erxes icon indicating copy to clipboard operation
erxes copied to clipboard

Published 20 hours ago verified publisher icon erxes

[Snyk] Fix for 9 vulnerabilities

Open uulaa opened this issue 7 months ago • 2 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/plugin-logs-ui/package.json
    • packages/plugin-logs-ui/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746		 No Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 No Proof of Concept
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit
medium severity Denial of Service
SNYK-JS-NODEFETCH-674311		 Yes No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1023599		 Yes Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1072471		 Yes Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-610226		 Yes Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution

uulaa avatar Nov 16 '23 10:11 uulaa

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarcloud[bot] avatar Nov 16 '23 10:11 sonarcloud[bot]

1 failed test on run #527 ↗︎

1 6 4 0 Flakiness 0

Details:

Merge 8450a908ae560efcf2a194921dbd0a325fef6630 into 05306855df878c419ab96540ad43...
Project: erxes Commit: 1ec416cfc0 ℹ️
Status: Failed Duration: 01:26 💡
Started: Nov 16, 2023 11:07 AM Ended: Nov 16, 2023 11:08 AM
Failed  cypress/tests/contacts/ui/customer.cy.js • 1 failed test

View Output Video

Test Artifacts
Customer > add customer Screenshots Video

Review all test suite changes for PR #4768 ↗︎

cypress[bot] avatar Nov 16 '23 11:11 cypress[bot]