+
Skip to content

[Snyk] Fix for 1 vulnerabilities #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Snyk] Fix for 1 vulnerabilities #199

wants to merge 1 commit into from

Conversation

paulineribeyre
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: babel-jest The new version differs by 250 commits.
  • be16e47 v27.0.0
  • 63102ec chore: update changelog for release
  • 564694a docs(blog): Jest 27 blog post (#11131)
  • b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
  • 2226742 chore: minor simplify format results error (#11432)
  • 78eb25d chore: remove needless assign (#11433)
  • 696c455 chore: update lockfile after publish
  • e2eb9ae v27.0.0-next.11
  • 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
  • 27bee72 fix: run GC before collecting open handles (#11278)
  • 50451df feat: use fallback if prettier not found (#11400)
  • 150dbd8 chore: update lockfile after publish
  • 6f44529 v27.0.0-next.10
  • cbcec7d Upgrade fsevents in jest-haste-map (#11428)
  • 9633a26 feat: support reporters written in ESM (#11427)
  • 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
  • 57e32e9 Detect open handles with done callbacks (#11382)
  • a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
  • 4fa3a0b feat: custom haste (#11107)
  • 2047a36 chore: bump deps (#11419)
  • a4358d6 chore: run prettier on changelog
  • bdd6282 Move all default values into `jest-config` (#9924)
  • db643a1 Link to Jest config (#11106)
  • b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: dd-trace The new version differs by 250 commits.
  • a918b1c v2.30.1
  • 65ea9db Fix Next.js getServerSideProps error handling (#2971)
  • ddc46c2 split next testing by version range (#2953)
  • c929ebb [lambda] update context extraction (#2981)
  • efe7b3a v2.30.0
  • 1919b2d Fix #2938 (#2976)
  • da8de7e skip extraction of upper bits for 64-bit trace id (#2974)
  • ad488ba fix error when using pubsub while plugin is disabled (#2966)
  • 861f3cd Fix to DBM propagation - comment is injected before query is sent (#2938)
  • 5550063 Update ASM WAF rules to version 1.6.0. (#2972)
  • 0eda0b9 Disable appsec if missing or malformed user custom rules file (#2969)
  • 5317c32 Only run release branches check on master PRs (#2967)
  • 303a9d9 Improve integration tests for CI Visibility (#2963)
  • 9fc6a3d support bundling via esbuild (#2763)
  • 18e7a43 Embed AppSec rules and templates files to be compatible with bundlers (#2913)
  • 1b12a4d [ci-visibility] Add `gatherPayloadsMaxTimeout`, a faster version of `gatherPayloads` (#2957)
  • 670fd47 move slow test framework integration tests to separate jobs (#2955)
  • e6af5b5 Increase timeout for IAST tests on server (#2940)
  • de933cb add support for 128-bit trace id (#2944)
  • 8908a9b docs: clarifying that ESM support is experimental (#2954)
  • 9d6164e Add job to check if PR has merge conflicts with release branches (#2933)
  • 2a1d1c4 [data streams] Return remaining bytes when decoding (#2950)
  • 2b8de1a Exclude vulnearibilities coming from send module. (#2567)
  • 1b3f817 Add support for setting the maximum number of concurrent transactions (#2926)

See the full diff

Package name: jest The new version differs by 250 commits.
  • be16e47 v27.0.0
  • 63102ec chore: update changelog for release
  • 564694a docs(blog): Jest 27 blog post (#11131)
  • b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
  • 2226742 chore: minor simplify format results error (#11432)
  • 78eb25d chore: remove needless assign (#11433)
  • 696c455 chore: update lockfile after publish
  • e2eb9ae v27.0.0-next.11
  • 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
  • 27bee72 fix: run GC before collecting open handles (#11278)
  • 50451df feat: use fallback if prettier not found (#11400)
  • 150dbd8 chore: update lockfile after publish
  • 6f44529 v27.0.0-next.10
  • cbcec7d Upgrade fsevents in jest-haste-map (#11428)
  • 9633a26 feat: support reporters written in ESM (#11427)
  • 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
  • 57e32e9 Detect open handles with done callbacks (#11382)
  • a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
  • 4fa3a0b feat: custom haste (#11107)
  • 2047a36 chore: bump deps (#11419)
  • a4358d6 chore: run prettier on changelog
  • bdd6282 Move all default values into `jest-config` (#9924)
  • db643a1 Link to Jest config (#11106)
  • b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: nock The new version differs by 234 commits.
  • 11dba99 fix (#1659)
  • bf1d7d6 test: Clarify that cleanAll removes persistent mocks (#1647)
  • e661d0d bug(recorder): replace qs lib with native querystring. (#1653)
  • 05ae31e Refactor lifecycle tests using got / async (#1646)
  • 26fc08f Async Reply functions (always emit errors) (#1596)
  • 35221ce refactor: overhaul body and query matching (#1632)
  • 88e85ac fix: trigger release (#1645)
  • e744b0a bug: handle content-type request headers when arrays
  • 87cac20 refactor: default function arguments (#1640)
  • 9c504f6 refactor: default options on recorder, remove dead code (#1641)
  • ad264cb test: change tests to use test domain (#1639)
  • 4a4b8ec feat(overrider): added support for header modifications before end()
  • 213014b Display the badge correctly (#1637)
  • df1a5cd refactor: Convert Scope to a class (#1636)
  • 3bdadef refactor: Convert Socket to a class (#1635)
  • 08b1b6b refactor: Convert DelayedBody to a class (#1634)
  • f385edd Advertise and enforce 100% coverage, drop Coveralls (#1633)
  • 60a055b refactor(interceptor): separate hostname matching
  • 2a54482 feat(interceptor): duplicate query calls throw (#1630)
  • f015929 chore(deps): bump lodash from 4.17.11 to 4.17.13 (#1629)
  • c78ceb3 Clean up some more hostnames in tests (#1627)
  • a2208d1 feat(interceptor): duplicate query keys throw
  • 880224a refactor: Scope.pendingMocks
  • a201ac0 test(socket): add coverage for timeout without a callback

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@ocshawn
Copy link
Contributor

ocshawn commented Jun 30, 2023

fixed as part of #203

@ocshawn ocshawn closed this Jun 30, 2023
@paulineribeyre paulineribeyre deleted the snyk-fix-e20e1ee6c1770a80437d841a712e7ed5 branch July 3, 2023 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

@requires-guppy

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@paulineribeyre @ocshawn @snyk-bot
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载