[Snyk] Upgrade @strapi/plugin-users-permissions from 4.2.3 to 4.8.2

[snyk-bot]

Snyk has created this PR to upgrade @strapi/plugin-users-permissions from 4.2.3 to 4.8.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 54 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2023-03-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	SQL Injection SNYK-JS-SEQUELIZE-2959225	350/1000 Why? CVSS 7	No Known Exploit
	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	350/1000 Why? CVSS 7	No Known Exploit
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	350/1000 Why? CVSS 7	Proof of Concept
	Information Exposure SNYK-JS-SEQUELIZE-3324089	350/1000 Why? CVSS 7	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	350/1000 Why? CVSS 7	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	350/1000 Why? CVSS 7	Proof of Concept
	SQL Injection SNYK-JS-SEQUELIZE-2932027	350/1000 Why? CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @strapi/plugin-users-permissions

• 4.8.2 - 2023-03-16
  

  🔥 Bug fix

  • [core:content-manager] Disabled property for JSONInput (GenericInput) (#16033) @ alvarolozano
  • [core:content-type-builder] [Fix] CTB return private config on media types (#16060) @ Marc-Roig
  • [core:content-type-builder] ContentTypeBuilderNav: Fix plus icon size (#16085) @ gu-stav
  • [core:strapi] Fix broken populate traversal with no fragment (#16109) @ Convly

  💅 Enhancement

  • [core:admin] Update zh-Hans.json to catch up latest en.json (#16036) @ smoothdvd
  • [plugin:users-permissions] Update zh-Hans translation to match latest en.json (#16076) @ smoothdvd

  ⚙️ Chore

  • [dependencies] chore(deps): bump webpack from 5.75.0 to 5.76.0 (#16077) @ dependabot

  ---

  📚 Update and Migration Guides

  • General update guide can be found here
  • Migration guides can be found here 📚
• 4.8.1 - 2023-03-15
  

  🔥 Bug fix

  • [core:strapi] Fix invalid action mapping using unknow action (#16096) @ alexandrebodin

  ---

  📚 Update and Migration Guides

  • General update guide can be found here
  • Migration guides can be found here 📚
• 4.8.0 - 2023-03-15
  Read more
• 4.7.2-exp.24dd7d95972fa822bf43e9b095b51027402c229e - 2023-03-02
• 4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb - 2023-03-02
• 4.7.1 - 2023-03-02
  

  💅 Enhancement

  • [core:utils] [enhancement]: Improve remove password sanitization performance (#15950) @ Marc-Roig

  🔥 Bug fix

  • [core:strapi] Fix license seat undefined blocking user creation (#15962) @ alexandrebodin

  ---

  📚 Update and Migration Guides

  • General update guide can be found here
  • Migration guides can be found here 📚
• 4.7.0 - 2023-02-27
  

  🔥 Bug fix

  • [core:admin] EE [Audit Logs] Use username or email on audit logs page (#15926) @ Feranchz
  • [core:admin] Fix translations and remove useless file (#15934) @ simotae14
  • [core:strapi] add media attribute validator (#14670) @ Marc-Roig

  🚀 New feature

  • [core:data-transfer] Data Transfer Capabilities (#15607) @ Convly @ innerdvations @ christiancp100 @ Bassel17 @ simotae14 @ marcoautiero

  ⚙️ Chore

  • [core:admin] Add enforcement of seats to EE (#15734) @ ivanThePleasant
  • [core:admin] Translations and text corrections for plugins (#15794) @ hide-me

  💅 Enhancement

  • [cli] [Data Transfer] Show the progress of the transfer (#15880) @ christiancp100
  • [core:helper-plugin] Add cloud section on homepage! (#15849) @ Feranchz

