Notice ⚠️

🔥 Bug fix

🚀 New feature

⚙️ Chore

📚 Update and Migration Guides

💅 Enhancement

🔥 Bug fix

📚 Update and Migration Guides