cube icon indicating copy to clipboard operation
cube copied to clipboard

Published 20 hours ago β€’ verified publisher icon cube-js

[Snyk] Security upgrade moment from 2.29.1 to 2.29.4

Open snyk-bot opened this issue 1 year ago β€’ 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/cubejs-server-core/package.json
⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Learn about vulnerability in an interactive lesson of Snyk Learn.

snyk-bot avatar Jul 07 '22 10:07 snyk-bot

Codecov Report

Merging #4866 (5b8827f) into master (a65dcb3) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #4866   +/-   ##
=======================================
  Coverage   59.70%   59.70%           
=======================================
  Files         138      138           
  Lines       11361    11361           
  Branches     2826     2826           
=======================================
  Hits         6783     6783           
  Misses       4079     4079           
  Partials      499      499
Flag Coverage Ξ”
cube-backend 59.70% <ΓΈ> (ΓΈ)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 331bab2...5b8827f. Read the comment docs.

codecov[bot] avatar Jul 07 '22 10:07 codecov[bot]