search

alcionai / corso

Free, Secure, and Open-Source Backup for Microsoft 365
https://corsobackup.io
Apache License 2.0
182 stars 28 forks source link

[Snyk] Security upgrade tw-elements from 1.0.0-alpha13 to 2.0.0 #5331

Open ryanfkeepers opened 4 months ago

ryanfkeepers commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - website/package.json - website/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Inefficient Regular Expression Complexity
[SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: tw-elements The new version differs by 250 commits.
  • 7c712f3 Update gitignore file
  • 1cff25d Release 2.0.0
  • dda3cf0 Update README.md
  • 026a359 Update package version
  • 02ea940 Merge branch 'docs' of https://github.com/mdbootstrap/Tailwind-Elements into v1.1.0
  • 997c656 Add bun instructions (#2175)
  • 51edc8a Fix sidenav issues
  • 1d3b547 Add v1.1.0 changelog (#2192)
  • 334cf76 Merge branch 'docs' of https://github.com/mdbootstrap/Tailwind-Elements into v1.1.0
  • 2eb4908 Update / add intro about TWE license inside repo files
  • 427921f Update License File
  • fc17056 turn off cyber week
  • fa36b76 Update files/readme
  • f7ada41 Multi Range Slider: corrections before release v1.1.0 (#2210)
  • f751a02 Fix autocomplete issue with opening on focus
  • a4f2611 Update twe version in footer-scripts
  • 95c4462 Merge branch 'docs' of https://github.com/mdbootstrap/Tailwind-Elements into v1.1.0
  • 029e847 Multi Range Slider component (#2194)
  • 1d0cffc Input: fix focus with init via JS (#2190)
  • cb9dfa0 Timepicker: fix dispose method (#2195)
  • 80baa5c PGusciora corrected names from TE to TWE (#2185)
  • 773f678 Chips: fix input focus after click on Chip (#2182)
  • 43a0ae5 Tabs: remove neutral-50 color example (#2180)
  • f0f3552 Modal - add backdrop class customization (#2181)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/alcion/project/a319e101-d670-4e70-9438-da61dd0916a1?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/alcion/project/a319e101-d670-4e70-9438-da61dd0916a1?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"67984fe0-6390-4905-ae1f-1393353fb28d","prPublicId":"67984fe0-6390-4905-ae1f-1393353fb28d","dependencies":[{"name":"tw-elements","from":"1.0.0-alpha13","to":"2.0.0"}],"packageManager":"npm","projectPublicId":"a319e101-d670-4e70-9438-da61dd0916a1","projectUrl":"https://app.snyk.io/org/alcion/project/a319e101-d670-4e70-9438-da61dd0916a1?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"upgrade":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[661,661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Uncontrolled resource consumption](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
aviator-app[bot] commented 4 months ago

Current Aviator status

Aviator will automatically update this comment as the status of the PR changes. Comment /aviator refresh to force Aviator to re-examine your PR (or learn about other /aviator commands).

This pull request is currently open (not queued).

How to merge

To merge this PR, comment /aviator merge or add the mergequeue label.

See the real-time status of this PR on the Aviator webapp.
Use the Aviator Chrome Extension to see the status of your PR within GitHub.
CLAassistant commented 4 months ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

sonarcloud[bot] commented 4 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud