faas-js-runtime
faas-js-runtime copied to clipboard
nodeshift
[Snyk] Upgrade @cyclonedx/cyclonedx-npm from 1.16.1 to 1.18.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade @cyclonedx/cyclonedx-npm from 1.16.1 to 1.18.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
-
The recommended version is 3 versions ahead of your current version.
-
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
| Issue | Score | Exploit Maturity | |
|---|---|---|---|
 |
XML External Entity (XXE) Injection SNYK-JS-CYCLONEDXCYCLONEDXLIBRARY-6820989 |
512 | Proof of Concept |
 |
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909 |
512 | Proof of Concept |
Release notes
Package name: @cyclonedx/cyclonedx-npm
-
1.18.0 - 2024-05-08
Added
Misc
- Raised dependency
@ cyclonedx/cyclonedx-library@^6.6.0, was@^6.5.0(via #1183)
What's Changed
- chore(ci): fix macos runners by @ jkowalleck in #1176
- ci: modernize artifact action by @ jkowalleck in #1178
- ci: use node22 by @ jkowalleck in #1179
- chore: reduce duplicate test beds by @ jkowalleck in #1181
- feat: license acknowledgement by @ jkowalleck in #1183
Full Changelog: v1.17.0...v1.18.0
- Raised dependency
-
1.17.0 - 2024-04-23
Added support for CycloneDX Specification-1.6.
Changed
- This tool explicitly supports CycloneDX Specification-1.6 now (via #1175)
Added
- CLI switch
--spec-versionnow supports value1.6to reflect CycloneDX Specification-1.6 (via #1175)
Default value for that option is unchanged - still1.4.
Build
- Use TypeScript
v5.4.5now, wasv5.4.2(via #1167)
What's Changed
- docs: add CycloneDX 1.6 to README by @ XSpielinbox in #1174
- feat: explicitely support CycloneDX 1.6 by @ jkowalleck in #1175
- chore(deps-dev): bump typescript from 5.4.2 to 5.4.5 in the typescript group by @ dependabot in #1167
New Contributors
- @ XSpielinbox made their first contribution in #1174
Full Changelog: v1.16.2...v1.17.0
-
1.16.2 - 2024-03-19
Style
- Applied latest code standards (via #1149)
Build
- Use TypeScript
v5.4.2now, wasv5.3.3(via #1160)
What's Changed
- refactor: fix typescript-eslint annotations by @ jkowalleck in #1146
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1149
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1152
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1157
- tests: run with latest CDX spec-version by @ jkowalleck in #1158
- chore(deps): bump softprops/action-gh-release from 1 to 2 by @ dependabot in #1159
- chore(deps-dev): bump the typescript group with 1 update by @ dependabot in #1160
Full Changelog: v1.16.1...v1.16.2
-
1.16.1 - 2024-01-11
- Fixed
- Writing large results to buffered streams no longer drops data, but retries until success (via #1145)
- Docs
What's Changed
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1139
- fix: large results on small streams by @ jkowalleck in #1145
Full Changelog: v1.16.0...v1.16.1
- Fixed
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- This PR was automatically created by Snyk using the credentials of a real user.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
