Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #57

Merged
merged 1 commit into from
Nov 1, 2023
Merged

[Snyk] Fix for 1 vulnerabilities #57

merged 1 commit into from
Nov 1, 2023

Conversation

bezoerb
Copy link
Member

@bezoerb bezoerb commented Oct 27, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: contentful-import The new version differs by 19 commits.
  • b1a2114 build(deps): bump contentful-management from 7.45.7 to 10.14.0
  • f4c25aa build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.26.0
  • 41aaa02 build(deps-dev): bump jest from 27.4.3 to 29.0.3
  • bc72fd9 build(deps): bump yargs from 17.3.0 to 17.5.1
  • 4f70f7d build(deps-dev): bump @ babel/core from 7.16.0 to 7.19.1
  • 80191f7 build(deps): bump joi from 17.5.0 to 17.6.0
  • fff3bc7 build(deps-dev): bump eslint-plugin-promise from 5.2.0 to 6.0.1
  • 34cdb83 build(deps): bump semver-regex from 3.1.3 to 3.1.4
  • 8b265f6 build(deps): bump minimist from 1.2.5 to 1.2.6
  • fd3a605 build(deps): bump node-fetch from 2.6.6 to 2.6.7
  • c85181c build(deps): bump follow-redirects from 1.14.6 to 1.15.2
  • 119dec5 build(deps-dev): bump semantic-release from 18.0.1 to 19.0.5
  • e6e32ba build(deps-dev): bump @ babel/cli from 7.16.0 to 7.18.10
  • 5d21cc4 build(deps-dev): bump @ babel/preset-env from 7.18.2 to 7.19.1
  • f8644f1 build(deps-dev): bump eslint-plugin-jest from 25.3.0 to 27.0.4
  • 08ec601 build(deps-dev): bump babel-jest from 27.4.2 to 29.0.3
  • 0aefcaf build(deps): bump contentful-batch-libs from 9.4.1 to 9.4.2
  • 1dd9dcd build(deps): bump date-fns from 2.28.0 to 2.29.3
  • 7caec1c build(deps-dev): bump husky from 4.3.8 to 8.0.1

See the full diff

Package name: contentful-management The new version differs by 250 commits.
  • 8280588 feat(deliveryFunctions): Allow CCA to upload delivery functions [MONET-1336] (#1926)
  • 48fdbe1 Upgrade to webpack 5 (#1896)
  • 357683d build(deps-dev): bump eslint-config-prettier from 8.10.0 to 9.0.0 (#1914)
  • 57d5d82 build(deps-dev): bump @ types/node from 20.4.6 to 20.4.8 (#1915)
  • f35be80 build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.28.0 (#1908)
  • e436087 build(deps-dev): bump eslint-config-prettier from 8.9.0 to 8.10.0 (#1912)
  • 8ec45ff build(deps-dev): bump @ types/sinon from 10.0.15 to 10.0.16 (#1910)
  • c8f57f9 build(deps-dev): bump @ types/node from 20.4.5 to 20.4.6 (#1911)
  • 03c9f40 chore: bump axios to 1.x [PHX-2741] (#1892)
  • 5dc5151 build(deps-dev): bump eslint from 8.45.0 to 8.46.0 (#1907)
  • a2d1887 build(deps-dev): bump eslint-config-prettier from 8.8.0 to 8.9.0 (#1904)
  • 50e32a0 build(deps-dev): bump @ babel/node from 7.22.5 to 7.22.6 (#1905)
  • 63cf962 build(deps-dev): bump @ babel/eslint-parser from 7.22.5 to 7.22.9 (#1900)
  • 977b159 build(deps-dev): bump @ babel/core from 7.22.5 to 7.22.9 (#1888)
  • 4bd26f2 build(deps-dev): bump @ types/lodash from 4.14.192 to 4.14.196 (#1902)
  • e3c9748 build(deps-dev): bump nodemon from 2.0.22 to 3.0.1 (#1903)
  • 3b81cdf build(deps-dev): bump @ types/node from 20.4.2 to 20.4.5 (#1901)
  • 9e12887 build(deps-dev): bump webpack-bundle-analyzer from 4.8.0 to 4.9.0 (#1887)
  • d34a771 build(deps): bump type-fest from 3.12.0 to 4.0.0 (#1897)
  • 62d0ae9 build(deps-dev): bump @ babel/cli from 7.22.5 to 7.22.9 (#1895)
  • 784120b build(deps-dev): bump @ types/node from 20.3.3 to 20.4.2 (#1893)
  • 51fcbb6 build(deps-dev): bump mocha-junit-reporter from 2.2.0 to 2.2.1 (#1891)
  • c65b1f2 build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#1890)
  • 43d70b4 build(deps-dev): bump @ typescript-eslint/parser from 5.60.1 to 5.62.0 (#1885)

See the full diff

Package name: contentful-migration The new version differs by 74 commits.
  • 9e1bfbb fix: bump axios and contentful management [NONE] (#1260)
  • 1ee63b8 fix(docs): Fix `linkType` values & typos (#1236)
  • 2c08081 feat: improve request throttling [ZEND-4197] (#1255)
  • 47db3c3 build(deps-dev): bump @ babel/traverse from 7.16.3 to 7.23.2 (#1258)
  • 838ebe1 build(deps-dev): bump nock from 13.2.0 to 13.3.4 (#1254)
  • 64542b7 Merge pull request #1251 from contentful/feat/host-argv
  • 2dd32cb feat(): support host option
  • f974823 build(deps-dev): bump prettier from 2.7.0 to 3.0.3 (#1246)
  • e46c8cf build(deps-dev): bump rimraf from 3.0.2 to 5.0.1 (#1243)
  • ff64a2d build(deps-dev): bump eslint-plugin-promise from 6.0.0 to 6.1.1 (#1235)
  • 9a48843 build(deps): bump joi from 17.6.0 to 17.10.0 (#1241)
  • 6494cd9 build(deps): bump inquirer from 8.2.4 to 8.2.6 (#1234)
  • a288d0f Merge pull request #1231 from contentful/feat/PHX-2748-read-host-from-config
  • 1d9bf31 fix: order
  • 40b978d feat: read host from ctfl config [PHX-2748]
  • e745861 build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#1229)
  • 4ed6736 Merge pull request #1224 from contentful/fix/validation-message-null-type
  • 30a1698 fix: allow null type for validation message
  • fae4ef7 Merge pull request #1218 from contentful/DANTE-1040/rich-text-resource-link-embeds
  • bafcfc2 test: refactor embedded-resource-block example to be covered by example 22 instead
  • eb9cb21 test: add e2e test for 54-create-rich-text-field-with-resource-link-embeds
  • afc9c54 chore: return empty array if field is not RichText or does not have allowedNodeTypes validation config
  • 19b2be8 feat: moved allowedResource errors out of field namespace
  • c09c7ec test: fix resourceLink unit tests to use slightly altered error messages

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@socket-security
Copy link

Updated and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
contentful-migration 4.9.2...4.17.2 None +12/-6 10.9 MB contentful-ecosystem
contentful-import 8.3.2...8.3.6 None +10/-4 9.69 MB contentful-ecosystem

🚮 Removed packages: contentful-management@7.54.2

@bezoerb bezoerb merged commit 77b9daa into main Nov 1, 2023
7 checks passed
@bezoerb bezoerb deleted the snyk-fix-3392f6f1b61a17c8554b3a6af1d4b523 branch November 1, 2023 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bezoerb @snyk-bot