Skip to content

[Snyk] Fix for 2 vulnerabilities #159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #159

wants to merge 1 commit into from

Conversation

@Omrisnyk
Copy link
Owner

@Omrisnyk Omrisnyk commented May 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • large-file/package.json
    • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity Reachability
high severity 125/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit No Path Found
high severity 125/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 Yes No Known Exploit No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @cypress/browserify-preprocessor
  • 3.0.2 - 2021-11-04

    3.0.2 (2021-11-04)

    Miscellaneous

    • deps: update dependency glob-parent to version 5.1.2 🌟 (#84) (61dae70)
  • 3.0.1 - 2020-07-14

    3.0.1 (2020-07-14)

    Bug Fixes

    • Handle function transforms when typescript is set (#57) (fb2f417), closes #56
  • 3.0.0 - 2020-05-21

    3.0.0 (2020-05-21)

    Breaking Changes

    • This plugin now requires Node.js 8+

    Bug Fixes

    • Validate type of typescript option and its existence as a path (3fb7b2c)
    • Improve error when attempting to preprocess a TypeScript file but the typescript option is not set (36d77a8)
  • 2.2.4 - 2020-05-11

    2.2.4 (2020-05-11)

    Bug Fixes

    • generate sourcemaps on .ts and .tsx files (#51) (d64122c)
  • 2.2.3 - 2020-05-08

    2.2.3 (2020-05-08)

    Bug Fixes

    • Only enable TypeScript jsx compiling for .js, .jsx, and .tsx files (#45) (00e9be9)
  • 2.2.2 - 2020-04-23

    2.2.2 (2020-04-23)

    Bug Fixes

    • Fix TypeScript iterator support. (#43) (f549896)
  • 2.2.1 - 2020-04-04

    2.2.1 (2020-04-04)

    Bug Fixes

    • Fix lib files not being published (#40) (24117d0)
  • 2.2.0 - 2020-04-03

    2.2.0 (2020-04-03)

    Features

    • Add out-of-the-tbox typescript support (#38) (344a057)
  • 2.1.4 - 2020-02-11

    2.1.4 (2020-02-11)

    Bug Fixes

  • 2.1.3 - 2020-02-05

    2.1.3 (2020-02-05)

    Bug Fixes

  • 2.1.2 - 2020-02-05
  • 2.1.1 - 2019-06-07
from @cypress/browserify-preprocessor GitHub release notes
Package name: anymatch
  • 3.0.0 - 2019-04-10

    Release 3.0.0.

  • 2.0.0 - 2017-12-22
    • (Breaking) Bump micromatch to ^3
    • Move to micromatch organization
from anymatch GitHub release notes
Package name: babel-plugin-add-module-exports
  • 1.0.2 - 2019-04-17
  • 1.0.0 - 2018-09-11

    Documentation

    • remove [@ next](https://github.com/next) tag (7fd260d)

    BREAKING CHANGES

    • change v2 tag @ latest to @ legacy
from babel-plugin-add-module-exports GitHub release notes
Package name: chokidar
  • 3.0.0 - 2019-04-30
  • 2.1.8 - 2019-08-21
  • 2.1.6 - 2019-05-15
  • 2.1.5 - 2019-03-22
  • 2.1.4 - 2019-03-22
  • 2.1.3 - 2019-03-22
  • 2.1.2 - 2019-02-18
  • 2.1.1 - 2019-02-11
  • 2.1.0 - 2019-02-05
  • 2.0.4 - 2018-06-18
  • 2.0.3 - 2018-03-23
  • 2.0.2 - 2018-02-14
  • 2.0.1 - 2018-02-08
  • 2.0.0 - 2017-12-29
from chokidar GitHub release notes
Package name: jest-config
  • 28.0.0 - 2022-04-25

    Blog post: https://jestjs.io/blog/2022/04/25/jest-28

    Features

    • [babel-jest] Export createTransformer function (#12399)
    • [expect] Expose AsymmetricMatchers, MatcherFunction and MatcherFunctionWithState interfaces (#12363, #12376)
    • [jest-circus] Support error logging before retry (#12201)
    • [jest-circus, jest-jasmine2] Allowed classes and functions as describe and it/test names (#12484)
    • [jest-cli, jest-config] [BREAKING] Remove testURL config, use testEnvironmentOptions.url instead (#10797)
    • [jest-cli, jest-core] Add --shard parameter for distributed parallel test execution (#12546)
    • [jest-cli] [BREAKING] Remove undocumented --timers option (#12572)
    • [jest-config] [BREAKING] Stop shipping jest-environment-jsdom by default (#12354)
    • [jest-config] [BREAKING] Stop shipping jest-jasmine2 by default (#12355)
    • [jest-config, @ jest/types] Add ci to GlobalConfig (#12378)
    • [jest-config] [BREAKING] Rename moduleLoader to runtime (#10817)
    • [jest-config] [BREAKING] Rename extraGlobals to sandboxInjectedGlobals (#10817)
    • [jest-config] [BREAKING] Throw an error instead of showing a warning if multiple configs are used (#12510)
    • [jest-config] [BREAKING] Do not normalize long deprecated configuration options preprocessorIgnorePatterns, scriptPreprocessor, setupTestFrameworkScriptFile and testPathDirs (#12701)
    • [jest-cli, jest-core] Add --ignoreProjects CLI argument to ignore test suites by project name (#12620)
    • [jest-core] Pass project config to globalSetup/globalTeardown function as second argument (#12440)
    • [jest-core] Stabilize test runners with event emitters (#12641)
    • [jest-core, jest-watcher] [BREAKING] Move TestWatcher class to jest-watcher package (#12652)
    • [jest-core] Allow using Summary Reporter as stand-alone reporter (#12687)
    • [jest-environment-jsdom] [BREAKING] Upgrade jsdom to 19.0.0 (#12290)
    • [jest-environment-jsdom] [BREAKING] Add default browser condition to exportConditions for jsdom environment (#11924)
    • [jest-environment-jsdom] [BREAKING] Pass global config to Jest environment constructor for jsdom environment (#12461)
    • [jest-environment-jsdom] [BREAKING] Second argument context to constructor is mandatory (#12469)
    • [jest-environment-node] [BREAKING] Add default node and node-addon conditions to exportConditions for node environment (#11924)
    • [jest-environment-node] [BREAKING] Pass global config to Jest environment constructor for node environment (#12461)
    • [jest-environment-node] [BREAKING] Second argument context to constructor is mandatory (#12469)
    • [jest-environment-node] Add all available globals to test globals, not just explicit ones (#12642, #12696)
    • [@ jest/expect] New module which extends expect with jest-snapshot matchers (#12404, #12410, #12418)
    • [@ jest/expect-utils] New module exporting utils for expect (#12323)
    • [@ jest/fake-timers] [BREAKING] Rename timers configuration option to fakeTimers (#12572)
    • [@ jest/fake-timers] [BREAKING] Allow jest.useFakeTimers() and projectConfig.fakeTimers to take an options bag (#12572)
    • [jest-haste-map] [BREAKING] HasteMap.create now returns a promise (#12008)
    • [jest-haste-map] Add support for dependencyExtractor written in ESM (#12008)
    • [jest-mock] [BREAKING] Rename exported utility types ClassLike, FunctionLike, ConstructorLikeKeys, MethodLikeKeys, PropertyLikeKeys; remove exports of utility types ArgumentsOf, ArgsType, ConstructorArgumentsOf - TS builtin utility types ConstructorParameters and Parameters should be used instead (#12435, #12489)
    • [jest-mock] Improve isMockFunction to infer types of passed function (#12442)
    • [jest-mock] [BREAKING] Improve the usage of jest.fn generic type argument (#12489)
    • [jest-mock] Add support for auto-mocking async generator functions (#11080)
    • [jest-mock] Add contexts member to mock functions (#12601)
    • [@ jest/reporters] Add GitHub Actions reporter (#11320, #12658)
    • [@ jest/reporters] Pass reporterContext to custom reporter constructors as third argument (#12657)
    • [jest-resolve] [BREAKING] Add support for package.json exports (#11961, #12373)
    • [jest-resolve] Support package self-reference (#12682)
    • [jest-resolve, jest-runtime] Add support for data: URI import and mock (#12392)
    • [jest-resolve, jest-runtime] Add support for async resolver (#11540)
    • [jest-resolve] [BREAKING] Remove browser?: boolean from resolver options, conditions: ['browser'] should be used instead (#12707)
    • [jest-resolve] Expose JestResolver, AsyncResolver, SyncResolver, PackageFilter, PathFilter and PackageJSON types (#12707, (#12712)
    • [jest-runner] Allow setupFiles module to export an async function (#12042)
    • [jest-runner] Allow passing testEnvironmentOptions via docblocks (#12470)
    • [jest-runner] Expose CallbackTestRunner, EmittingTestRunner abstract classes and CallbackTestRunnerInterface, EmittingTestRunnerInterface to help typing third party runners (#12646, #12715)
    • [jest-runner] Lock version of source-map-support to 0.5.13 (#12720)
    • [jest-runtime] [BREAKING] Runtime.createHasteMap now returns a promise (#12008)
    • [jest-runtime] Calling jest.resetModules function will clear FS and transform cache (#12531)
    • [jest-runtime] [BREAKING] Remove Context type export, it must be imported from @ jest/test-result (#12685)
    • [jest-runtime] Add import.meta.jest (#12698)
    • [@ jest/schemas] New module for JSON schemas for Jest's config (#12384)
    • [@ jest/source-map] Migrate from source-map to @ jridgewell/trace-mapping (#12692)
    • [jest-transform] [BREAKING] Make it required for process() and processAsync() methods to always return structured data (#12638)
    • [jest-test-result] Add duration property to JSON test output (#12518)
    • [jest-watcher] [BREAKING] Make PatternPrompt class to take entityName as third constructor parameter instead of this._entityName (#12591)
    • [jest-worker] [BREAKING] Allow only absolute workerPath (#12343)
    • [jest-worker] [BREAKING] Default to advanced serialization when using child process workers (#10983)
    • [pretty-format] New maxWidth parameter (#12402)

    Fixes

    • [*] Use sha256 instead of md5 as hashing algortihm for compatibility with FIPS systems (#12722)
    • [babel-jest] [BREAKING] Pass rootDir as root in Babel's options (#12689)
    • [expect] Move typings of .not, .rejects and .resolves modifiers outside of Matchers interface (#12346)
    • [expect] Throw useful error if expect.extend is called with invalid matchers (#12488)
    • [expect] Fix iterableEquality ignores other properties (#8359)
    • [expect] Fix print for the closeTo matcher (#12626)
    • [jest-changed-files] Improve changedFilesWithAncestor pattern for Mercurial SCM (#12322)
    • [jest-circus, @ jest/types] Disallow undefined value in TestContext type (#12507)
    • [jest-config] Correctly detect CI environment and update snapshots accordingly (#12378)
    • [jest-config] Pass moduleTypes to ts-node to enforce CJS when transpiling (#12397)
    • [jest-config] [BREAKING] Add mjs and cjs to default moduleFileExtensions config (#12578)
    • [jest-config, jest-haste-map] Allow searching for tests in node_modules by exposing retainAllFiles (#11084)
    • [jest-core] [BREAKING] Exit with status 1 if no tests are found with --findRelatedTests flag (#12487)
    • [jest-core] Do not report unref-ed subprocesses as open handles (#12705)
    • [jest-each] %# is not replaced with index of the test case (#12517)
    • [jest-each] Fixes error message with incorrect count of missing arguments (#12464)
    • [jest-environment-jsdom] Make jsdom accessible to extending environments again (#12232)
    • [jest-environment-jsdom] Log JSDOM errors more cleanly (#12386)
    • [jest-environment-node] Add MessageChannel, MessageEvent to globals (#12553)
    • [jest-environment-node] Add structuredClone to globals (#12631)
    • [@ jest/expect-utils] [BREAKING] Fix false positives when looking for undefined prop (#8923)
    • [jest-haste-map] Don't use partial results if file crawl errors (#12420)
    • [jest-haste-map] Make watchman existence check lazy+async (#12675)
    • [jest-jasmine2, jest-types] [BREAKING] Move all jasmine specific types from @ jest/types to its own package (#12125)
    • [jest-jasmine2] Do not set duration to 0 for skipped tests (#12518)
    • [jest-matcher-utils] Pass maxWidth to pretty-format to avoid printing every element in arrays by default (#12402)
    • [jest-mock] Fix function overloads for spyOn to allow more correct type inference in complex object (#12442)
    • [jest-mock] Handle overridden Function.name property (#12674)
    • [@ jest/reporters] Notifications generated by the --notify flag are no longer persistent in GNOME Shell. (#11733)
    • [@ jest/reporters] Move missing icon file which is needed for NotifyReporter class. (#12593)
    • [@ jest/reporters] Update v8-to-istanbul (#12697)
    • [jest-resolver] Call custom resolver with core node.js modules (#12654)
    • [jest-runner] Correctly resolve source-map-support (#12706)
    • [jest-worker] Fix Farm execution results memory leak (#12497)

    Chore & Maintenance

    • [*] [BREAKING] Drop support for Node v10 and v15 and target first LTS 16.13.0 (#12220)
    • [*] [BREAKING] Drop support for [email protected], minimum version is now 4.3 (#11142, #12648)
    • [*] Bundle all .d.ts files into a single index.d.ts per module (#12345)
    • [*] Use globalThis instead of global (#12447)
    • [babel-jest] [BREAKING] Only export createTransformer (#12407)
    • [docs] Add note about not mixing done() with Promises (#11077)
    • [docs, examples] Update React examples to match with the new React guidelines for code examples (#12217)
    • [docs] Add clarity for module factory hoisting limitations (#12453)
    • [docs] Add more information about how code transformers work (#12407)
    • [docs] Add upgrading guide (#12633)
    • [expect] [BREAKING] Remove support for importing build/utils (#12323)
    • [expect] [BREAKING] Migrate to ESM (#12344)
    • [expect] [BREAKING] Snapshot matcher types are moved to @ jest/expect (#12404)
    • [jest-cli] Update yargs to v17 (#12357)
    • [jest-config] [BREAKING] Remove getTestEnvironment export (#12353)
    • [jest-config] [BREAKING] Rename config option name to id (#11981)
    • [jest-create-cache-key-function] Added README.md file with basic usage instructions (#12492)
    • [@ jest/core] Use index.ts instead of jest.ts as main export (#12329)
    • [jest-environment-jsdom] [BREAKING] Migrate to ESM (#12340)
    • [jest-environment-node] [BREAKING] Migrate to ESM (#12340)
    • [jest-haste-map] Remove legacy isRegExpSupported (#12676)
    • [@ jest/fake-timers] Update @ sinonjs/fake_timers to v9 (#12357)
    • [jest-jasmine2, jest-runtime] [BREAKING] Use Symbol to pass jest.setTimeout value instead of jasmine specific logic (#12124)
    • [jest-phabricator] [BREAKING] Migrate to ESM (#12341)
    • [jest-resolve] [BREAKING] Make requireResolveFunction argument mandatory (#12353)
    • [jest-runner] [BREAKING] Remove some type exports from @ jest/test-result (#12353)
    • [jest-runner] [BREAKING] Second argument to constructor (Context) is not optional (#12640)
    • [jest-serializer] [BREAKING] Deprecate package in favour of using v8 APIs directly (#12391)
    • [jest-snapshot] [BREAKING] Migrate to ESM (#12342)
    • [jest-transform] Update write-file-atomic to v4 (#12357)
    • [jest-types] [BREAKING] Remove Config.Glob and Config.Path (#12406)
    • [jest] Use index.ts instead of jest.ts as main export (#12329)

    Performance

    • [jest-haste-map] [BREAKING] Default to node crawler over shelling out to find if watchman is not enabled (#12320)

    New Contributors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

TypeScript handling assumes all transforms are specified as arrays

3 participants

@Omrisnyk @snyk-bot