guardian icon indicating copy to clipboard operation
guardian copied to clipboard

Published 20 hours ago verified publisher icon hashgraph

[Snyk] Security upgrade gulp-copy from 4.0.1 to 5.0.0

Open nathanklick opened this issue 5 months ago • 1 comments

snyk-top-banner

Snyk has created this PR to fix 7 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • notification-service/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		   696  
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		   696  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		   696  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   631  
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		   589  
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		   589  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		   586  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"gulp-copy","from":"4.0.1","to":"5.0.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-GLOBPARENT-1016905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-GLOBPARENT-1016905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-UNSETVALUE-2400660","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"}],"prId":"b270cbf5-ed3e-4884-8da6-fbd44e5a7623","prPublicId":"b270cbf5-ed3e-4884-8da6-fbd44e5a7623","packageManager":"yarn","priorityScoreList":[696,696,696,586,631,589,589],"projectPublicId":"f485cd6c-ab98-4049-af56-da1f5c9f57bd","projectUrl":"https://app.snyk.io/org/guardian-y7t/project/f485cd6c-ab98-4049-af56-da1f5c9f57bd?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BRACES-6838727","SNYK-JS-ES5EXT-6095076","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-INFLIGHT-6095116","SNYK-JS-MICROMATCH-6838728","SNYK-JS-UNSETVALUE-2400660"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BRACES-6838727","SNYK-JS-ES5EXT-6095076","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-INFLIGHT-6095116","SNYK-JS-MICROMATCH-6838728","SNYK-JS-UNSETVALUE-2400660"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

nathanklick avatar Sep 12 '24 06:09 nathanklick