ui5-deployer
ui5-deployer copied to clipboard
Published
20 hours ago •
mauriciolauffer
mauriciolauffer
[Snyk] Security upgrade @ui5/project from 2.6.0 to 3.7.2
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 |
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @ui5/project
The new version differs by 250 commits.- 10535a4 Release 3.7.2
- c2a9efc [INTERNAL] Bump @ ui5/builder from 3.0.9 to 3.1.0
- b1771a4 [INTERNAL] Bump @ ui5/fs from 3.0.4 to 3.0.5
- 10be704 [INTERNAL] npm/maven Registry: Restore use of shared keep-alive agents
- f2d5653 In-range update of npm dependencies
- f2e264e [DEPENDENCY] Bump make-fetch-happen from 11.1.1 to 13.0.0
- f071399 [DEPENDENCY] Bump pacote from 15.2.0 to 17.0.4
- c9f5218 [DEPENDENCY] Bump @ npmcli/config from 6.4.0 to 8.0.0
- 77b68a1 In-range update of npm dependencies
- 37925b7 Release 3.7.1
- d77dc32 In-range update of npm dependencies
- 1a272d2 [FIX] Allow usage of after/before task assignment for all standard tasks (#628)
- ec5d7cc In-range update of npm dependencies
- f7acea2 [INTERNAL] Bump sinon from 15.2.0 to 16.0.0
- e8483fa In-range update of npm dependencies
- 37ce293 Bump coverallsapp/github-action from 2.2.1 to 2.2.3
- f4e52cd Bump actions/checkout from 3 to 4
- f69a28d [INTERNAL] dependabot auto-merge: fix workflow
- 5831256 [INTERNAL] Revert "Azure Pipelines: Switch back to Node 20.5.x" (#662)
- 70ef2e4 In-range update of npm dependencies
- 3a79ba2 [INTERNAL] createWorkspace: Remove dead code and test uncovered paths
- 380a5ac Release 3.7.0
- 8b667ef [INTERNAL] Add code comment
- 916fb34 [INTERNAL] Sapui5Resolver: add tests for tag handling
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)
