[Snyk] Fix for 1 vulnerabilities #13

ekmixon · 2023-12-19T08:25:55Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

be16e47 v27.0.0
63102ec chore: update changelog for release
564694a docs(blog): Jest 27 blog post (server: provide /_status/sessions on tenants cockroachdb/docs#11131)
b68d91b feat(pretty-print): add option `printBasicPrototype` (sql: implement ON UPDATE expressions cockroachdb/docs#11441)
2226742 chore: minor simplify format results error (sql: introduce crdb_internal.statement_statistics virtual table cockroachdb/docs#11432)
78eb25d chore: remove needless assign (sql: support regrole OID alias type cockroachdb/docs#11433)
696c455 chore: update lockfile after publish
e2eb9ae v27.0.0-next.11
3b253f8 Wait for closed resources to actually close before detecting open handles (parser: SET ROLE syntax preparation cockroachdb/docs#11429)
27bee72 fix: run GC before collecting open handles (backupccl: check mismatched cluster regions on backup and restore cockroachdb/docs#11278)
50451df feat: use fallback if prettier not found (sql: require ADMIN to alter another admin cockroachdb/docs#11400)
150dbd8 chore: update lockfile after publish
6f44529 v27.0.0-next.10
cbcec7d Upgrade fsevents in jest-haste-map (sql: support COMMENT ON SCHEMA cockroachdb/docs#11428)
9633a26 feat: support reporters written in ESM (stats: use table descriptors instead of IDs cockroachdb/docs#11427)
59f42d8 fix: do not cache modules that throw during evaluation (auth: set up periodic deletion of old sessions in the web_sessions system table cockroachdb/docs#11263)
57e32e9 Detect open handles with done callbacks (tree: OPERATOR pretty printing changes cockroachdb/docs#11382)
a397607 Document and test dontThrow for custom inline snapshot matchers (Document PAUSE ALL / RESUME ALL sql syntax cockroachdb/docs#10995)
4fa3a0b feat: custom haste (Updated db initialization workflow, copied to 20.2, 21.2 cockroachdb/docs#11107)
2047a36 chore: bump deps (sql: support show default privileges for all roles cockroachdb/docs#11419)
a4358d6 chore: run prettier on changelog
bdd6282 Move all default values into `jest-config` (Spacing between paragraphs and list elements is very tight vertically cockroachdb/docs#9924)
db643a1 Link to Jest config (critical css test cockroachdb/docs#11106)
b16082c Fix locale issue Use JDBI to execute basic SQL statements in JDBC samples cockroachdb/docs#10014 (builtins: add parse and to_char_with_style variants for date types cockroachdb/docs#11412)

See the full diff

Package name: jest-cli

The new version differs by 250 commits.

be16e47 v27.0.0
63102ec chore: update changelog for release
564694a docs(blog): Jest 27 blog post (server: provide /_status/sessions on tenants cockroachdb/docs#11131)
b68d91b feat(pretty-print): add option `printBasicPrototype` (sql: implement ON UPDATE expressions cockroachdb/docs#11441)
2226742 chore: minor simplify format results error (sql: introduce crdb_internal.statement_statistics virtual table cockroachdb/docs#11432)
78eb25d chore: remove needless assign (sql: support regrole OID alias type cockroachdb/docs#11433)
696c455 chore: update lockfile after publish
e2eb9ae v27.0.0-next.11
3b253f8 Wait for closed resources to actually close before detecting open handles (parser: SET ROLE syntax preparation cockroachdb/docs#11429)
27bee72 fix: run GC before collecting open handles (backupccl: check mismatched cluster regions on backup and restore cockroachdb/docs#11278)
50451df feat: use fallback if prettier not found (sql: require ADMIN to alter another admin cockroachdb/docs#11400)
150dbd8 chore: update lockfile after publish
6f44529 v27.0.0-next.10
cbcec7d Upgrade fsevents in jest-haste-map (sql: support COMMENT ON SCHEMA cockroachdb/docs#11428)
9633a26 feat: support reporters written in ESM (stats: use table descriptors instead of IDs cockroachdb/docs#11427)
59f42d8 fix: do not cache modules that throw during evaluation (auth: set up periodic deletion of old sessions in the web_sessions system table cockroachdb/docs#11263)
57e32e9 Detect open handles with done callbacks (tree: OPERATOR pretty printing changes cockroachdb/docs#11382)
a397607 Document and test dontThrow for custom inline snapshot matchers (Document PAUSE ALL / RESUME ALL sql syntax cockroachdb/docs#10995)
4fa3a0b feat: custom haste (Updated db initialization workflow, copied to 20.2, 21.2 cockroachdb/docs#11107)
2047a36 chore: bump deps (sql: support show default privileges for all roles cockroachdb/docs#11419)
a4358d6 chore: run prettier on changelog
bdd6282 Move all default values into `jest-config` (Spacing between paragraphs and list elements is very tight vertically cockroachdb/docs#9924)
db643a1 Link to Jest config (critical css test cockroachdb/docs#11106)
b16082c Fix locale issue Use JDBI to execute basic SQL statements in JDBC samples cockroachdb/docs#10014 (builtins: add parse and to_char_with_style variants for date types cockroachdb/docs#11412)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

secure-code-warrior-for-github · 2023-12-19T08:25:59Z

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

fix: package.json to reduce vulnerabilities

90f99ce

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities #13

[Snyk] Fix for 1 vulnerabilities #13

ekmixon commented Dec 19, 2023

secure-code-warrior-for-github bot commented Dec 19, 2023

[Snyk] Fix for 1 vulnerabilities #13

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #13

Conversation

ekmixon commented Dec 19, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

secure-code-warrior-for-github bot commented Dec 19, 2023

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

Try a challenge in Secure Code Warrior