design-system
design-system copied to clipboard
Published
20 hours ago •
salesforce-ux
salesforce-ux
[Snyk] Security upgrade simple-git from 2.21.0 to 3.15.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Command Injection SNYK-JS-SIMPLEGIT-2421199 |
Yes | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') SNYK-JS-SIMPLEGIT-2434306 |
Yes | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3112221 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: simple-git
The new version differs by 250 commits.- e1d66b6 Merge pull request #863 from steveukx/changeset-release/main
- d4764bf Version Packages
- 7746480 Chore: bump lerna, jest and create prettier workflow (#862)
- 47030d5 Merge pull request #861 from steveukx/security/protocols
- 6b3c631 Create the `unsafe` plugin to configure how `simple-git` treats known potentially unsafe operations.
- 3324eed Merge pull request #855 from steveukx/changeset-release/main
- e459622 Version Packages
- 2ea0231 Merge pull request #854 from steveukx/chore/update-lerna
- 5a2e7e4 Add version parsing support for non-numeric patches (to include built… (#853)
- 88fee05 Chore: bump lerna to latest `5.5.1`
- 0f964ba Merge pull request #849 from steveukx/changeset-release/main
- 6460a1f Version Packages
- 4259b26 Create interface for retrieving git version information (#850)
- 19029fc Abort plugin (#848)
- 1cd0dac Merge pull request #842 from steveukx/changeset-release/main
- ee801ae Version Packages
- d0dceda Allow using just one of `from` and `to` in the `git.log` options. (#846)
- 6b3e05c Share test utilities (#843)
- a975980 Merge pull request #841 from steveukx/feat/remove-legacy-promise
- 87b0d75 Changeset
- 670d854 Remove `/promise` type definitions, allow JavaScript to `require('simple-git/promise')` with deprecation notice written to `console.error`
- bf97246 Revert "Remove ability to import `/promise` types and throw when required."
- 1631776 Remove legacy promise integration test
- 2ac1d3f Remove ability to import `/promise` types and throw when required.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
