Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @strapi/strapi from 4.0.2 to 4.15.2 #35

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade @strapi/strapi from 4.0.2 to 4.15.2 #35

wants to merge 1 commit into from

Conversation

renata-nerenata
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 No No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @strapi/strapi The new version differs by 250 commits.
  • bb51089 v4.15.2
  • f413c08 fix: add missing prepublish script (#18700)
  • 0ca0dff Merge remote-tracking branch 'origin/releases/4.15.2' into releases/4.15.3
  • ca1ec5a refactor(admin): add watch-admin flag (#18688)
  • 02973d4 Fix: Update AWS (aws-sdk) from deprecated V2 to V3 (#18557)
  • 87431e4 feat: allow passing http serverOptions from config (#18591)
  • 8403381 Fix: GraphQL validates repeatable component attributes correctly (#18647)
  • 03194ce fix(admin): use appropriate loader between jsx and tsx (#18670)
  • 477ea8e chore(admin): convert useSettingsMenu to TS (#18616)
  • e741a4a fix: import Document directly & add `ignorePrompts` CLI flag (#18668)
  • 805908b fix(admin): close webpack watch on reload (#18667)
  • 0e69461 fix(admin): build pipeline & deps (#18658)
  • 5f65fd6 fix(admin): missing env utilities (#18657)
  • f5b09a8 fix(admin): missing env utilities (#18657)
  • d6433ae chore: remove extraneous editorconfigs (#18592)
  • ae792fb Release 4.15.1 (#18646)
  • d482633 refactor(admin): auth pages to TS (#18635)
  • b6c0850 v4.15.1
  • 6008802 fix(blocks): first click on modifiers doesn't work (#18556)
  • 82d0e5b Merge pull request #18632 from strapi/chore/node-engine
  • 56d93b4 Update node engine of cloud plugin
  • 4ef442c chore: pack-up all admin packages (#18622)
  • c563f77 chore(admin): fix exports & settings links in CE (#18624)
  • 9b513a8 Merge pull request #18623 from strapi/4.15.1/hotfix-admin-bundling

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renata-nerenata @snyk-bot