search

SigNoz / signoz

SigNoz is an open-source observability platform native to OpenTelemetry with logs, traces and metrics in a single application. An open-source alternative to DataDog, NewRelic, etc. 🔥 🖥. 👉 Open source Application Performance Monitoring (APM) & Observability tool
https://signoz.io
Other
19.51k stars 1.32k forks source link

[Snyk] Security upgrade webpack-dev-server from 4.15.1 to 5.1.0 #6398

Open ankitnayan opened 3 weeks ago

ankitnayan commented 3 weeks ago

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[!IMPORTANT] Upgrade webpack-dev-server to 5.1.0 to fix a ReDoS vulnerability, requiring Yarn zero-installs users to update cache.

  • Dependencies:
    • Upgrade webpack-dev-server from 4.15.1 to 5.1.0 in frontend/package.json and frontend/yarn.lock.
  • Security:
    • Fixes high severity Regular Expression Denial of Service (ReDoS) vulnerability in cross-spawn.
  • Breaking Changes:
    • Users of Yarn zero-installs must run yarn to update the cache directory.

This description was created by Ellipsis for 6f449dc8d3d6a059cd3b00ee9f802cb91f64a002. It will automatically update as commits are pushed.

CLAassistant commented 3 weeks ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

github-actions[bot] commented 3 weeks ago

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #

github-actions[bot] commented 3 weeks ago

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #