compiled icon indicating copy to clipboard operation
compiled copied to clipboard
verified publisher icon atlassian-labs

[Snyk] Security upgrade express from 4.19.2 to 4.21.0

Open Harminder84 opened this issue 1 year ago • 2 comments

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • examples/ssr/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		   696  
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		   541  
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		   391  
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		   391  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

Harminder84 avatar Sep 12 '24 06:09 Harminder84

🦋 Changeset detected

Latest commit: bf5c2a9eca9986c9f2da59814cf02bd71291e85e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@compiled/ssr-app Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

changeset-bot[bot] avatar Sep 12 '24 06:09 changeset-bot[bot]

Deploy Preview for compiled-css-in-js canceled.

Name Link
Latest commit bf5c2a9eca9986c9f2da59814cf02bd71291e85e
Latest deploy log https://app.netlify.com/sites/compiled-css-in-js/deploys/67563ec00f558b0008385c2d

netlify[bot] avatar Sep 12 '24 06:09 netlify[bot]