  📖 Documentation

  • [docs] [documentation]: Relations reordering (#15894) @ Marc-Roig

  ---

  📚 Update and Migration Guides

  • General update guide can be found here
  • Migration guides can be found here 📚
• 4.7.0-exp.3d6a31eb083e9d44afcf98f68c107fb7567e5720 - 2023-02-24
• 4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d - 2023-02-24
• 4.7.0-beta.0 - 2023-02-09
• 4.6.2 - 2023-02-22
  Read more
• 4.6.1 - 2023-02-08
  Read more
• 4.6.0 - 2023-01-25
  Read more
• 4.6.0-beta.2 - 2023-01-18
• 4.6.0-beta.1 - 2022-12-21
• 4.6.0-beta.0 - 2022-12-14
• 4.6.0-alpha.1 - 2022-12-14
• 4.6.0-alpha.0 - 2022-11-25
• 4.5.6 - 2023-01-11
  Read more
• 4.5.5 - 2022-12-28
• 4.5.4 - 2022-12-14
• 4.5.3 - 2022-11-30
• 4.5.2 - 2022-11-22
• 4.5.1 - 2022-11-16
• 4.5.0 - 2022-11-09
• 4.5.0-beta.0 - 2022-10-12
• 4.5.0-alpha.0 - 2022-09-23
• 4.4.7 - 2022-11-04
• 4.4.6 - 2022-11-02
• 4.4.5 - 2022-10-19
• 4.4.4 - 2022-10-19
• 4.4.3 - 2022-10-05
• 4.4.2 - 2022-10-05
• 4.4.1 - 2022-09-29
• 4.4.0 - 2022-09-28
• 4.4.0-rc.1 - 2022-09-22
• 4.4.0-rc.0 - 2022-09-21
• 4.4.0-beta.4 - 2022-09-15
• 4.4.0-beta.3 - 2022-09-15
• 4.4.0-beta.1 - 2022-09-09
• 4.4.0-alpha.0 - 2022-08-25
• 4.3.9 - 2022-09-21
• 4.3.8 - 2022-09-07
• 4.3.7 - 2022-09-07
• 4.3.6 - 2022-08-24
• 4.3.5 - 2022-08-24
• 4.3.4 - 2022-08-11
• 4.3.3 - 2022-08-10
• 4.3.2 - 2022-08-01
• 4.3.2-alpha.0 - 2022-08-01
• 4.3.1 - 2022-08-01
• 4.3.0 - 2022-07-27
• 4.3.0-beta.2 - 2022-07-07
• 4.3.0-beta.1 - 2022-06-15
• 4.2.3 - 2022-07-13

from @strapi/plugin-users-permissions GitHub release notes

Commit messages

Package name: @strapi/plugin-users-permissions

• cc73bed v4.8.2
• 4fac1b6 Merge pull request #16109 from strapi/fix/traverse-populate-with-no-fragment
• 26ee279 Add tests for sanitize-query dz populate
• ae54810 Fix broken populate traversal with no fragment
• a9d1afd Merge pull request #16090 from strapi/enhance/use-api-error-handler-axios-error
• 5ed0015 Merge pull request #16015 from strapi/dependabot/npm_and_yarn/axios-1.3.4
• c34008a Bump axios from 1.2.2 to 1.3.4
• 2ec4bf2 Merge branch 'releases/4.8.1'
• b3cb13c v4.8.1
• 8775dcd Merge pull request #16096 from strapi/hotfix/4.8.0
• 9295b52 Fix api tests
• 8819379 Revert other issue
• 18fbe66 Fix tests
• eca2c57 Fix invalid action mapping using unknow action
• 1b6a692 Merge branch 'releases/4.8.0' into main
• e239e40 v4.8.0
• 17f773e useAPIErrorHandler: Improve type-safety of getPrefixedId()
• 7f11c8b useAPIErrorHandler: Stop testing react-intl internals
• 801e3db add traverse query
• ca8ddb0 Merge pull request #16085 from strapi/fix/ctb-text-button-icon-size-nav
• b53f260 useAPIErrorHandler: Handle AxiosError
• 1a8c0e3 Chrore: Update snapshot tests
• eec289d ContentTypeBuilderNav: Fix plus icon size
• 2788e4e Merge pull request #16061 from strapi/fix/relation-preperation

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs