ui5-deployer icon indicating copy to clipboard operation
ui5-deployer copied to clipboard

Published 20 hours ago verified publisher icon mauriciolauffer

[Snyk] Security upgrade @ui5/project from 2.6.0 to 3.0.0

Open mauriciolauffer opened this issue 11 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @ui5/project The new version differs by 250 commits.
  • 7fe77e2 Release 3.0.0
  • d12ba16 [INTERNAL] Bump @ ui5/builder from 3.0.0-rc.6 to 3.0.0
  • 3a3d1ed [INTERNAL] Bump @ ui5/fs from 3.0.0-rc.6 to 3.0.0
  • 3eaa1e9 [INTERNAL] CHANGELOG.md: Consolidate V3 release (#566)
  • fa73d60 [INTERNAL] Bump @ ui5/logger from 3.0.1-rc.3 to 3.0.0
  • b5dff16 [INTERNAL] Bump @ ui5/builder from 3.0.0-rc.5 to 3.0.0-rc.6
  • 9c7e057 Release 3.0.0-rc.9
  • 32e9a99 In-range update of npm dependencies
  • 8385a31 [INTERNAL] Schema: Allow metadata.name to be up to 80 characters long
  • ef65682 [INTERNAL] Bump jsdoc from 3.6.11 to 4.0.0 (#508)
  • c9bd7df [INTERNAL] Bump @ ui5/builder from 3.0.0-rc.5 to 3.0.0-rc.5
  • 1063b7c In-range update of npm dependencies
  • e91b0f2 [INTERNAL] package-lock.json: Enforce lockfileVersion 3
  • 41258dd [INTERNAL] Workspace: Correct JSDoc
  • 292b454 [FIX] Validator contructor checks (#567)
  • f981d62 In-range update of npm dependencies
  • 467be9e Release 3.0.0-rc.8
  • 0f01f22 [INTERNAL] Specification: Fix tests based on UI5 FS changes
  • 836e2cc [INTERNAL] Bump @ ui5/fs from 3.0.0-rc.4 to 3.0.0-rc.6
  • f36b50e [INTERNAL] Module/Specification: Ensure modulePath is absolute
  • c02a923 [INTERNAL] Bump @ ui5/logger from 3.0.1-rc.2 to 3.0.1-rc.3
  • 0b18741 [INTERNAL] Upgrade supported node version and CI (#562)
  • 1510630 [INTERNAL] Workspace: Minor cleanups
  • b77ca2f [FEATURE] Add 'UI5 Workspace' Support (#494)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')

mauriciolauffer avatar Mar 22 '24 18:03 mauriciolauffer