Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 2 vulnerabilities #98

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

matrunchyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jest The new version differs by 250 commits.
  • 8f9b812 v28.0.0
  • f424551 feat: Jest 28 blog post (#12732)
  • c79f8d6 feat: roll v28 docs (#12733)
  • e9f6610 Remove `core.autocrlf` config on CI (#12731)
  • 9342a23 docs: add mention of expect breaking change to upgrade guide (#12730)
  • e1f2515 chore: add missing `throw`
  • 039f43e chore: combine all v27 docs into a single one (#12729)
  • 256c1af chore(website): add some admonitions to 25.x (#12565)
  • fc85b8f fix: replace hash routine md5 with sha256 (#12722)
  • c1a57cb chore(deps): bump isbinaryfile dependency to ^5.0.0 (#12726)
  • 9ebfe0a chorer: add note about babel config to upgrade guide (#12724)
  • 4ec4b98 chore: cache yarn deps on netlify (#12725)
  • 62afb83 chore: revert #12718 and simply do not bundle type declarations of `@ jest/globals` (#12721)
  • 4f1d199 Add Yarn dedupe CI check (#12717)
  • 7a8c9cf Lock source-map-support verion to 0.5.13 (#12720)
  • 811228d Support error logging before jest retry (#12201)
  • a28db24 chore: do not bundle type definitions for packages which have only one `.d.ts` file (#12718)
  • 49ee158 update dependency @ microsoft/api-extractor to 7.23.0 (#12716)
  • e72c52f feat(jest-runner): export `TestRunner` interface types and reexport types from other packages (#12715)
  • 3c6f14b feat(jest-resolve): expose `PackageFilter`, `PathFilter` and `PackageJSON` types (#12712)
  • a293b75 refactor(jest-transform): rename TransformerConfig (#12708)
  • 625e0bc show that setupFilesAfterEnv scripts can define beforeAll (#12702)
  • 0208815 feat(jest-resolve): expose `JestResolver`, `AsyncResolver` and `SyncResolver` types (#12707)
  • 75c7c40 docs: use admonitions in ExpectAPI.md (#12679)

See the full diff

Package name: ts-jest The new version differs by 135 commits.
  • 05ebe5c chore(release): 26.1.2 (#1800)
  • 30939a3 Merge pull request #1799 from kulshekhar/dependabot/npm_and_yarn/types/react-16.9.43
  • 4b9581a build(deps-dev): bump @ types/react from 16.9.42 to 16.9.43
  • a16d43a build(deps-dev): bump @ commitlint/cli from 9.0.1 to 9.1.2 (#1797)
  • bd44d0c build(deps-dev): bump @ commitlint/config-conventional (#1798)
  • a26239e build(docs-infra): update e2e README.md (#1796)
  • d9b62e3 chore(devs-infra): set minimum node version at 10.21.0 (#1793)
  • 47312b3 build(deps-dev): bump eslint-plugin-jsdoc from 29.1.3 to 29.1.4 (#1795)
  • 38df9b8 build(deps-dev): bump @ types/react from 16.9.41 to 16.9.42 (#1792)
  • ce38f3b build(deps-dev): bump @ types/node from 12.12.48 to 12.12.50 (#1791)
  • e6dbe4b build(deps-dev): bump eslint-plugin-jsdoc from 29.1.2 to 29.1.3 (#1790)
  • 6948855 fix(config): invalidate cache when other options in `tsconfig` change (#1788)
  • 8d02622 build(deps-dev): bump eslint-plugin-jsdoc from 29.1.0 to 29.1.2 (#1789)
  • 7f731ed perf(compiler): cache module resolution for `isolatedModules: false` (#1786)
  • 5d20cd5 build(deps-dev): bump eslint-plugin-jsdoc from 28.6.1 to 29.1.0 (#1787)
  • 5f26054 fix(compiler): use `resolveModuleNames` TypeScript API to get resolved modules for test files (#1784)
  • 00a3726 chore(typings): expose `compilerModule` and `TTypeScript` as public typings (#1785)
  • 5da0da1 chore(devs-infra): remove ! on realpath of LanguageService (#1783)
  • 1409274 build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1779)
  • 18e9deb Merge pull request #1780 from kulshekhar/dependabot/npm_and_yarn/typescript-eslint/parser-3.6.0
  • 3274c50 build(deps-dev): bump @ typescript-eslint/parser from 3.5.0 to 3.6.0
  • f0f1473 build(deps-dev): bump @ types/jest from 26.0.3 to 26.0.4 (#1782)
  • 3529c76 build(deps-dev): bump @ types/node from 12.12.47 to 12.12.48 (#1781)
  • 669974e build(deps-dev): bump eslint-plugin-jest from 23.17.1 to 23.18.0 (#1778)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

@github-actions github-actions bot added the deps label May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants