Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: jest, , , , , , , , , , , , , , , , , , aws-sdk, contentful-management, dotenv, eslint, graphql, keyv, prettier, serverless, serverless-dotenv-plugin, serverless-offline, serverless-offline-sqs, serverless-plugin-typescript, ts-jest, ts-node, typescript #391

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

jest
from 29.3.1 to 29.7.0 | 11 versions ahead of your current version | a year ago
on 2023-09-12
@apollo/server
from 4.3.0 to 4.11.0 | 28 versions ahead of your current version | a month ago
on 2024-08-08
@apollo/utils.keyvadapter
from 2.0.0 to 3.1.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-14
@as-integrations/aws-lambda
from 1.2.1 to 3.1.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-11
@aws-sdk/client-sqs
from 3.259.0 to 3.637.0 | 184 versions ahead of your current version | a month ago
on 2024-08-22
@aws-sdk/types
from 3.267.0 to 3.609.0 | 51 versions ahead of your current version | 3 months ago
on 2024-07-02
@graphql-codegen/cli
from 2.16.4 to 5.0.2 | 862 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 7 months ago
on 2024-02-06
@graphql-codegen/introspection
from 2.2.3 to 4.0.3 | 734 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 7 months ago
on 2024-02-20
@graphql-codegen/typescript
from 2.8.7 to 4.0.9 | 1437 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-07-02
@graphql-codegen/typescript-resolvers
from 2.7.12 to 4.2.1 | 1571 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-07-02
@graphql-tools/executor
from 0.0.12 to 1.3.1 | 136 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-07
@graphql-tools/merge
from 8.3.15 to 9.0.6 | 125 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-16
@keyv/redis
from 2.5.4 to 3.0.1 | 17 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-21
@types/aws-lambda
from 8.10.109 to 8.10.145 | 36 versions ahead of your current version | 22 days ago
on 2024-08-28
@types/jest
from 29.2.5 to 29.5.12 | 19 versions ahead of your current version | 8 months ago
on 2024-02-01
@types/node
from 18.11.18 to 22.5.1 | 288 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 22 days ago
on 2024-08-28
@typescript-eslint/eslint-plugin
from 5.48.2 to 8.3.0 | 1212 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 23 days ago
on 2024-08-26
@typescript-eslint/parser
from 5.48.2 to 8.3.0 | 1248 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 23 days ago
on 2024-08-26
aws-sdk
from 2.1306.0 to 2.1684.0 | 378 versions ahead of your current version | 22 days ago
on 2024-08-27
contentful-management
from 10.26.0 to 11.31.9 | 151 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 23 days ago
on 2024-08-27
dotenv
from 16.0.3 to 16.4.5 | 17 versions ahead of your current version | 7 months ago
on 2024-02-20
eslint
from 8.32.0 to 9.9.1 | 45 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-23
graphql
from 16.6.0 to 16.9.0 | 8 versions ahead of your current version | 3 months ago
on 2024-06-21
keyv
from 4.5.2 to 5.0.1 | 5 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-21
prettier
from 2.8.3 to 3.3.3 | 34 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-13
serverless
from 3.26.0 to 4.2.4 | 220 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 23 days ago
on 2024-08-26
serverless-dotenv-plugin
from 4.0.2 to 6.0.0 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
on 2023-03-19
serverless-offline
from 12.0.4 to 14.2.0 | 22 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-22
serverless-offline-sqs
from 7.3.2 to 8.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 10 months ago
on 2023-11-06
serverless-plugin-typescript
from 2.1.4 to 2.1.5 | 1 version ahead of your current version | a year ago
on 2023-06-05
ts-jest
from 29.0.5 to 29.2.5 | 12 versions ahead of your current version | a month ago
on 2024-08-23
ts-node
from 10.9.1 to 10.9.2 | 1 version ahead of your current version | 9 months ago
on 2023-12-08
typescript
from 4.9.4 to 5.5.4 | 596 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-22

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
67 Proof of Concept
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459
67 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-FASTXMLPARSER-5668858
67 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
67 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874
67 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857
67 Proof of Concept
medium severity Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-DECOMPRESSTAR-559095
67 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-FASTXMLPARSER-3325616
67 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-FASTXMLPARSER-7573289
67 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-GRAPHQL-5905181
67 Proof of Concept
low severity Cross-site Scripting (XSS)
SNYK-JS-APOLLOSERVER-5711899
67 No Known Exploit
low severity Information Exposure
SNYK-JS-APOLLOSERVER-5876619
67 No Known Exploit
Release notes
Package name: jest
  • 29.7.0 - 2023-09-12

    Features

    • [create-jest] Add npm init / yarn create initialiser for Jest projects (#14465)
    • [jest-validate] Allow deprecation warnings for unknown options (#14499)

    Fixes

    • [jest-resolver] Replace unmatched capture groups in moduleNameMapper with empty string instead of undefined (#14507)
    • [jest-snapshot] Allow for strings as well as template literals in inline snapshots (#14465)
    • [@ jest/test-sequencer] Calculate test runtime if perStats.duration is missing (#14473)

    Performance

    • [@ jest/create-cache-key-function] Cache access of NODE_ENV and BABEL_ENV (#14455)

    Chore & Maintenance

    • [jest-cli] Move internal config initialisation logic to the create-jest package (#14465)

    New Contributors

    Full Changelog: v29.6.4...v29.7.0

  • 29.6.4 - 2023-08-24

    Fixes

    • [jest-core] Fix typo in scheduleAndRun performance marker (#14434)
    • [jest-environment-node] Make sure atob and btoa are writeable in Node 20 (#14446)
    • [jest-worker] Additional error wrapper for parentPort.postMessage to fix unhandled DataCloneError. (#14437)

    New Contributors

    Full Changelog: v29.6.3...v29.6.4

  • 29.6.3 - 2023-08-21

    Fixes

    • [expect, @ jest/expect-utils] ObjectContaining support symbol as key (#14414)
    • [expect] Remove @ types/node from dependencies (#14385)
    • [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
    • [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
    • [jest-mock] Revert #13692 as it was a breaking change (#14429)
    • [jest-mock] Revert #13866 as it was a breaking change (#14429)
    • [jest-mock] Revert #13867 as it was a breaking change (#14429)
    • [@ jest/reporters] Marks Reporter's hooks as optional (#14433)
    • [jest-runtime] Fix dynamic ESM import module bug when loaded module through jest.isolateModulesAsync (#14397)

    Chore & Maintenance

    • [jest-changed-files, jest-circus, jest-console, @ jest/core, @ jest/runtime, @ jest/transform] Use invariant and notEmpty from jest-util rather than own internal (#14366)

    New Contributors

    Full Changelog: v29.6.2...v29.6.3

  • 29.6.2 - 2023-07-27

    Fixes

    • [jest-circus] Fix snapshot matchers in concurrent tests when nr of tests exceeds maxConcurrency (#14335)
    • [@ jest/core] When running global setup and teardown, do not try to change the message property of the thrown error object when the message property is unwritable (#14113)
    • [jest-snapshot] Move @ types/prettier from dependencies to devDependencies (#14328)
    • [jest-snapshot] Throw an explicit error if Prettier v3 is used (#14367)
    • [jest-reporters] Add "skipped" and "todo" symbols to Github Actions Reporter (#14309)

    Chore & Maintenance

    • [@ jest/core] Use pluralize from jest-util rather than own internal (#14322)

    New Contributors

    Full Changelog: v29.6.1...v29.6.2

  • 29.6.1 - 2023-07-06

    Fixes

    • [jest-circus] Revert #14110 as it was a breaking change (#14304)

    Full Changelog: v29.6.0...v29.6.1

  • 29.6.0 - 2023-07-04

    Features

    • [jest-circus, jest-snapshot] Add support for snapshot matchers in concurrent tests (#14139)
    • [jest-cli] Include type definitions to generated config files (#14078)
    • [jest-snapshot] Support arrays as property matchers (#14025)
    • [jest-core, jest-circus, jest-reporter, jest-runner] Added support for reporting about start individual test cases using jest-circus (#14174)

    Fixes

    • [jest-circus] Prevent false test failures caused by promise rejections handled asynchronously (#14110)
    • [jest-config] Handle frozen config object (#14054)
    • [jest-config] Allow coverageDirectory and collectCoverageFrom in project config (#14180)
    • [jest-core] Always use workers in watch mode to avoid crashes (#14059).
    • [jest-environment-jsdom, jest-environment-node] Fix assignment of customExportConditions via testEnvironmentOptions when custom env subclass defines a default value (#13989)
    • [jest-matcher-utils] Fix copying value of inherited getters (#14007)
    • [jest-mock] Tweak typings to allow jest.replaceProperty() replace methods (#14008)
    • [jest-mock] Improve user input validation and error messages of spyOn and replaceProperty methods (#14087)
    • [jest-runtime] Bind jest.isolateModulesAsync to this (#14083)
    • [jest-runtime] Forward wrapperLength to the Script constructor as columnOffset for accurate debugging (#14148)
    • [jest-runtime] Guard _isMockFunction access with in (#14188)
    • [jest-snapshot] Fix a potential bug when not using prettier and improve performance (#14036)
    • [@ jest/transform] Do not instrument .json modules (#14048)
    • [jest-worker] Restart a shut down worker before sending it a task (#14015)

    Chore & Maintenance

    • [*] Update semver dependency to get vulnerability fix (#14262)
    • [docs] Updated documentation for the --runTestsByPath CLI command (#14004)
    • [docs] Updated documentation regarding the synchronous fallback when asynchronous code transforms are unavailable (#14056)
    • [docs] Update jest statistics of use and downloads in website Index.

    New Contributors

    Full Changelog: v29.5.0...v29.6.0

  • 29.5.0 - 2023-03-06

    Features

    • [jest-changed-files] Support Sapling (#13941)
    • [jest-circus, @ jest/cli, jest-config] Add feature to randomize order of tests via CLI flag or through the config file(#12922)
    • [jest-cli, jest-config, @ jest/core, jest-haste-map, @ jest/reporters, jest-runner, jest-runtime, @ jest/types] Add workerThreads configuration option to allow using worker threads for parallelization (#13939)
    • [jest-cli] Export yargsOptions (#13970)
    • [jest-config] Add openHandlesTimeout option to configure possible open handles warning. (#13875)
    • [@ jest/create-cache-key-function] Allow passing length argument to createCacheKey() function and set its default value to 16 on Windows (#13827)
    • [jest-message-util] Add support for AggregateError (#13946 & #13947)
    • [jest-message-util] Add support for Error causes in test and it (#13935 & #13966)
    • [jest-reporters] Add summaryThreshold option to summary reporter to allow overriding the internal threshold that is used to print the summary of all failed tests when the number of test suites surpasses it (#13895)
    • [jest-runtime] Expose @ sinonjs/fake-timers async APIs functions advanceTimersByTimeAsync(msToRun) (tickAsync(msToRun)), advanceTimersToNextTimerAsync(steps) (nextAsync), runAllTimersAsync (runAllAsync), and runOnlyPendingTimersAsync (runToLastAsync) (#13981)
    • [jest-runtime, @ jest/transform] Allow V8 coverage provider to collect coverage from files which were not loaded explicitly (#13974)
    • [jest-snapshot] Add support to cts and mts TypeScript files to inline snapshots (#13975)
    • [jest-worker] Add start method to worker farms (#13937)
    • [jest-worker] Support passing a URL as path to worker (#13982)

    Fixes

    • [babel-plugin-jest-hoist] Fix unwanted hoisting of nested jest usages (#13952)
    • [jest-circus] Send test case results for todo tests (#13915)
    • [jest-circus] Update message printed on test timeout (#13830)
    • [jest-circus] Avoid creating the word "testfalse" when takesDoneCallback is false in the message printed on test timeout AND updated timeouts test (#13954)
    • [jest-environment-jsdom] Stop setting document to null on teardown (#13972)
    • [@ jest/expect-utils] Update toStrictEqual() to be able to check jest.fn().mock.calls (#13960)
    • [@ jest/test-result] Allow TestResultsProcessor type to return a Promise (#13950)

    Chore & Maintenance

    • [jest-snapshot] Remove dependency on jest-haste-map (#13977)

    New Contributors

    Full Changelog: v29.4.3...v29.5.0

  • 29.4.3 - 2023-02-15

    Features

    • [expect] Update toThrow() to be able to use error causes (#13606)
    • [jest-core] allow to use workerIdleMemoryLimit with only 1 worker or runInBand option (#13846)
    • [jest-message-util] Add support for error causes (#13868 & #13912)
    • [jest-runtime] Revert import assertions for JSON modules as it's been relegated to Stage 2 (#13911)

    Fixes

    • [@ jest/expect-utils] subsetEquality should consider also an object's inherited string keys (#13824)
    • [jest-mock] Clear mock state when jest.restoreAllMocks() is called (#13867)
    • [jest-mock] Prevent mockImplementationOnce and mockReturnValueOnce bleeding into withImplementation (#13888)
    • [jest-mock] Do not restore mocks when jest.resetAllMocks() is called (#13866)

    New Contributors

    Full Changelog: v29.4.2...v29.4.3

  • 29.4.2 - 2023-02-07

    Features

    Fixes

    • [expect, @ jest/expect] Provide type of actual as a generic argument to Matchers to allow better-typed extensions (#13848)
    • [jest-circus] Added explicit mention of test failing because done() is not being called in error message (#13847)
    • [jest-runtime] Handle CJS re-exports of node core modules from ESM (

Snyk has created this PR to upgrade:
  - jest from 29.3.1 to 29.7.0.
    See this package in npm: https://www.npmjs.com/package/jest
  - @apollo/server from 4.3.0 to 4.11.0.
    See this package in npm: https://www.npmjs.com/package/@apollo/server
  - @apollo/utils.keyvadapter from 2.0.0 to 3.1.0.
    See this package in npm: https://www.npmjs.com/package/@apollo/utils.keyvadapter
  - @as-integrations/aws-lambda from 1.2.1 to 3.1.0.
    See this package in npm: https://www.npmjs.com/package/@as-integrations/aws-lambda
  - @aws-sdk/client-sqs from 3.259.0 to 3.637.0.
    See this package in npm: https://www.npmjs.com/package/@aws-sdk/client-sqs
  - @aws-sdk/types from 3.267.0 to 3.609.0.
    See this package in npm: https://www.npmjs.com/package/@aws-sdk/types
  - @graphql-codegen/cli from 2.16.4 to 5.0.2.
    See this package in npm: https://www.npmjs.com/package/@graphql-codegen/cli
  - @graphql-codegen/introspection from 2.2.3 to 4.0.3.
    See this package in npm: https://www.npmjs.com/package/@graphql-codegen/introspection
  - @graphql-codegen/typescript from 2.8.7 to 4.0.9.
    See this package in npm: https://www.npmjs.com/package/@graphql-codegen/typescript
  - @graphql-codegen/typescript-resolvers from 2.7.12 to 4.2.1.
    See this package in npm: https://www.npmjs.com/package/@graphql-codegen/typescript-resolvers
  - @graphql-tools/executor from 0.0.12 to 1.3.1.
    See this package in npm: https://www.npmjs.com/package/@graphql-tools/executor
  - @graphql-tools/merge from 8.3.15 to 9.0.6.
    See this package in npm: https://www.npmjs.com/package/@graphql-tools/merge
  - @keyv/redis from 2.5.4 to 3.0.1.
    See this package in npm: https://www.npmjs.com/package/@keyv/redis
  - @types/aws-lambda from 8.10.109 to 8.10.145.
    See this package in npm: https://www.npmjs.com/package/@types/aws-lambda
  - @types/jest from 29.2.5 to 29.5.12.
    See this package in npm: https://www.npmjs.com/package/@types/jest
  - @types/node from 18.11.18 to 22.5.1.
    See this package in npm: https://www.npmjs.com/package/@types/node
  - @typescript-eslint/eslint-plugin from 5.48.2 to 8.3.0.
    See this package in npm: https://www.npmjs.com/package/@typescript-eslint/eslint-plugin
  - @typescript-eslint/parser from 5.48.2 to 8.3.0.
    See this package in npm: https://www.npmjs.com/package/@typescript-eslint/parser
  - aws-sdk from 2.1306.0 to 2.1684.0.
    See this package in npm: https://www.npmjs.com/package/aws-sdk
  - contentful-management from 10.26.0 to 11.31.9.
    See this package in npm: https://www.npmjs.com/package/contentful-management
  - dotenv from 16.0.3 to 16.4.5.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - eslint from 8.32.0 to 9.9.1.
    See this package in npm: https://www.npmjs.com/package/eslint
  - graphql from 16.6.0 to 16.9.0.
    See this package in npm: https://www.npmjs.com/package/graphql
  - keyv from 4.5.2 to 5.0.1.
    See this package in npm: https://www.npmjs.com/package/keyv
  - prettier from 2.8.3 to 3.3.3.
    See this package in npm: https://www.npmjs.com/package/prettier
  - serverless from 3.26.0 to 4.2.4.
    See this package in npm: https://www.npmjs.com/package/serverless
  - serverless-dotenv-plugin from 4.0.2 to 6.0.0.
    See this package in npm: https://www.npmjs.com/package/serverless-dotenv-plugin
  - serverless-offline from 12.0.4 to 14.2.0.
    See this package in npm: https://www.npmjs.com/package/serverless-offline
  - serverless-offline-sqs from 7.3.2 to 8.0.0.
    See this package in npm: https://www.npmjs.com/package/serverless-offline-sqs
  - serverless-plugin-typescript from 2.1.4 to 2.1.5.
    See this package in npm: https://www.npmjs.com/package/serverless-plugin-typescript
  - ts-jest from 29.0.5 to 29.2.5.
    See this package in npm: https://www.npmjs.com/package/ts-jest
  - ts-node from 10.9.1 to 10.9.2.
    See this package in npm: https://www.npmjs.com/package/ts-node
  - typescript from 4.9.4 to 5.5.4.
    See this package in npm: https://www.npmjs.com/package/typescript

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/243f21d0-fd1c-4b6d-9810-5bd8a28619aa?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

google-cla bot commented Sep 18, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants