flyteconsole icon indicating copy to clipboard operation
flyteconsole copied to clipboard

Published 20 hours ago verified publisher icon flyteorg

[Snyk] Fix for 1 vulnerabilities

Open eapolinario opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @semantic-release/npm The new version differs by 44 commits.
  • 4b04ffd Merge pull request #671 from semantic-release/renovate/npm-10.x
  • 6413130 feat(node-versions): raised the minimum required node version to v18.17 and dropped v19 support
  • 819f257 fix(deps): update dependency npm to v10
  • f2bc9e7 fix(deps): update dependency aggregate-error to v5 (#676)
  • e65bea2 chore(deps): update dependency sinon to v16 (#675)
  • 05e60ea chore(deps): lock file maintenance (#674)
  • cc64b42 ci(action): update actions/checkout action to v4 (#673)
  • 74629b6 chore(deps): lock file maintenance (#672)
  • 1827a33 chore(deps): update dependency prettier to v3.0.3 (#669)
  • fbe23f1 chore(deps): lock file maintenance (#668)
  • c0ca7a5 chore(deps): lock file maintenance (#667)
  • 15893ca chore(deps): update dependency p-retry to v6 (#666)
  • 33f0cf7 chore(deps): update dependency semantic-release to v21.1.1 (#665)
  • cf8273a ci(action): update actions/checkout digest to f43a0e5 (#664)
  • 8953ace chore(deps): update dependency semantic-release to v21.1.0 (#663)
  • 13fbd09 chore(deps): lock file maintenance (#662)
  • 4505736 chore(deps): update dependency semantic-release to v21.0.9 (#661)
  • c814a84 chore(deps): update dependency semantic-release to v21.0.8 (#660)
  • 502d5ba fix(deps): update dependency execa to v8 (#659)
  • c949dfc ci(action): update actions/setup-node digest to 5e21ff4 (#658)
  • 5413d5e chore(deps): update dependency prettier to v3.0.2 (#657)
  • 31d0644 ci(action): update actions/setup-node digest to bea5baf (#656)
  • 234ce91 chore(deps): lock file maintenance (#655)
  • 0f16407 chore(deps): lock file maintenance (#653)

See the full diff

Package name: semantic-release The new version differs by 122 commits.
  • 11788ed Merge pull request #2934 from semantic-release/beta
  • b93bef4 feat(node-versions): raised the minimum supported node version w/in the v20 range to v20.6.1
  • 6604153 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
  • e623cc6 feat(node-versions): raised the minimum node v20 requirement to v20.6
  • 42f7b82 chore(deps): update dependency testdouble to v3.19.0 (#2961)
  • 1017e1a fix(deps): update dependency aggregate-error to v5 (#2956)
  • a23b718 fix(deps): upgraded to the latest version of the npm plugin with npm v10
  • fb850ff Merge branch 'master' of github.com:semantic-release/semantic-release into beta
  • b9f294d feat(node-versions): raised the minimum required node version to v18.17 and dropped v19 support
  • 03a687b fix(deps): updated to the latest beta of the commit analyzer plugin
  • 86a639d ci(action): update github/codeql-action action to v2.21.7 (#2958)
  • da56201 chore(deps): update dependency sinon to v16 (#2954)
  • 89d51e7 ci(action): update github/codeql-action action to v2.21.6 (#2953)
  • de8e4e0 fix(deps): updated to the latest betas of the commit-analyzer and release-notes-generator plugins
  • 0fd3bb8 chore(deps): lock file maintenance (#2948)
  • c39513f ci(action): update actions/upload-artifact action to v3.1.3 (#2943)
  • 6a5d961 docs(plugins): add @ terrestris/maven-semantic-release (#2939)
  • 19c0965 ci(action): update actions/checkout action to v4 (#2938)
  • 32a2480 chore(deps): lock file maintenance (#2936)
  • 72ab317 feat: defined exports for the package
  • 07a79ea feat(conventional-changelog-presets): supported new preset format
  • 0d92579 chore(deps): update dependency prettier to v3.0.3 (#2930)
  • cb6613e ci(action): update github/codeql-action action to v2.21.5 (#2928)
  • 9e10e44 chore(deps): lock file maintenance (#2923)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

eapolinario avatar Feb 11 '24 17:02 eapolinario