New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 3 vulnerabilities #2

Merged

Jvr2022 merged 1 commit into Dev from snyk-fix-92c2e4bf536507cecd362f55a3e1e3bf

Oct 12, 2024

Owner

Jvr2022 commented Oct 12, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- generator/package.json
- generator/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	No	Proof of Concept
	666/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @testing-library/jest-dom

The new version differs by 34 commits.

4b764b9 feat: local types, supporting jest, @ jest/globals, vitest (SPOMultiGeoCompanyAllowedDataLocation microsoft/Microsoft365DSC#511)
d717c66 feat: New `toHaveAccessibleErrorMessage` better implementing the spec, deprecate `toHaveErrorMessage` (TeamsPSTNGateway microsoft/Microsoft365DSC#503)
948d90f fix: migrate ccs v3 to @ adobe/css-tools v4 (Issue #467 duplicate groups microsoft/Microsoft365DSC#470)
af18453 fix: Support unenclosed inner text for details elements in to be visible (Office365DSC.Reverse.ps1 microsoft/Microsoft365DSC#396)
6988a67 fix: clarify toHaveFocus message when using `.not` (AADMSGroupLifecyclePolicy microsoft/Microsoft365DSC#447)
4d0ceeb docs: add ashleyryan as a contributor for code, ideas (EXOAddressList multi value fix microsoft/Microsoft365DSC#434)
1f389f8 docs: add astorije as a contributor for code, ideas (Added a new cmdlet Assert-O365DSCTemplate microsoft/Microsoft365DSC#433)
8162115 fix: add custom element support to `toBeDisabled` (EXOEmailAddressPolicy microsoft/Microsoft365DSC#368)
3094eb1 docs: add cbroeren as a contributor for doc (Special character escaping problems microsoft/Microsoft365DSC#432)
43a420a docs: Fix wrong toHaveValue example (Idea: Validation when generating PowerShell for Office365TenantConfig.ps1 microsoft/Microsoft365DSC#431)
a9beb47 fix: Improve `toHaveClass` error message format (Sprint 7 prep microsoft/Microsoft365DSC#405)
6f69437 docs: add IanVS as a contributor for code (Could not find mandatory property Identity. Add this property and try again. microsoft/Microsoft365DSC#423)
de26c7a feat: Update aria-query to 5.0.0 (EXORoleAssignmentPolicy microsoft/Microsoft365DSC#414)
dfcefa2 fix: wrong deprecate error message (Fixes to SPOSiteGroup Extraction microsoft/Microsoft365DSC#422)
4cb606c feat: import parse directly from css (EXOManagementRole microsoft/Microsoft365DSC#415)
35ab97d docs: add yannbf as a contributor for code (ODSettings - Fixing issue where Set-SPOTenant was being called with Ensure microsoft/Microsoft365DSC#416)
8876038 docs: add MatanBobi as a contributor for platform (EXOMalwareFilterRule: fixed RecipientDomainIs,ExceptIfRecipientDomainIs to be arrays microsoft/Microsoft365DSC#410)
d085039 chore: set protocol for npm to `https` (O365User, O365Group: Extract more than first 100 microsoft/Microsoft365DSC#409)
d24b6be docs: add tu4mo as a contributor for doc (updated the UI with the new EXO resources microsoft/Microsoft365DSC#386)
51ea536 chore: upgrade to Jest 27 (EXOApplicationAccessPolicy microsoft/Microsoft365DSC#384)
60832f6 Fix typo (TeamsTeam: Added Ensure param to PSBoundParameters microsoft/Microsoft365DSC#385)
0e34a35 docs: add icecream17 as a contributor for doc (SCComplianceSearchAction 'Preview' type is not handled correctly microsoft/Microsoft365DSC#381)
eccbfcf fix grammar (Add EXOOfflineAddressBook microsoft/Microsoft365DSC#380)
fc9ce6d fix: Updates deprecated matchers info (EXOAddressBookPolicy microsoft/Microsoft365DSC#378)

See the full diff

Package name: @testing-library/react

The new version differs by 86 commits.

a4744fa feat: Move `@ testing-library/dom` and `@ types/react-dom` to peer dependencies (Removed dependencies on old Planner module and updated Teams dependency microsoft/Microsoft365DSC#1305)
c1f2957 fix: Ensure `act` is not `any` when `React.act` is not declared (Fixed Integration Tests microsoft/Microsoft365DSC#1323)
b6e59f7 fix: export new act when available (Delete LICENSE microsoft/Microsoft365DSC#1319)
f6a1677 chore: Adjust tests to workaround 18.3.0 bug (Delete .gitattributes microsoft/Microsoft365DSC#1315)
d143f46 fix: Stop restricting `container` option based on `hydrate` (Delete Tests directory microsoft/Microsoft365DSC#1313)
48282c2 fix: Ensure `renderHook` options extend options for `render` (Updated MSCloudLoginAssistant to 1.0.54 microsoft/Microsoft365DSC#1308)
067d0c6 fix: Don't raise TypeScript errors when hydating `document` (Retrieve AutoExpandingArchive object value microsoft/Microsoft365DSC#1304)
c63b873 fix: Improve `legacyRoot` error message (#1301)
1645d21 fix: Stop using nullish coalescing (export Azure AD policy and import with .mof file with error microsoft/Microsoft365DSC#1299)
787cb85 Release: 15.0.0 (Error when running Start-DSCConfiguration microsoft/Microsoft365DSC#1295)
9c4a46d feat: Add support for React 19 Canary (Release 1.21.707.1 microsoft/Microsoft365DSC#1294)
4e10ba3 chore: change canary version to specific prefix (Fixing Colors Name from Grey to Gray microsoft/Microsoft365DSC#1290)
cf045b4 chore: Update Codecov configuration to latest (Delta report fix for null arrays microsoft/Microsoft365DSC#1289)
3da62fd fix: Remove unused types (Fixes for EXOSharedMailbox microsoft/Microsoft365DSC#1287)
7e42f4e chore: Fix tests (Fixes DKIM Signing Remove logic microsoft/Microsoft365DSC#1288)
edb6344 docs: add trappar as a contributor for code (#1273)
55e79c2 fix: Update types to support all possible react component return values (#1272)
4509fb6 docs: add yinm as a contributor for code (Fix Export for SPOSiteAuditSettings microsoft/Microsoft365DSC#1269)
0880eba feat: add `reactStrictMode` option to enable strict mode render (Release 1.21.526.2 microsoft/Microsoft365DSC#1241)
03a301f chore: update stackblitz url in issue template (#1258)
1c67477 fix: revert missing hooks warnings (Release 1.21.602.1 microsoft/Microsoft365DSC#1255)
fd52a59 fix: log globals warning only once (Fix Export of TeamsChannel microsoft/Microsoft365DSC#1252)
d80319f feat: add warnings when globals are missing (Update MSFT_EXOOrganizationConfig.psm1 microsoft/Microsoft365DSC#1244)
c04b8f0 docs: add cmdcolin as a contributor for doc (Release 1.21.526.1 microsoft/Microsoft365DSC#1238)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)


          fix: generator/package.json & generator/package-lock.json to reduce v…

73b382c

…ulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106

Jvr2022 merged commit 8959573 into Dev

1 check passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet