lattice
lattice copied to clipboard
Published
20 hours ago •
latticejs
latticejs
[Snyk] Security upgrade jest-cli from 24.9.0 to 27.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/minimal/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
 |
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jest-cli
The new version differs by 250 commits.- be16e47 v27.0.0
- 63102ec chore: update changelog for release
- 564694a docs(blog): Jest 27 blog post (#11131)
- b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
- 2226742 chore: minor simplify format results error (#11432)
- 78eb25d chore: remove needless assign (#11433)
- 696c455 chore: update lockfile after publish
- e2eb9ae v27.0.0-next.11
- 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
- 27bee72 fix: run GC before collecting open handles (#11278)
- 50451df feat: use fallback if prettier not found (#11400)
- 150dbd8 chore: update lockfile after publish
- 6f44529 v27.0.0-next.10
- cbcec7d Upgrade fsevents in jest-haste-map (#11428)
- 9633a26 feat: support reporters written in ESM (#11427)
- 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
- 57e32e9 Detect open handles with done callbacks (#11382)
- a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
- 4fa3a0b feat: custom haste (#11107)
- 2047a36 chore: bump deps (#11419)
- a4358d6 chore: run prettier on changelog
- bdd6282 Move all default values into `jest-config` (#9924)
- db643a1 Link to Jest config (#11106)
- b16082c Fix locale issue #10014 (#11412)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution
