front-end-plugins icon indicating copy to clipboard operation
front-end-plugins copied to clipboard

Published 20 hours ago verified publisher icon iamjoel

[Snyk] Security upgrade formidable from 1.2.6 to 3.2.4

Open iamjoel opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • detail/fileUpload/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Arbitrary File Upload
SNYK-JS-FORMIDABLE-2838956		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: formidable The new version differs by 250 commits.
  • 143e473 chore: prepare release
  • 2f553b4 docs: use slugify in the example
  • 9969c25 refactor: code style
  • 5103d09 feat: stop extension from being '.'
  • 67c6a3f feat: allow numbers in file extensions
  • 78de849 feat: stop at first invalid char
  • 5fdb2d0 fix: replace regex with reliable filtering
  • d2bd18d tests: add a test case that proves that the regex was always bad
  • 703bec4 tests: add comment
  • 15afa8a docs: add comment
  • d3a05e9 add failing test case
  • 971e3a7 chore: publish
  • 92df3c8 fix: IncomingForm end event emitted twice (#852)
  • 21efa7d chore(deps): bump istanbul-reports from 3.0.2 to 3.1.4 (#844)
  • 8009584 chore(kodiak): always update PRs
  • d6c17f1 chore: fix dependabot error
  • 7ea655e chore: do not add reviewers to dep update prs (#845)
  • 635b4f8 chore: add Dependabot settings (#837)
  • a93060c chore: fix kodiak config (#838)
  • 7fbf974 chore: add KodiakHQ service (#836)
  • 786f2e1 chore(deps): bump ansi-regex from 4.1.0 to 4.1.1 (#835)
  • 4718b78 chore(security): meta, add CodeQL action (#832)
  • db22330 chore: remove auto-comment bot (#833)
  • ab698ff chore(meta): remove LabelSponsors Action (#834)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

iamjoel avatar May 20 '22 00:05 iamjoel