search

GroceriStar / calendar

React components related to creating Meal Calendar Frontend
https://lucid-ramanujan-f9a90c.netlify.com/
GNU General Public License v3.0
1 stars 4 forks source link

Update dependency snyk to v1.996.0 [SECURITY] #1030

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
snyk 1.963.0 -> 1.996.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957.

Release Notes

snyk/snyk (snyk) ### [`v1.996.0`](https://togithub.com/snyk/cli/releases/tag/v1.996.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.995.0...v1.996.0) ##### Bug Fixes - bump golang plugin version ([8893f81](https://togithub.com/snyk/snyk/commit/8893f81c39ee66dc61454a6f9e0036dccd8d3b81)) ##### Features - add --var-file support ([537372d](https://togithub.com/snyk/snyk/commit/537372d26b05ca5c0f6a73fa6a6be3438e6c78fc)) ### [`v1.995.0`](https://togithub.com/snyk/cli/releases/tag/v1.995.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.994.0...v1.995.0) ##### Bug Fixes - matching configurations error on gradle version catalog ([20dcdae](https://togithub.com/snyk/snyk/commit/20dcdae8d097cc798a46df39b903cf00f9111e8c)) ### [`v1.994.0`](https://togithub.com/snyk/cli/releases/tag/v1.994.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.993.0...v1.994.0) ##### Bug Fixes - more IaC error codes ([e0227c3](https://togithub.com/snyk/snyk/commit/e0227c389d0215b52d28b4b0c43322f81503458f)) ##### Features - add custom severities to iac test config ([9d86574](https://togithub.com/snyk/snyk/commit/9d865740e2c9e95425516f817fb2be566f007253)) - add ignore count in the experimental version of iac test ([d390ca2](https://togithub.com/snyk/snyk/commit/d390ca2332d31895e35d9c72f357e57ced3bb9c9)) - Added support for depth-detection ([8cf1815](https://togithub.com/snyk/snyk/commit/8cf181582031466702aecd4cc0e39f64408dcef3)) ### [`v1.993.0`](https://togithub.com/snyk/cli/releases/tag/v1.993.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.992.0...v1.993.0) ##### Features - add scan flag support ([53951fc](https://togithub.com/snyk/snyk/commit/53951fcae8b804ba7d93caac7adbac2f3aad48bc)) ### [`v1.992.0`](https://togithub.com/snyk/cli/releases/tag/v1.992.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.991.0...v1.992.0) ##### Bug Fixes - `--target-name` bug ([3431f79](https://togithub.com/snyk/snyk/commit/3431f7979f4809a95470486a9952fea98951a33c)) - Spacing for issue descriptions with custom rules ([29b2fdb](https://togithub.com/snyk/snyk/commit/29b2fdb41f374f461b7d83831acc18ab9ac33f9d)) ### [`v1.991.0`](https://togithub.com/snyk/cli/releases/tag/v1.991.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.990.0...v1.991.0) ##### Features - add report summary ([d8e4ea8](https://togithub.com/snyk/snyk/commit/d8e4ea8d47587524e6e82e372173a10da2c07c2e)) - pass policy (.snyk) to iac-test via the config file. ([6d3ad76](https://togithub.com/snyk/snyk/commit/6d3ad7625bdb8fea908ab147522e6cce0669fb87)) ### [`v1.990.0`](https://togithub.com/snyk/cli/releases/tag/v1.990.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.989.0...v1.990.0) ##### Bug Fixes - none custom policies severity issues should be filtered out before sending them to registry ([4acacd2](https://togithub.com/snyk/snyk/commit/4acacd248b72d7c0366143199dbe85c8f6d70f6a)) ### [`v1.989.0`](https://togithub.com/snyk/cli/releases/tag/v1.989.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.988.0...v1.989.0) ##### Bug Fixes - downgrade snyk-go-plugin to 1.19.0 ([4643026](https://togithub.com/snyk/snyk/commit/4643026a0d2cd43cc6497b1d595252cfa5564148)) - increase buffer size ([8079fe3](https://togithub.com/snyk/snyk/commit/8079fe35861a4b88efb363cf746c9e33ebd238ca)) - update golang plugin ([a0e30d9](https://togithub.com/snyk/snyk/commit/a0e30d9bf6c8118e9f123448febef9ab5f8a7f2d)) - upgrade-docker-registry-v2-client ([275afb1](https://togithub.com/snyk/snyk/commit/275afb1a2ff5b9ec829a2b4b113bb241543209af)) ##### Features - pass remote-repo-url arg to snyk-iac-test ([18e8c87](https://togithub.com/snyk/snyk/commit/18e8c87dc5d3dff91b22fd894c37d0864333ed5d)) ### [`v1.988.0`](https://togithub.com/snyk/cli/releases/tag/v1.988.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.987.0...v1.988.0) ##### Bug Fixes - return exit code 3 when no resources can be found ([9d2e41f](https://togithub.com/snyk/snyk/commit/9d2e41f695b7aebf71e1a6b0b42497702380c4b2)) - upgrade docker-registry-v2-client lib ([374ba55](https://togithub.com/snyk/snyk/commit/374ba552c6b8356a9fc5f60ff08756c7bfb31d4b)) ##### Features - pass target-name arg to snyk-iac-test ([4352122](https://togithub.com/snyk/snyk/commit/4352122fc025fb32f0266acdf7498aebff00f6a9)) - stop caching rules ([71c866e](https://togithub.com/snyk/snyk/commit/71c866e52b76c1a23e193c6c1126d6c3ece0b7d5)) ### [`v1.987.0`](https://togithub.com/snyk/cli/releases/tag/v1.987.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.986.0...v1.987.0) ##### Bug Fixes - correct broken URLs for license issues ([8a46931](https://togithub.com/snyk/snyk/commit/8a469317bbf1efa1326f31d14e469b99972db275)) - Ensured the test spinner stops ([5d9d15f](https://togithub.com/snyk/snyk/commit/5d9d15f5d582dd93d8e7f8eaf9a90823f6610382)) ##### Features - remove reachability ([5500e25](https://togithub.com/snyk/snyk/commit/5500e25dfb047a49b87b003b962b9f288e0331a8)) - scan maven aggregate projects ([019bc45](https://togithub.com/snyk/snyk/commit/019bc458f0c1da234e4818263c0990f435cddb1f)) - share cache path with IaC plugin ([e254c0c](https://togithub.com/snyk/snyk/commit/e254c0c6dfc0437e76a1887373cc74d9a5879c6f)) - update snyk-iac-test to 0.18.1 ([379fe0c](https://togithub.com/snyk/snyk/commit/379fe0c4bd8945422f05376a9a85e03846ef6520)) ### [`v1.986.0`](https://togithub.com/snyk/cli/releases/tag/v1.986.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.985.0...v1.986.0) ##### Bug Fixes - wrong 2x count of iac issues with --report -multi-doc yaml ([06da34e](https://togithub.com/snyk/snyk/commit/06da34ee05364897bf9ae8ed4ab25c9a242efe71)) ### [`v1.985.0`](https://togithub.com/snyk/cli/releases/tag/v1.985.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.984.0...v1.985.0) ##### Bug Fixes - Fixed incomplete CC path when missing resource attributes ([6a4480c](https://togithub.com/snyk/snyk/commit/6a4480c0e25ff3bda80f56c15376fc07e9d16070)) - missing release in package version string ([dcb40ab](https://togithub.com/snyk/snyk/commit/dcb40abd340ad692642b7d57b3fbe99aa2a1be30)) - upgarde docker-registry-v2-client lib ([5de3cb1](https://togithub.com/snyk/snyk/commit/5de3cb1ed3758bd9c147eb741d82160685936bc3)) ##### Features - introduce —about flag to print attribution information ([60eaec8](https://togithub.com/snyk/snyk/commit/60eaec8bd90cdca11287dc4542a224a41d83d63e)) - pass projectTags arg to snyk-iac-test ([ae70c1e](https://togithub.com/snyk/snyk/commit/ae70c1e5f7687e75c07fbd6b37a345d597d5cd32)) ### [`v1.984.0`](https://togithub.com/snyk/snyk/compare/v1.983.0...v1.984.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.983.0...v1.984.0) ### [`v1.983.0`](https://togithub.com/snyk/cli/releases/tag/v1.983.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.982.0...v1.983.0) ##### Bug Fixes - use FormattedPath ([2ebfb71](https://togithub.com/snyk/snyk/commit/2ebfb7135b7f17991d6802eb4303f9d12f7bc177)) ##### Features - add project attributes support in --experimental ([08791f8](https://togithub.com/snyk/snyk/commit/08791f82c30a98c83870d8363740b895799afdd0)) - Implement AnyAuth Proxy Authentication support ([467b621](https://togithub.com/snyk/snyk/commit/467b621f886ebcf1122df230eb2a5b744beb6971)) ### [`v1.982.0`](https://togithub.com/snyk/cli/releases/tag/v1.982.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.981.0...v1.982.0) ##### Bug Fixes - upgrade docker plugin to improve stream parsing ([a59d8e4](https://togithub.com/snyk/snyk/commit/a59d8e4e85030980dad988789639273b2d0b2798)) ##### Features - pass configuration to snyk-iac-test ([6fb5992](https://togithub.com/snyk/snyk/commit/6fb599249faee68daa48a16cae5b9984ecc7ce59)) - upgrade snyk iac test to 0.13.1 ([ce7103e](https://togithub.com/snyk/snyk/commit/ce7103ee904b111fc64e3e50925c32ac71d14e08)) ### [`v1.981.0`](https://togithub.com/snyk/cli/releases/tag/v1.981.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.980.0...v1.981.0) ##### Bug Fixes - Add missing IaC issue props in JSON output ([da3a671](https://togithub.com/snyk/snyk/commit/da3a6710da061b551f76203efd02e65f31512a74)) ### [`v1.980.0`](https://togithub.com/snyk/cli/releases/tag/v1.980.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.979.0...v1.980.0) ##### Features - improve maven debug logging ([a0cdcfc](https://togithub.com/snyk/snyk/commit/a0cdcfc3bd5d19d8e4f204bcc1ec043a03ea175a)) ### [`v1.979.0`](https://togithub.com/snyk/cli/releases/tag/v1.979.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.978.0...v1.979.0) ##### Bug Fixes - handle gradle strict lock mode ([8905252](https://togithub.com/snyk/snyk/commit/890525290acab75f67eed9978e97b3a725ec9257)) ### [`v1.978.0`](https://togithub.com/snyk/cli/releases/tag/v1.978.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.977.0...v1.978.0) ##### Features - add SARIF support (CFG-1993) ([622c8f4](https://togithub.com/snyk/snyk/commit/622c8f424030ab181b461fbf51bdad2122550f03)) ### [`v1.977.0`](https://togithub.com/snyk/cli/releases/tag/v1.977.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.976.0...v1.977.0) ##### Bug Fixes - container app vulns json with experimental flag ([332d87b](https://togithub.com/snyk/snyk/commit/332d87bbb17590b1ffcc1a92c78b6ea363769208)) ##### Features - add deprecation message to test command ([7f191b5](https://togithub.com/snyk/snyk/commit/7f191b5fa63dc12232632b20351521d41f164477)) ### [`v1.976.0`](https://togithub.com/snyk/cli/releases/tag/v1.976.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.975.0...v1.976.0) ##### Features - improve comment handling for SBT scans ([cf862b9](https://togithub.com/snyk/snyk/commit/cf862b94b1d0101ff01068a8ca0e117021aec7d9)) ### [`v1.975.0`](https://togithub.com/snyk/cli/releases/tag/v1.975.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.974.0...v1.975.0) ##### Features - add test summary section to the experimental output ([b708086](https://togithub.com/snyk/snyk/commit/b7080861cc166689226df8f4c4027c68157cfd86)) ### [`v1.974.0`](https://togithub.com/snyk/cli/releases/tag/v1.974.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.973.0...v1.974.0) ##### Features - add 'target-name' flag support ([6305c3d](https://togithub.com/snyk/snyk/commit/6305c3d9404a16391081e61711605cdec5e823fd)) ### [`v1.973.0`](https://togithub.com/snyk/cli/releases/tag/v1.973.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.972.0...v1.973.0) ##### Bug Fixes - vuln links using demunge ([01154c9](https://togithub.com/snyk/snyk/commit/01154c9af0e1604519d962198379ec6c7ebe23c5)) ##### Features - add --remote-repo-url to "iac test" ([2a12048](https://togithub.com/snyk/snyk/commit/2a1204864666c5610f5a7b340a974ee22e72bdf2)) - update general vuln descriptions to point to pvdb ([ad80d74](https://togithub.com/snyk/snyk/commit/ad80d74a8af6434c5a77587bc784bf6113abf7dd)) - update spotlight vuln descriptions ([f536c9d](https://togithub.com/snyk/snyk/commit/f536c9d70d66b9bef277fa9debd2cdbc3caf9c94)) ### [`v1.972.0`](https://togithub.com/snyk/cli/releases/tag/v1.972.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.971.0...v1.972.0) ##### Bug Fixes - handle errors from /share-results ([5871079](https://togithub.com/snyk/snyk/commit/58710794dbcb5c146d06cf04bcb6e9eb4e9793c5)) ##### Features - Add support for severity threshold ([6833389](https://togithub.com/snyk/snyk/commit/68333892fce93cdcfdc22dcf5f60b4b7bcddd275)) ### [`v1.971.0`](https://togithub.com/snyk/cli/releases/tag/v1.971.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.970.0...v1.971.0) ##### Features - snyk-iac-test error handling ([3b3fa89](https://togithub.com/snyk/snyk/commit/3b3fa89bcded06631e9db30151fc0c8c02d685fb)) ### [`v1.970.0`](https://togithub.com/snyk/snyk/compare/v1.969.0...v1.970.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.969.0...v1.970.0) ### [`v1.969.0`](https://togithub.com/snyk/cli/releases/tag/v1.969.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.968.0...v1.969.0) ##### Features - officially support Gradle 7 scanning ([314dc96](https://togithub.com/snyk/snyk/commit/314dc96c2dfc677558abc6f644338544926d64c7)) ### [`v1.968.0`](https://togithub.com/snyk/cli/releases/tag/v1.968.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.967.0...v1.968.0) ##### Features - remove support for paths outside the current working directory ([5ca35c1](https://togithub.com/snyk/snyk/commit/5ca35c1d36760d3b71e80e1561cea6a1b1344786)) ### [`v1.967.0`](https://togithub.com/snyk/cli/releases/tag/v1.967.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.966.0...v1.967.0) ##### Bug Fixes - bump snyk docker plugin version golang fixes ([8d55bcd](https://togithub.com/snyk/snyk/commit/8d55bcd4ed0241d93e54d05fda2d375c111f2b7e)), closes [#​3433](https://togithub.com/snyk/snyk/issues/3433) ### [`v1.966.0`](https://togithub.com/snyk/cli/releases/tag/v1.966.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.965.0...v1.966.0) ##### Bug Fixes - bump cloud-config-parser ([38502ed](https://togithub.com/snyk/snyk/commit/38502ed6bf0a95527edc724e21b18cad1fd84a97)) ### [`v1.965.0`](https://togithub.com/snyk/cli/releases/tag/v1.965.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.964.0...v1.965.0) ##### Bug Fixes - return paths for files that errrored (IaC) ([d53afde](https://togithub.com/snyk/snyk/commit/d53afdec246710c7df325ce6ccaabad08269354d)) ### [`v1.964.0`](https://togithub.com/snyk/cli/releases/tag/v1.964.0) [Compare Source](https://togithub.com/snyk/snyk/compare/v1.963.0...v1.964.0) ##### Features - add JSON support ([4c636da](https://togithub.com/snyk/snyk/commit/4c636da22b542ee8a9ec898caa2405f4a32d531e)) - bump snyk-iac-test version ([0599c71](https://togithub.com/snyk/snyk/commit/0599c71fa391ede49d77c29bbc5706ea284a8b59)) - improve Snyk API URL configuration ([5a0bcbe](https://togithub.com/snyk/snyk/commit/5a0bcbeecf8017a86016d1ccea7d0b429cfb834b))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.