lattice icon indicating copy to clipboard operation
lattice copied to clipboard

Published 20 hours ago verified publisher icon latticejs

[Snyk] Security upgrade jest-cli from 24.9.0 to 26.5.0

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/minimal/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jest-cli The new version differs by 250 commits.
  • 68d1b1b v26.5.0
  • 64054ec chore: update changelog for release
  • a2090a0 chore: drop usage of `compileFunction` (#10586)
  • 97e683b chore(deps): upgrade jsdom to 16.4.0 (#10578)
  • 82c7415 [feature] Add package to create cache key functions (#10587)
  • abf9f8d chore: use stable yarn installation (#10583)
  • ad29e80 chore: duplicate eslint rules locally to allow warning (#10579)
  • bc1b16a docs: fix link in getting started page (#10573)
  • 6b3a848 chore(deps): bump actions/setup-node from v2.1.1 to v2.1.2 (#10571)
  • 0a9e77d refactor(resolve): replace read-pkg-up with escalade (#10558)
  • a4bdf96 docs: Document `--testFailureExitCode` (#10542)
  • 38b3f70 docs: fix markdown link syntax (#10545)
  • 6499deb fix(runner): handle module loaders with default exports (#10541)
  • d955dc0 docs(worker): removed duplicated description for `setupArgs` (#10533)
  • 23f425c chore: bump deps (#10516)
  • ac73de8 Fix location for `test.each` (#10413)
  • 7e71d5f chore: get rid of some `any`s (#10511)
  • 621b8ea chore: fix some `ban-types` violations (#10510)
  • db0b335 feat: Add Console to custom console object (#10502)
  • 1969fe0 chore: duplicate `@typescript-eslint/ban-types` locally to allow warning (#10438)
  • 0646c73 chore: add `allowWholeFile` to `disable-enable-pair` eslint rule (#10506)
  • 7f10a9d chore(jest-snapshot): type prettier usage properly (#10505)
  • 3dd4a95 choreØ eplace function types (#10436)
  • a79c34b fix: `test.each` type always return a callable function (#10488)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Nov 18 '20 02:11 snyk-bot