light icon indicating copy to clipboard operation
light copied to clipboard

Published 20 hours ago verified publisher icon ludicroushq

[Snyk] Security upgrade danger from 11.0.2 to 11.2.1

Open nahtnam opened this issue 2 years ago • 2 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • benchmark/package.json
    • benchmark/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 671/1000
Why? Recently disclosed, Has a fix available, CVSS 7.7		 Improper Input Validation
SNYK-JS-JSONWEBTOKEN-3180020		 No No Known Exploit
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 No No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 No No Known Exploit
medium severity 626/1000
Why? Recently disclosed, Has a fix available, CVSS 6.8		 Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: danger The new version differs by 200 commits.
  • 54f7f7a Release 11.2.1
  • d7cd274 Try wrap up PR
  • 042c4fa Merge branch 'main' of https://github.com/danger/danger-js
  • 0f48d32 Merge pull request #1342 from pepix/support-arm64-target
  • 64d9833 Merge pull request #1345 from connyay/cjh-bump-jwt
  • dea9c6c Upgrade jsonwebtoken and @ types/jsonwebtoken
  • 40bdfe1 Add a new workflow to build binaries for macOS architectres on GitHub Actions
  • 4efada7 Update release-it.json and create-homebrew-tap-pr.sh
  • 16271cd Support arm64 binary generation
  • ad3c542 Release 11.2.0
  • 6829c33 CHANGELOG for release
  • c3641dc Merge pull request #1331 from hcomde/issue_1138_gitlab_threads
  • f8453e9 Merge pull request #1337 from stodirascu/fix-github-action
  • beb7f41 Moving the GITHUB_WORKFLOW check before actually getting the userInfo
  • 90f595b GitLab: Add support to use threads instead of comments
  • 639898f Merge pull request #1336 from falkenhawk/patch-1
  • 7b60e62 fix messing the order of messages
  • 0c8804f Merge pull request #1332 from ivankatliarchuk/issue_1330
  • 886616b use this.log instead
  • 98fd3f0 update message
  • c4d1cbf wip
  • 3a97856 update CHANGELOG
  • 6b47827 added environment variable DANGER_SKIP_WHEN_EMPTY
  • 2bcccbd Update issue_template.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

nahtnam avatar Jan 06 '23 10:01 nahtnam

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Updated
light ⬜️ Ignored (Inspect) Jan 6, 2023 at 10:56AM (UTC)

vercel[bot] avatar Jan 06 '23 10:01 vercel[bot]

Codecov Report

Merging #1213 (9acaffa) into master (40e3c99) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1213   +/-   ##
=======================================
  Coverage   20.30%   20.30%           
=======================================
  Files          36       36           
  Lines         330      330           
  Branches       54       54           
=======================================
  Hits           67       67           
- Misses        241      263   +22     
+ Partials       22        0   -22
Impacted Files Coverage Δ
packages/@lightjs/cli/src/index.ts 0.00% <0.00%> (ø)
packages/@lightjs/cli/src/commands/dev.ts 0.00% <0.00%> (ø)
packages/@lightjs/cli/src/commands/start.ts 0.00% <0.00%> (ø)
packages/@lightjs/test/src/createTest/index.ts 0.00% <0.00%> (ø)
packages/@lightjs/core/src/createRoute/index.ts 83.72% <0.00%> (ø)
packages/@lightjs/logger/src/useLogger/index.ts 0.00% <0.00%> (ø)
packages/@lightjs/config/src/utils/importFile.ts 0.00% <0.00%> (ø)
packages/@lightjs/router/src/createRouter/index.ts 0.00% <0.00%> (ø)
packages/@lightjs/server/src/createServer/index.ts 0.00% <0.00%> (ø)
...ages/@lightjs/router/src/utils/importRouteFiles.ts 0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Jan 06 '23 10:01 codecov[bot]