[Snyk] Fix for 4 vulnerabilities #4

serVmik · 2023-04-21T04:17:33Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
893/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 10	Improper Neutralization of Special Elements Used in a Template Engine SNYK-JS-STRAPIPLUGINEMAIL-5431383	No	Proof of Concept
696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Authentication Bypass SNYK-JS-STRAPIPLUGINUSERSPERMISSIONS-5431308	No	No Known Exploit
893/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 10	Improper Neutralization of Special Elements Used in a Template Engine SNYK-JS-STRAPIPLUGINUSERSPERMISSIONS-5431382	No	Proof of Concept
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-STRAPISTRAPI-5431394	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @strapi/plugin-users-permissions

The new version differs by 250 commits.

a9e5543 v4.6.0
ded9dfc Merge pull request #15580 from strapi/fix/ignore-audit-log-on-data-transfer
cdcd83d Ignore admin::audit-log on import/export
e72d2a0 Fix clean script for data-transfer
b23bba9 Merge pull request #15147 from strapi/chore/online-license-skeleton
3fd5bbc Merge pull request #15036 from strapi/features/deits
e6ae4da Merge pull request #15578 from strapi/chore/remove-fontawesome-deps-audit
ef4f25a Chore: Remove fontawesome dependencies
a0b344e Fix audit logs test
0546a82 Update transaction to its latest API
950dda7 Update SSO error message
f3550ce Add audit logs support & update the features API
0da8157 Add devide ID in the payload of the license check
49727cb Replace comments with JSDoc
0609de2 Populate default features array even during init
e1e812d Remove double ee check
6fe16dc Add shiftCronExpression utils
5f86716 Apply Alex's missing feedback
c433691 Use ee_store instead of the core_store
f4ef160 Rework license fetching and add error handling
2aecf83 Add cron job to dynamically update the license
b37a8be Add online license check
5a2b379 Runtime server feature flag
9211620 Get features from the licenseInfo for the default type mapping

Package name: @strapi/strapi

The new version differs by 250 commits.

e239e40 v4.8.0
801e3db add traverse query
2788e4e Merge pull request #16061 from strapi/fix/relation-preperation
21b43ba fix: fix: Different field types with the same name break CM EditView
947069e Merge pull request #16010 from strapi/chore/rbac-ce
c4a48a1 Change chunk name
2eb85b1 Merge branch 'main' into chore/rbac-ce
959cf6c Merge pull request #16033 from alvarolozano/genericinput-json-disabled
f78ba41 Merge pull request #15778 from strapi/fix/non-required-json-input
4f462fb Remove unused assets
2a9979a Merge branch 'main' into genericinput-json-disabled
1971104 Merge pull request #15895 from strapi/data-transfer/limit-token-name-length
7533a8d Merge branch 'main' into fix/non-required-json-input
87ca2cc Merge branch 'main' into data-transfer/limit-token-name-length
6f225b6 Merge branch 'main' of github.com:strapi/strapi into chore/rbac-ce
29dadec Feedbacks
b5b5c58 Disabled property for JSONInput (GenericInput)
98632e1 Merge pull request #16029 from iamtofr/fix/AssetGridList-uniqueKey
b1e105f move unique key up in hierarchy
3a149fe Merge branch 'main' into data-transfer/limit-token-name-length
51a6c11 Merge pull request #16024 from strapi/chore/update-D
eae7fc9 chore: update DS to 1.6.5 and fix a unit test
961938a Merge pull request #16012 from strapi/fix/audit-logs-test-error
49df2f4 Merge pull request #15974 from strapi/enhancement/transfer-error-messaging