Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #23

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mmmd03
Copy link
Owner

@mmmd03 mmmd03 commented Jun 21, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @snyk/cli-interface The new version differs by 8 commits.
  • 4ac141d Merge pull request #42 from snyk/feat/loosen
  • 2389db9 feat: Loosen deps
  • 69fefad fix: Move dep-graph dep to dev/peer
  • 0ff2c5a fix: Remove TS helpers
  • 8ccb217 chore: Remove deprecated tslint rule
  • 32e7a94 Merge pull request #41 from snyk/feat/s-m-s
  • dc4996c feat: pin typescript version to 3.8
  • af6c7dd feat: upgrade dep-graph (dropping weird transitive)

See the full diff

Package name: @snyk/dep-graph The new version differs by 39 commits.

See the full diff

Package name: @snyk/snyk-cocoapods-plugin The new version differs by 2 commits.

See the full diff

Package name: os-name The new version differs by 4 commits.

See the full diff

Package name: semver The new version differs by 140 commits.

See the full diff

Package name: snyk-docker-plugin The new version differs by 173 commits.

See the full diff

Package name: snyk-go-plugin The new version differs by 8 commits.

See the full diff

Package name: snyk-gradle-plugin The new version differs by 33 commits.
  • 19fcf1e Merge pull request #166 from snyk/fix/use-latest-cli-interface
  • f74fb92 fix: use latest @ snyk/dep-graph
  • 7c53be3 fix: use latest cli-interface
  • 279d959 Merge pull request #165 from snyk/fix/use-latest-callgraph-builder
  • 839965e fix: use latest java-call-graph-builder
  • 6562d5c Merge pull request Add python cli docker images snyk/cli#163 from snyk/fix/graceful-resolvable-configs
  • 2691bf9 fix: graceful resolvable configs
  • 04d15cf Merge pull request Rename Contributor Agreement to remove space snyk/cli#162 from snyk/fix/more-than-one-line-with-jsondeps
  • f8e20ec fix: more than one line with jsondeps
  • 1e289f3 Merge pull request #161 from snyk/fix/scanning-lock-due-of-unresolved-dependencies
  • 23169a9 fix: scanning lock due of unresolved deps
  • 20b5fdc Merge pull request Testing travis snyk/cli#160 from snyk/feat/upgrade-java-callgraph-buider-119
  • e201780 feat: several fixes for gradle+android rechability analysis
  • e5fadfd Merge pull request #159 from snyk/chore/update-npmignore
  • 5ee2fe5 chore: update npmignore
  • 3633e00 Merge pull request #157 from snyk/chore/update-codeowners
  • f5d8f5a chore: update codeowners
  • 546029e Merge pull request #156 from snyk/feat/pass-gradle-util-to-call-graph-builder
  • 61805d6 feat: pass gradle util to java call graph builder
  • cc4489d Merge pull request #155 from snyk/fix/unmatched-attributes
  • 269f143 fix: gradle deps conflict resolution
  • 8bd1ddf Merge pull request #154 from snyk/fix/update-snyk-config
  • 9f3b5e4 fix: update java-call-graph-builder
  • 7c13518 Merge pull request #152 from snyk/fix/enhance-cycles-detection

See the full diff

Package name: snyk-mvn-plugin The new version differs by 32 commits.
  • 6687d19 Merge pull request #105 from snyk/fix/use-latest-cli-interface
  • 87893cc fix: use latest cli-interface
  • 15ca65c Merge pull request #104 from snyk/fix/use-latest-callgraph-builder
  • fc3cefc fix: use latest java-call-graph-builder
  • 2d7a415 Merge pull request #103 from snyk/fix/add-support-for-wars-and-aars-in-scan-all-unmanaged
  • 6fb5ba1 fix: find wars and aars file in scan-all-unmanaged mode
  • 10afade Merge pull request #100 from snyk/chore/update-codeowners
  • 41016d7 chore: update codeowners
  • 465194b Merge pull request #99 from snyk/feat/improve-class-path-discovery
  • bc0eb5f feat: use call graph builder with improved logic
  • 8691251 Merge pull request #89 from snyk/spike/support-arr-files
  • 42de521 feat: support arr unmanaged file
  • 8200beb Merge pull request #98 from snyk/fix/update-java-call-graph-builder
  • 7fb1bcf fix: better error messages and newline handling
  • b2ff9bb Merge pull request Fix missing quote in README.md sample snyk/cli#97 from snyk/fix/add-tmp-dependecy
  • eff223e fix: use Java call graph builder with tmp dependency
  • 6133b9e Merge pull request #96 from snyk/fix/handle-long-classpaths
  • 10f86df fix: use Java call graph builder with long path fix
  • fa682cc Merge pull request #95 from snyk/fix/update-snyk-config
  • 55344d4 fix: update java-call-graph-builder
  • 7f7bbec Merge pull request #94 from snyk/feat/windows-fix-for-reachable-vulns
  • e00d815 feat: bump java call graph builder to fix windows issue
  • 3a0360c Merge pull request #93 from snyk/feat/do-not-display-logs-downloading-call-graph
  • 89fd14c feat: do not display logs while downloading the call graph generator

See the full diff

Package name: snyk-policy The new version differs by 17 commits.
  • cc835cc Merge pull request #48 from snyk/feat/semver-7
  • 5a70662 feat: upgrade semver to 7
  • 76b7ffc Merge pull request #44 from snyk/feat/drop-then-fs-2
  • 74df76d feat: bump snyk deps to pick up then-fs drops
  • 14b204a Merge pull request #45 from snyk/feat/update_node+_version
  • 3303d2a feat: move policy to node 8
  • a4aead4 Merge pull request #43 from snyk/feat/drop-then-fs
  • 43d6ec1 feat: swap out then-fs for promise-fs
  • dec6970 Merge pull request #41 from snyk/feat/prettier-dev
  • 371ffc4 feat: prettier is a dev dependency
  • 5a50d0e Merge pull request chore: 'npm run build' in appveyor snyk/cli#40 from snyk/feat/module
  • 290a166 feat: bump snyk-module (no more node 6)
  • 19ec76a Merge pull request #37 from snyk/chore/prettier
  • 1e7f331 chore: prettier
  • 997351c chore: intellij's var2const
  • b143a76 Merge pull request #36 from snyk/chore/update_patch_fixture_urls
  • eef4096 chore: Update fixtures to correct patch urls

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants