sendgrid-oai icon indicating copy to clipboard operation
sendgrid-oai copied to clipboard

Published 20 hours ago verified publisher icon sendgrid

[Snyk] Security upgrade @stoplight/spectral-cli from 6.6.0 to 6.9.0

Open svcprodsec-sendgrid opened this issue 10 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 876/1000
Why? Mature exploit, Has a fix available, CVSS 9.8		 Remote Code Execution (RCE)
SNYK-JS-VM2-5772825		 No Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @stoplight/spectral-cli The new version differs by 94 commits.
  • bddf82e chore(release): 6.9.0 [skip ci]
  • 9b2d347 feat(cli): use hpagent (#2513)
  • ed6b65c build(cli): build nix binaries for both x64 and arm64 (#2492)
  • 890d88c chore(deps): bump word-wrap from 1.2.3 to 1.2.5 (#2514)
  • 86af2af chore(repo): add Node 20.5 to the matrix (#2478)
  • 50d8825 chore(release): 1.18.3 [skip ci]
  • 69403c1 fix(core): pointer in overrides are applied too broadly (#2511)
  • 91bdc88 chore(deps): bump semver from 5.7.1 to 5.7.2 (#2502)
  • 641660c chore(release): 1.0.4 [skip ci]
  • 6f73151 fix(ref-resolver): update @ stoplight/json-ref-resolver from ~3.1.5 to ~3.1.6
  • a3ddee8 chore(release): 1.0.3 [skip ci]
  • e906d20 fix(parsers): update @ stoplight/json from ~3.20.1 to ~3.21.0
  • 13bec9f chore(release): 1.18.2 [skip ci]
  • 46ff8ff test(runtime): update expected values
  • 3b18cbb test(formatters): update expected outputs
  • 758de21 fix(core): dedupe paths containing special characters correctly
  • a79d26a chore(release): 1.18.1 [skip ci]
  • db91553 fix(core): invalid then produced by Rule#toJSON (#2496)
  • ed6e1dc docs(repo): adds json formatter docs (#2481)
  • f7512e5 chore(release): 1.9.4 [skip ci]
  • 89a6a67 fix(ruleset-migrator): correct package.json's browser field (#2497)
  • 39a341c chore(repo): disable scheduled-packages-release
  • 6f392d2 chore(release): 1.1.0 [skip ci]
  • 84faec8 chore(repo): use multi-semantic-release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

svcprodsec-sendgrid avatar Apr 03 '24 18:04 svcprodsec-sendgrid