ExtensionEngine / tailor

Content authoring platform
MIT License
31 stars 10 forks source link

[Snyk] Security upgrade lerna from 7.3.0 to 8.1.3 #1135

Closed MiroDojkic closed 5 months ago

MiroDojkic commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Uncontrolled Resource Consumption ('Resource Exhaustion')
[SNYK-JS-TAR-6476909](https://snyk.io/vuln/SNYK-JS-TAR-6476909) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: lerna The new version differs by 92 commits.
  • 059864f chore(misc): publish 8.1.3
  • eb07f5d chore: re-enable some e2e tests (#4004)
  • 03f476b fix: update to nx 19 (#4003)
  • c3b9b16 chore(deps): bump express from 4.18.2 to 4.19.2 in /website (#3984)
  • 6dc22b7 chore(deps): bump express and verdaccio (#4002)
  • b4a5166 chore(deps): bump ejs from 3.1.9 to 3.1.10 (#3994)
  • 3fe0cf0 fix(deps): bump tar from 6.1.11 to 6.2.1 (#3990)
  • 5e25858 chore: tmp disable failing e2e tests (#4001)
  • 11d25f5 chore(docs): fix typo (#3987)
  • e2d5b94 chore: pin pnpm v8 (#3997)
  • c78d8ff chore(docs): remove mention of useWorkspaces (#3986)
  • cbe01ba fix(version): create release when using custom tag-version-separator (#3979)
  • 0cbf857 chore(deps): bump follow-redirects from 1.15.5 to 1.15.6 (#3977)
  • 6426da8 fix(list): flush output before exiting (#3971)
  • 97cffa7 chore(deps): bump ip from 2.0.0 to 2.0.1 (#3960)
  • bb68e00 chore: update snapshots (#3968)
  • 13c80ae chore: unset GITHUB_ACTIONS environment variable in other node versions workflow
  • 9a4ad5e chore(misc): publish 8.1.2
  • 7637972 fix: improve git binary error (#3945)
  • b2b8b7d chore(misc): publish 8.1.1
  • bafe090 fix(list): explicitly exit upon completion
  • 8c7316e chore(misc): publish 8.1.0
  • e7beaf3 chore: disable daemon in build.sh
  • 43de79c feat(version): custom tag-version-separator for independent projects (#3951)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/extensionengine/project/741850e0-e76e-4f9d-93b0-c731bc36372c?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/extensionengine/project/741850e0-e76e-4f9d-93b0-c731bc36372c?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"5122a33b-6ffe-4ff4-9f2c-2717c38c4907","prPublicId":"5122a33b-6ffe-4ff4-9f2c-2717c38c4907","dependencies":[{"name":"lerna","from":"7.3.0","to":"8.1.3"}],"packageManager":"npm","projectPublicId":"741850e0-e76e-4f9d-93b0-c731bc36372c","projectUrl":"https://app.snyk.io/org/extensionengine/project/741850e0-e76e-4f9d-93b0-c731bc36372c?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-TAR-6476909"],"upgrade":["SNYK-JS-TAR-6476909"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[646],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Uncontrolled Resource Consumption ('Resource Exhaustion')](https://learn.snyk.io/lesson/redos/?loc=fix-pr)