search

SnailyCAD / snaily-cadv4

💻 An open source Computer Aided Dispatch (CAD) for FiveM, this is a web based integration for communities who love police roleplaying and dispatching. Discord: https://discord.gg/eGnrPqEH7U
https://docs.snailycad.org/docs/getting-started
MIT License
140 stars 84 forks source link

[Snyk] Security upgrade zod from 3.22.2 to 3.22.3 #1827

Closed casperiv0 closed 11 months ago

casperiv0 commented 11 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - packages/schemas/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ZOD-5925617](https://snyk.io/vuln/SNYK-JS-ZOD-5925617) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: zod The new version differs by 10 commits.
  • 1e61d76 3.22.3
  • 2ba00fe [2609] fix ReDoS vulnerability in email regex (#2824)
  • ae0f7a2 docs: update ref to discriminated-unions docs (#2485)
  • ad2ee9c 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
  • 28c1927 Update sponsors
  • 18115a8 Formatting
  • 64dcc8e Update sponsors
  • f59be09 clarify datetime ISO 8601 (#2673)
  • 9bd3879 docs: remove obsolete text about readonly types (#2676)
  • 1e23990 Commit
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/dev-caspertheghost/project/4c698a54-9a2a-4571-a6e3-fe8a49405503?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/dev-caspertheghost/project/4c698a54-9a2a-4571-a6e3-fe8a49405503?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"424758dc-95ff-4abf-bd1f-756e7e173b35","prPublicId":"424758dc-95ff-4abf-bd1f-756e7e173b35","dependencies":[{"name":"zod","from":"3.22.2","to":"3.22.3"}],"packageManager":"npm","projectPublicId":"4c698a54-9a2a-4571-a6e3-fe8a49405503","projectUrl":"https://app.snyk.io/org/dev-caspertheghost/project/4c698a54-9a2a-4571-a6e3-fe8a49405503?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ZOD-5925617"],"upgrade":["SNYK-JS-ZOD-5925617"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[768],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)