backstage
backstage copied to clipboard
devxp-tech
[Snyk] Security upgrade @roadiehq/backstage-plugin-argo-cd-backend from 2.13.0 to 3.0.4
Snyk has created this PR to fix 11 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
-
app/packages/backend/package.json
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.
⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Remote Code Execution (RCE) SNYK-JS-MYSQL2-6591085 |
811 |
|
Arbitrary Code Injection SNYK-JS-MYSQL2-6670046 |
811 |
 |
Prototype Pollution SNYK-JS-MYSQL2-6861580 |
731 |
 |
Prototype Poisoning SNYK-JS-MYSQL2-6591084 |
646 |
|
Improper Input Validation SNYK-JS-MYSQL2-6591300 |
646 |
|
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
646 |
|
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909 |
646 |
|
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
646 |
|
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
631 |
|
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728 |
589 |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-7573289 |
559 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Poisoning 🦉 Remote Code Execution (RCE) 🦉 More lessons are available in Snyk Learn
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@roadiehq/backstage-plugin-argo-cd-backend","from":"2.13.0","to":"3.0.4"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FASTXMLPARSER-7573289","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FASTXMLPARSER-7573289","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MYSQL2-6591084","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MYSQL2-6591085","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MYSQL2-6591300","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MYSQL2-6670046","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MYSQL2-6861580","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MYSQL2-6670046","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MYSQL2-6861580","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-REQUEST-3361831","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TOUGHCOOKIE-5672873","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"}],"prId":"c5fd2429-cb3e-490e-a645-a01e5d74e166","prPublicId":"c5fd2429-cb3e-490e-a645-a01e5d74e166","packageManager":"yarn","priorityScoreList":[559,631,589,646,811,646,811,731,646,646,646],"projectPublicId":"4deedee4-68d2-46d5-b8e3-c2600825419a","projectUrl":"https://app.snyk.io/org/diegoluisi/project/4deedee4-68d2-46d5-b8e3-c2600825419a?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-INFLIGHT-6095116","SNYK-JS-MICROMATCH-6838728","SNYK-JS-MYSQL2-6591084","SNYK-JS-MYSQL2-6591085","SNYK-JS-MYSQL2-6591300","SNYK-JS-MYSQL2-6670046","SNYK-JS-MYSQL2-6861580","SNYK-JS-REQUEST-3361831","SNYK-JS-TAR-6476909","SNYK-JS-TOUGHCOOKIE-5672873"],"vulns":["SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-INFLIGHT-6095116","SNYK-JS-MICROMATCH-6838728","SNYK-JS-MYSQL2-6591084","SNYK-JS-MYSQL2-6591085","SNYK-JS-MYSQL2-6591300","SNYK-JS-MYSQL2-6670046","SNYK-JS-MYSQL2-6861580","SNYK-JS-REQUEST-3361831","SNYK-JS-TAR-6476909","SNYK-JS-TOUGHCOOKIE-5672873"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
