Merge pull request #1768 from forcedotcom/release-4.11.0

stephen-carter-at-sf · web-flow · commit 57302ee38cac · 2025-03-25T10:10:52.000-04:00
RELEASE @W-17915084@ Conducting v4.11.0 release
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "4.10.0",
+	"version": "4.11.0",
 	"author": "Salesforce Code Analyzer Team",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {
diff --git a/pmd7/build.gradle.kts b/pmd7/build.gradle.kts
@@ -10,7 +10,7 @@ repositories {
 }
 
 // Keep this in sync with src/Constants.ts > PMD7_VERSION
-var pmd7Version = "7.10.0"
+var pmd7Version = "7.11.0"
 
 val pmdDist7Dir = "$buildDir/../../dist/pmd7"
 
diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json
@@ -4482,6 +4482,30 @@
           "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
           "https://github.com/cure53/DOMPurify"
         ]
+      },
+      {
+        "atOrAbove": "0",
+        "below": "3.2.4",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "DOMPurify allows Cross-site Scripting (XSS)",
+          "CVE": [
+            "CVE-2025-26791"
+          ],
+          "githubID": "GHSA-vhxf-7vqr-mrjg"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg",
+          "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
+          "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
+          "https://ensy.zip/posts/dompurify-323-bypass",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
+          "https://nsysean.github.io/posts/dompurify-323-bypass"
+        ]
       }
     ],
     "extractors": {
@@ -6142,6 +6166,30 @@
           "https://github.com/axios/axios/releases/tag/v1.7.4",
           "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
         ]
+      },
+      {
+        "atOrAbove": "0",
+        "below": "1.8.2",
+        "cwe": [
+          "CWE-918"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
+          "CVE": [
+            "CVE-2025-27152"
+          ],
+          "githubID": "GHSA-jr5f-v2jv-69x6"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
+          "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6",
+          "https://nvd.nist.gov/vuln/detail/CVE-2025-27152",
+          "https://github.com/axios/axios/issues/6463",
+          "https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f",
+          "https://github.com/axios/axios",
+          "https://github.com/axios/axios/releases/tag/v1.8.2"
+        ]
       }
     ],
     "extractors": {
@@ -7128,6 +7176,27 @@
           "https://froala.com/wysiwyg-editor/changelog/#4.1.4",
           "https://github.com/advisories/GHSA-hvpq-7vcc-5hj5"
         ]
+      },
+      {
+        "atOrAbove": "0",
+        "below": "4.3.1",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Froala WYSIWYG editor allows cross-site scripting (XSS)",
+          "CVE": [
+            "CVE-2024-51434"
+          ],
+          "githubID": "GHSA-549p-5c7f-c5p4"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-549p-5c7f-c5p4",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-51434",
+          "https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434",
+          "https://github.com/froala/wysiwyg-editor"
+        ]
       }
     ],
     "extractors": {
diff --git a/src/Constants.ts b/src/Constants.ts
@@ -2,7 +2,7 @@ import os = require('os');
 import path = require('path');
 
 // Keep this in sync with <repoRoot>/pmd7/build.gradle.kts > pmd7Version
-export const PMD7_VERSION = '7.10.0';
+export const PMD7_VERSION = '7.11.0';
 
 export const PMD_APPEXCHANGE_RULES_VERSION = '0.16';
 

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@salesforce/sfdx-scanner",`
`3`	`3`	`"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",`
`4`		`- "version": "4.10.0",`
	`4`	`+ "version": "4.11.0",`
`5`	`5`	`"author": "Salesforce Code Analyzer Team",`
`6`	`6`	`"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",`
`7`	`7`	`"dependencies": {`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ repositories {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`// Keep this in sync with src/Constants.ts > PMD7_VERSION`
`13`		`-var pmd7Version = "7.10.0"`
	`13`	`+var pmd7Version = "7.11.0"`
`14`	`14`
`15`	`15`	`val pmdDist7Dir = "$buildDir/../../dist/pmd7"`
`16`	`16`