Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #531

Closed

Conversation

thomasdondorf
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jest The new version differs by 250 commits.
  • 75006e4 v29.0.0
  • 7c82a9f chore: update jest-watch-typeahead again
  • 352ff29 chore: update changelog for release
  • 33ad8c3 docs: Jest 29 blog post (#13103)
  • dda77e5 docs: collapse 28.0 and 28.1 docs (#13104)
  • c0dc84c chore: update jest-watch-typeahead
  • 05f6217 fix: support deep CJS re-exports when using ESM (#13170)
  • 490fd88 chore: update yarn (#13169)
  • 98936a2 docs: Update Enzyme links to use new URL (#13166)
  • 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (#12443)
  • ae2bed7 chore: tweak regex used in e2e tests (#13129)
  • 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (#13115)
  • fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (#13156)
  • 075b489 fix: ignore `EISDIR` when resolving symlinks (#13157)
  • 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (#13155)
  • 4def94b v29.0.0-alpha.6
  • 0f00d4e fix: replace non-CLI `rimraf` usage (#13151)
  • 6a90a2c fix: Allow updating inline snapshots when test includes JSX (#12760)
  • 983274a feat: Let `babel` find config when updating inline snapshots (#13150)
  • d2ff18a chore: make prettierPath optional in `SnapshotState` (#13149)
  • 7d8d01c feat(circus): added each to failing tests (#13142)
  • a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (#13141)
  • 79b5e41 chore: get rid of peer dep warning in website
  • 812763d chore: enable 'no-duplicate-imports' (#13138)

See the full diff

Package name: puppeteer The new version differs by 250 commits.
  • a07ff12 chore: use scoped tags for publishing (#9055)
  • ee1272e chore: release main (#9052)
  • bafdb47 chore: update pin_dependencies.py (#9051)
  • d4c6ff1 chore: update pin dependencies (#9050)
  • d1b61cf chore: update generate sources (#9049)
  • 9b28a3b chore: use file dependencies at root (#9048)
  • a359873 chore: pin dependencies on pre-release (#9046)
  • 469ac02 chore: fix release-please (#9044)
  • f42336c feat: separate puppeteer and puppeteer-core (#9023)
  • 3aee641 chore(main): release 18.1.0 (#9042)
  • 022fbde feat(chromium): roll to Chromium 107.0.5296.0 (r1045629) (#9039)
  • b7b07e3 chore: add documentation to xpath prefix and deprecated page.waitForTimeout (#9014)
  • 5dbd69e chore: type in waitForRequest function description (#9015)
  • c0c7878 chore: initiate monorepo migration (#9022)
  • 2a21896 chore: rename vendor to third_party (#9021)
  • f8de7b1 chore: bundle vendor code (#9016)
  • d06a905 chore: update deps (#9013)
  • 023ebd8 chore: enable firefox tests on Mac (#9002)
  • a00d466 chore: add strategy.fail-fast=false (#9007)
  • 5a1b8d2 chore: add headful support for Firefox (#9004)
  • c21c3ba chore: remove environment variable that forces WebRender to be disabled in Firefox (#9001)
  • a6f4584 chore: clarify build instructions (#9000)
  • 3939d55 chore: enable continue on error (#9003)
  • ddc567a chore(main): release 18.0.5 (#8997)

See the full diff

Package name: puppeteer-core The new version differs by 250 commits.
  • 101fcb9 chore: release main (#9789)
  • ca797ad chore: fix pre-release
  • 0df369a chore: fix husky
  • 22e4cc3 chore: fix pre-release workflow (#9788)
  • baf51bc chore: use prerelease for browser (#9786)
  • 364b23f fix: update dependencies (#9781)
  • 299d444 chore: remove pre-push and pre-commit (#9777)
  • 813882d chore: update glob (#9776)
  • 04247a4 feat: browsers: recognize chromium as a valid browser (#9760)
  • 6777604 chore: fix analyzer yarn installs (#9778)
  • 2123f80 chore: remove rimraf (#9775)
  • 8bf9718 chore(deps): Bump yargs from 17.7.0 to 17.7.1 (#9752)
  • f84873c chore: support commas in P selectors (#9769)
  • 62d5f39 chore(deps): Bump @ angular-devkit/schematics from 15.2.0 to 15.2.1 (#9773)
  • 3a4e726 chore: fix Browsers failing tests (#9768)
  • 2922611 chore(deps): Bump @ angular-devkit/core from 15.2.0 to 15.2.1 (#9761)
  • f68e046 chore(deps): Bump cosmiconfig from 8.0.0 to 8.1.0 (#9751)
  • d3b25df chore: update test expectation data for Firefox for 19.7.2 downstream sync (#9756)
  • f887292 chore: add more debugging info on Debug Runs (#9754)
  • 004a99a chore: implement simple BiDi ElementHandle (#9753)
  • 232873a chore: fix Mocha test runner suggestion when hooks fail (#9750)
  • 4a365a4 chore: extract BiDi context to allow emitting only to it (#9742)
  • ed1bb7c chore(deps): Bump @ angular-devkit/schematics from 15.1.6 to 15.2.0 (#9748)
  • 4ddf63d chore(deps): Bump @ angular-devkit/core from 15.1.6 to 15.2.0 (#9749)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@thomasdondorf thomasdondorf deleted the snyk-fix-04f3390baed26e6f3b6d07c3770a5bae branch March 17, 2024 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants