bfeister
commented
1 month ago This dependency does not expose our customers to risk, as it is not in any deployed public-facing javascript bundles
Closed cc-prodsec closed 1 month ago
bfeister
commented
1 month ago This dependency does not expose our customers to risk, as it is not in any deployed public-facing javascript bundles
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - packages/pwa-kit-dev/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **661/1000****Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | No Known Exploit  | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Inefficient Regular Expression Complexity
[SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: babel-jest
The new version differs by 250 commits.- be16e47 v27.0.0
- 63102ec chore: update changelog for release
- 564694a docs(blog): Jest 27 blog post (#11131)
- b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
- 2226742 chore: minor simplify format results error (#11432)
- 78eb25d chore: remove needless assign (#11433)
- 696c455 chore: update lockfile after publish
- e2eb9ae v27.0.0-next.11
- 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
- 27bee72 fix: run GC before collecting open handles (#11278)
- 50451df feat: use fallback if prettier not found (#11400)
- 150dbd8 chore: update lockfile after publish
- 6f44529 v27.0.0-next.10
- cbcec7d Upgrade fsevents in jest-haste-map (#11428)
- 9633a26 feat: support reporters written in ESM (#11427)
- 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
- 57e32e9 Detect open handles with done callbacks (#11382)
- a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
- 4fa3a0b feat: custom haste (#11107)
- 2047a36 chore: bump deps (#11419)
- a4358d6 chore: run prettier on changelog
- bdd6282 Move all default values into `jest-config` (#9924)
- db643a1 Link to Jest config (#11106)
- b16082c Fix locale issue #10014 (#11412)
See the full diffPackage name: jest
The new version differs by 250 commits.- 75006e4 v29.0.0
- 7c82a9f chore: update jest-watch-typeahead again
- 352ff29 chore: update changelog for release
- 33ad8c3 docs: Jest 29 blog post (#13103)
- dda77e5 docs: collapse 28.0 and 28.1 docs (#13104)
- c0dc84c chore: update jest-watch-typeahead
- 05f6217 fix: support deep CJS re-exports when using ESM (#13170)
- 490fd88 chore: update yarn (#13169)
- 98936a2 docs: Update Enzyme links to use new URL (#13166)
- 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (#12443)
- ae2bed7 chore: tweak regex used in e2e tests (#13129)
- 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (#13115)
- fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (#13156)
- 075b489 fix: ignore `EISDIR` when resolving symlinks (#13157)
- 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (#13155)
- 4def94b v29.0.0-alpha.6
- 0f00d4e fix: replace non-CLI `rimraf` usage (#13151)
- 6a90a2c fix: Allow updating inline snapshots when test includes JSX (#12760)
- 983274a feat: Let `babel` find config when updating inline snapshots (#13150)
- d2ff18a chore: make prettierPath optional in `SnapshotState` (#13149)
- 7d8d01c feat(circus): added each to failing tests (#13142)
- a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (#13141)
- 79b5e41 chore: get rid of peer dep warning in website
- 812763d chore: enable 'no-duplicate-imports' (#13138)
See the full diffPackage name: jest-cli
The new version differs by 250 commits.- 75006e4 v29.0.0
- 7c82a9f chore: update jest-watch-typeahead again
- 352ff29 chore: update changelog for release
- 33ad8c3 docs: Jest 29 blog post (#13103)
- dda77e5 docs: collapse 28.0 and 28.1 docs (#13104)
- c0dc84c chore: update jest-watch-typeahead
- 05f6217 fix: support deep CJS re-exports when using ESM (#13170)
- 490fd88 chore: update yarn (#13169)
- 98936a2 docs: Update Enzyme links to use new URL (#13166)
- 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (#12443)
- ae2bed7 chore: tweak regex used in e2e tests (#13129)
- 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (#13115)
- fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (#13156)
- 075b489 fix: ignore `EISDIR` when resolving symlinks (#13157)
- 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (#13155)
- 4def94b v29.0.0-alpha.6
- 0f00d4e fix: replace non-CLI `rimraf` usage (#13151)
- 6a90a2c fix: Allow updating inline snapshots when test includes JSX (#12760)
- 983274a feat: Let `babel` find config when updating inline snapshots (#13150)
- d2ff18a chore: make prettierPath optional in `SnapshotState` (#13149)
- 7d8d01c feat(circus): added each to failing tests (#13142)
- a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (#13141)
- 79b5e41 chore: get rid of peer dep warning in website
- 812763d chore: enable 'no-duplicate-imports' (#13138)
See the full diffPackage name: jest-environment-jsdom
The new version differs by 250 commits.- be16e47 v27.0.0
- 63102ec chore: update changelog for release
- 564694a docs(blog): Jest 27 blog post (#11131)
- b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
- 2226742 chore: minor simplify format results error (#11432)
- 78eb25d chore: remove needless assign (#11433)
- 696c455 chore: update lockfile after publish
- e2eb9ae v27.0.0-next.11
- 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
- 27bee72 fix: run GC before collecting open handles (#11278)
- 50451df feat: use fallback if prettier not found (#11400)
- 150dbd8 chore: update lockfile after publish
- 6f44529 v27.0.0-next.10
- cbcec7d Upgrade fsevents in jest-haste-map (#11428)
- 9633a26 feat: support reporters written in ESM (#11427)
- 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
- 57e32e9 Detect open handles with done callbacks (#11382)
- a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
- 4fa3a0b feat: custom haste (#11107)
- 2047a36 chore: bump deps (#11419)
- a4358d6 chore: run prettier on changelog
- bdd6282 Move all default values into `jest-config` (#9924)
- db643a1 Link to Jest config (#11106)
- b16082c Fix locale issue #10014 (#11412)
See the full diff