search

Brain-up / brn

The idea of this project is to design and make a web-application (with scientist cooperation) which would contained series of special audio trainings to support people with central auditory skills deficit to allow them to train them to listen better.
https://brainup.site
Creative Commons Zero v1.0 Universal
59 stars 26 forks source link

[Snyk] Security upgrade swagger-ui from 4.1.3 to 5.12.1 #2579

Open ElenaSpb opened 4 months ago

ElenaSpb commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - frontend-angular/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Template Injection
[SNYK-JS-DOMPURIFY-6474511](https://snyk.io/vuln/SNYK-JS-DOMPURIFY-6474511) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: swagger-ui The new version differs by 250 commits.
  • b2e673d fix(try-it-out): fix issues related to building requests from parameters (#9746)
  • 8225cfd chore(deps-dev): bump @ babel/cli from 7.23.9 to 7.24.1 (#9743)
  • 357dff3 chore(deps-dev): bump autoprefixer from 10.4.18 to 10.4.19 (#9742)
  • 0dc3c7c chore(deps): bump dompurify from 3.0.10 to 3.0.11 (#9741)
  • bf65c4e chore(deps-dev): bump cssnano from 6.1.0 to 6.1.1 (#9737)
  • 9694620 chore(deps-dev): bump cypress from 13.7.0 to 13.7.1 (#9735)
  • ec4e982 chore(deps): bump @ braintree/sanitize-url from 7.0.0 to 7.0.1 (#9736)
  • a2fdae9 chore(deps-dev): bump webpack from 5.90.3 to 5.91.0 (#9726)
  • b928c09 chore(deps-dev): bump express from 4.18.3 to 4.19.1 (#9727)
  • 99724a1 chore(deps-dev): bump @ commitlint/cli from 19.2.0 to 19.2.1 (#9725)
  • 7c4fa83 chore(deps-dev): bump webpack-dev-server from 5.0.3 to 5.0.4 (#9719)
  • b3fb525 chore(deps-dev): bump @ babel/preset-react from 7.23.3 to 7.24.1 (#9721)
  • 8edca10 chore(deps): bump dompurify from 3.0.9 to 3.0.10 (#9720)
  • 6bb810a chore(deps-dev): bump @ babel/core from 7.24.0 to 7.24.1 (#9715)
  • a2daeda chore(deps-dev): bump @ babel/plugin-transform-runtime (#9716)
  • ac4c853 chore(deps-dev): bump @ babel/eslint-parser from 7.23.10 to 7.24.1 (#9714)
  • f91ca82 chore(deps-dev): bump eslint-plugin-react from 7.34.0 to 7.34.1 (#9707)
  • 24c0165 chore(deps-dev): bump postcss from 8.4.35 to 8.4.36 (#9708)
  • b4b42ac chore(deps-dev): bump postcss-preset-env from 9.5.1 to 9.5.2 (#9706)
  • 95feee2 chore(deps-dev): bump @ commitlint/cli from 19.1.0 to 19.2.0 (#9701)
  • 37e2c27 chore(deps): bump follow-redirects from 1.15.4 to 1.15.6 (#9704)
  • cebccaa chore(deps-dev): bump postcss-preset-env from 9.5.0 to 9.5.1 (#9695)
  • 49a73c5 chore(deps-dev): bump cypress from 13.6.6 to 13.7.0 (#9697)
  • 7c4d0fb chore(deps-dev): bump sass from 1.71.1 to 1.72.0 (#9696)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/elenaspb/project/8f4b08b3-f1b7-423b-9504-0ca2db797054?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/elenaspb/project/8f4b08b3-f1b7-423b-9504-0ca2db797054?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"4690c4c2-2228-488f-af3f-49f0a48f69b3","prPublicId":"4690c4c2-2228-488f-af3f-49f0a48f69b3","dependencies":[{"name":"swagger-ui","from":"4.1.3","to":"5.12.1"}],"packageManager":"npm","projectPublicId":"8f4b08b3-f1b7-423b-9504-0ca2db797054","projectUrl":"https://app.snyk.io/org/elenaspb/project/8f4b08b3-f1b7-423b-9504-0ca2db797054?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DOMPURIFY-6474511"],"upgrade":["SNYK-JS-DOMPURIFY-6474511"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)
github-actions[bot] commented 4 months ago

Frontend test coverage: 45.59%

:man_shrugging: Did not change

github-actions[bot] commented 4 months ago

Gradle Unit and Integration Test Results

484 tests  Β±0   480 :heavy_check_mark: Β±0   58s :stopwatch: +3s 115 suites Β±0β€‚β€ƒβ€ƒβŸβ€„βŸβ€„4 :zzz: Β±0  115 files   Β±0β€‚β€ƒβ€ƒβŸβ€„βŸβ€„0 :x: Β±0 

Results for commit 91f08637. ± Comparison against base commit 5b763268.