qaboard icon indicating copy to clipboard operation
qaboard copied to clipboard

Published 20 hours ago verified publisher icon Samsung

[Snyk] Security upgrade luxon from 2.3.0 to 2.5.2

Open arthur-flam opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • webapp/package.json
    • webapp/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LUXON-3225081		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: luxon The new version differs by 39 commits.
  • 204cdfe fix rfc2822 regex & bump to 2.5.2
  • 4817697 bump to 2.5.0
  • 00f1d72 fix changelog
  • eebc657 Add support for ESM-style node imports (#1218)
  • f1c181c Update why.md (#1211)
  • 4332730 mention escaping behavior in Duration.toFormat docstring (#1221)
  • 7b4a9d0 Bump parse-url from 6.0.0 to 6.0.2 (#1230)
  • 60c83c7 Fix link to duration months (#1232)
  • c7e606b Wednesday support for RFC 850 (#1225)
  • 6b47f20 fix luxon path in api-docs script (#1214)
  • bf7127d Increase number of allowed digits when parsing ISO duration (#1213)
  • 3ad1479 bump to 2.4.0
  • abe9bdf --amend
  • 2ee261b add support for extended zones
  • fd77159 Update math.md (#1180)
  • c19b4d8 fix bug 908 isInDST() incorrect (#1199)
  • 0f7c0e0 fix: change NBSP regex to a non-matching group #1169 (#1194)
  • 5d1cfe4 doc: add more common examples (#1192)
  • aa6ab8b Bump minimist from 1.2.5 to 1.2.6 (#1177)
  • 03b5da4 bump to 2.3.2
  • 0439ad2 fix tz calculations for negative years
  • a73654f Minor corrections (#1171)
  • 5303220 feat: add week formatting token "w" for duration (#1173)
  • 9012b64 fix weekday computation for years 0-100

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

arthur-flam avatar Jan 06 '23 04:01 arthur-flam

I tried to apply pino to vscode Logger, but it seems that our logger need to be streamified for that.

I simply added Regex replace step to redact.

https://github.com/Samsung/ONE-vscode/pull/1610

dayo09 avatar Jul 20 '23 09:07 dayo09