Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #732

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

aliscco
Copy link
Owner

@aliscco aliscco commented Jun 25, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node_modules/eslint/node_modules/cross-spawn/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @commitlint/cli The new version differs by 250 commits.
  • ed437d2 v17.0.0
  • daeeb49 chore(config-nx-scopes)!: migrate @ nrwl/tao to nx following 13.9.0 release (#3135)
  • 8db72f0 fix: update dependency yargs to v17.5.1 (#3183)
  • 2f68961 chore: deps (#3182)
  • 63ddea8 chore: update chalk (#3181)
  • 15e3c37 chore: update typescript (#3180)
  • 6653220 chore: update jest monorepo (major) (#3144)
  • ea5fa87 chore: update dependency husky to v8 (#3164)
  • ac5f9b4 chore!: minimum node version v14 (#3128)
  • 6dbc982 docs: remove scope-case rule #3157 (#3178)
  • 95f6b7c docs: align subject case rule in readme #3159 (#3179)
  • 0f86cbf chore: update dependency eslint-plugin-jest to v26.2.2 (#3177)
  • 211f514 v16.3.0
  • 522e4eb chore: update dependency eslint-plugin-jest to v26.2.0 (#3176)
  • a214de9 chore: update dependency @ types/node to v12.20.52 (#3175)
  • 956483b chore: update dependency @ types/node to v12.20.52 (#3174)
  • d467f12 docs: fix package name in config-angular README (#3173)
  • dd32d39 chore: update dependency @ nrwl/tao to v13.10.4 (#3172)
  • e595693 feat: add ability to filter Nx projects in @ commitlint/config-nx-scopes (#3155)
  • 4209622 chore: update dependency @ types/jest to v27.5.1 (#3170)
  • 0e6542b fix: update dependency yargs to v17.5.0 (#3171)
  • 66a9c99 chore: update dependency @ types/node to v12.20.51 (#3167)
  • c641e80 chore: update dependency @ types/node to v12.20.51 (#3168)
  • 64a9dd3 chore: update typescript-eslint monorepo to v5.23.0 (#3166)

See the full diff

Package name: babel-jest The new version differs by 209 commits.
  • 170eee1 fix: expose vm context directly from test envs (#9428)
  • e818dca feat: add support for .mjs config (#9431)
  • 8236779 Fix: Prevent maintaining RegExp state between multiple tests (#9289)
  • f19adb1 chore: bump babel (#9427)
  • 2ece4f9 Do not highlight matched asymmetricMatcher in diffs (#9257)
  • 2839036 chore: sort entries in changelog
  • 7ee717d Fix pretty-format to respect displayName on forwardRef. (#9422)
  • abaea37 Normalize --findRelatedTests paths on win32 platforms (#8961)
  • c8c4c4e jest-snapshot: Fix regression in diff for jest-snapshot-seriali… (#9419)
  • 17f6c83 jest-reporters: Use global coverage thresholds as high watermarks (#9416)
  • 72040d9 Avoid clashes with other globals in type declaration (#9415)
  • 5e5db14 Images of snapshot colors for Jest 25 blog (#9410)
  • a31fc41 jest-core: optimize collecting collectCoverageFrom (#9399)
  • 7f69176 chore: bump deps (#9394)
  • 5236155 chore: fix supporter fetching script on node 8
  • 282f400 chore: fetch open collective supporters via gql api (#9377)
  • 8c20a8d chore: deploy website when website deploy script changes (#9375)
  • 4425a1f fix(website): make sure to fetch supporters when deploying the website
  • 5014025 chore: bump @ types/micromatch to ^4.0.0 (#9369)
  • 9419034 Resolve dynamic dependencies correctly when a mapping exists (#9303)
  • a2fcda6 docs: Use `Object.defineProperty()` for stubbing global propert… (#9288)
  • acb9c09 chore: fix examples dependencies (#9344)
  • bc86f50 Add helpful link to custom transformer in the 'transform' confi… (#9309)
  • 75843e3 chore: refresh lockfile (#9338)

See the full diff

Package name: eslint The new version differs by 250 commits.
  • 3dd6741 7.0.0
  • 9a722f9 Build: changelog update for 7.0.0
  • b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
  • 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
  • 401a687 Chore: fix rules list for prereleases (#13230)
  • 4ef6158 Breaking: espree@7.0.0 (#13270)
  • b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
  • 356fdb4 Docs: add migration guide (#12692)
  • 015edf6 Sponsors: Sync README with website
  • fdfa364 7.0.0-rc.0
  • 8d1b4db Build: changelog update for 7.0.0-rc.0
  • 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
  • d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
  • 2ce6bed Chore: added tests for nested arrays (#13145)
  • d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
  • 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
  • bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
  • 3eeae56 Upgrade: some (dev) deps (#13155)
  • 6b7030b Chore: Run tests on Node.js v14 (#13210)
  • ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
  • 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
  • 56d2bee Docs: fix typos (#13204)
  • e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
  • e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: eslint-config-moxy The new version differs by 17 commits.

See the full diff

Package name: husky The new version differs by 5 commits.

See the full diff

Package name: jest The new version differs by 250 commits.
  • 343532a v26.0.0
  • 075854a chore: update changelog for release
  • 68b65af v26.0.0-alpha.2
  • d30a586 fix: disallow hook definitions in tests (#9957)
  • 3375ac3 chore: remove unused prettier uninstall step from CI
  • 0a63d40 fix: absolute path moduleNameMapper + jest.mock issue (#8727)
  • 03dbb2f chore: fix watch mode test with utimes (#9967)
  • 68d12d5 chore: skip broken test on windows (#9966)
  • e8e8146 align circus with jasmine's top-to-bottom execution order (#9965)
  • 968a301 Fix invalid re-run of tests in watch mode (#7347)
  • 5d1be03 chore: fix windows CI (#9964)
  • 2bac04f v26.0.0-alpha.1
  • c665f22 feat: add `createMockFromModule` to replace `genMockFromModule` (#9962)
  • 8147af1 chore: improve error on module not found (#9963)
  • 71631f6 feat: add new 'modern' implementation of Fake Timers (#7776)
  • d7f3427 chore: rename LolexFakeTimers to ModernFakeTimers (#9960)
  • 2c7682c Update index.js (#9095)
  • 5a16415 docs: Updated Testing Frameworks guide with React; make it generic (#9106)
  • 4216b86 updated docs regarding testSequencer (#9174)
  • 2e8f8d5 fix: handle `null` being passed to `createTransformer` (#9955)
  • 7a3c997 jest-circus: throw if a test / hook is defined asynchronously (#8096)
  • 42f920c chore: update ts-eslint (#9953)
  • 3078172 Updated config docs with default transform value (#8583)
  • b6052e0 Update jest-phabricator documentation (#8662)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

…uce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants