search

cloudevents / sdk-javascript

JavaScript/TypeScript SDK for CloudEvents
https://cloudevents.github.io/sdk-javascript/
Apache License 2.0
345 stars 69 forks source link

[Snyk] Security upgrade @typescript-eslint/eslint-plugin from 4.33.0 to 5.10.0 #585

Open lholmquist opened 5 months ago

lholmquist commented 5 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json
⚠️ Warning ``` Failed to update the package-lock.json, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Inefficient Regular Expression Complexity
[SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @typescript-eslint/eslint-plugin The new version differs by 250 commits.
  • 8894106 chore: publish v5.10.0
  • 5046882 fix(type-utils): intersection types involving readonly arrays are now handled in most cases (#4429)
  • 39a6806 fix(type-utils): isTypeReadonly now handles conditional types (#4421)
  • f4016c2 fix(eslint-plugin): [no-extra-semi] false negatives when used with eslint 8.3.0 (#4458)
  • 99ab193 fix(type-utils): union types always being marked as readonly (#4419)
  • ef3147c fix(type-utils): check IndexSignature internals when checking isTypeReadonly (#4417)
  • 3061ea9 chore: bump @ babel/types from 7.16.7 to 7.16.8 (#4454)
  • e56f1e5 fix(eslint-plugin): [no-invalid-this] crash when used with eslint 8.7.0 (#4448)
  • ba3d3a3 chore: bump eslint-plugin-jest from 25.3.4 to 25.7.0 (#4456)
  • 04cb5d8 chore: bump ts-jest from 27.1.2 to 27.1.3 (#4457)
  • d8e296d chore: bump webpack from 5.65.0 to 5.66.0 (#4455)
  • d053cde fix(eslint-plugin): [explicit-function-return-type] support AllowTypedFunctionExpression within AllowHigherOrderFunction (#4250)
  • 8a30108 chore: bump eslint-visitor-keys from 3.1.0 to 3.2.0 (#4452)
  • 377cbcf chore: bump rollup from 2.63.0 to 2.64.0 (#4450)
  • daf7990 chore: bump @ types/prettier from 2.4.2 to 2.4.3 (#4451)
  • 4cb46ff chore: bump downlevel-dts from 0.7.0 to 0.8.0 (#4447)
  • ff05dd8 test(type-utils): fix incorrect utils import (#4453)
  • 95aea18 refactor(eslint-plugin): [restrict-plus-operands] add better error messages (#4332)
  • ea85dda test(type-utils): add basic tests for isTypeReadonly (#4416)
  • c8e650f fix(eslint-plugin): [no-magic-numbers] handle bigint in class props (#4411)
  • 253bfa3 docs: fix typo in comment (#4445)
  • 4bda6ec chore: bump shelljs from 0.8.4 to 0.8.5 (#4442)
  • 9eb0a5b chore: bump follow-redirects from 1.14.5 to 1.14.7 (#4437)
  • 1d55a75 feat: rename `experimental-utils` to `utils` and make `experimental-utils` an alias to the new package (#4172)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/cloudevents-js/project/3779a15c-1e26-4937-bae6-b5631c015bd9?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/cloudevents-js/project/3779a15c-1e26-4937-bae6-b5631c015bd9?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"ef834dcd-dbc5-4684-b5d6-8219c7cb22d0","prPublicId":"ef834dcd-dbc5-4684-b5d6-8219c7cb22d0","dependencies":[{"name":"@typescript-eslint/eslint-plugin","from":"4.33.0","to":"5.10.0"}],"packageManager":"npm","projectPublicId":"3779a15c-1e26-4937-bae6-b5631c015bd9","projectUrl":"https://app.snyk.io/org/cloudevents-js/project/3779a15c-1e26-4937-bae6-b5631c015bd9?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"upgrade":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[661,661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Uncontrolled resource consumption](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
github-actions[bot] commented 4 months ago

This pull request is stale because it has been open 30 days with no activity.