search

e-square-io / nx-github-actions

A set of Github Actions for NX workspaces
MIT License
30 stars 6 forks source link

[Snyk] Fix for 1 vulnerabilities #71

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nrwl/workspace The new version differs by 250 commits.
  • 6c3ce13 Revert "fix(core): store relative file name in hash details (#10166)"
  • 48e4ece Revert "fix(core): ensure file hasher initialized before usage (#10603)"
  • f828da9 fix(angular): handle paths correctly on window when migrating angular cli workspaces to nx (#10611)
  • 838170e fix(linter): relative paths should be correct on windows (#10604)
  • fd1194e fix(core): ensure file hasher initialized before usage (#10603)
  • 4d7e5ba chore(misc): remove defaultCollection from generators (#10601)
  • 9324043 cleanup(core): use npm.json instead core.json as the preset name for npm workspaces
  • a0bf1f0 fix(js): resolve shallow dependencies when building package.json (#10600)
  • 5c9abff fix(core): store relative file name in hash details (#10166)
  • 339b129 fix(angular): apply default eager packages correctly #10496 (#10596)
  • 9b47c97 docs(core): fix typo (#10588)
  • c0a0f16 fix(js): semver regex update (#10416)
  • 5daeaf8 fix(js): return empty array if no helper dependencies found (#10582)
  • 26177d1 fix(testing): fix ts-node migration version (#10578)
  • 7f7bc1a fix(core): require.resolve(m/package.json) is not guarunteed to work for modern module format (#10497)
  • 66f2e77 chore(repo): update yarn to 1.22.19 (#10501)
  • 10363e3 feat(nx-plugin): add plugin eslint rules (#9697)
  • 70efd2e docs(core): fix typo in ci bitbucket link (#10576)
  • d782ab5 chore(repo): updated husky to 8.0.1 (#10502)
  • 8c19036 chore(repo): update nx to 14.2.0-rc.1 (#10577)
  • 2fb1059 fix(core): print normalized generator name instead of aliases (#10574)
  • 41882bf fix(core): fix outputs migration (#10575)
  • 8b12832 fix(storybook): fix migration (#10573)
  • 1de896f feat(storybook): choose to generate ts config (#10572)
See the full diff
Package name: nx The new version differs by 250 commits.
  • 6c3ce13 Revert "fix(core): store relative file name in hash details (#10166)"
  • 48e4ece Revert "fix(core): ensure file hasher initialized before usage (#10603)"
  • f828da9 fix(angular): handle paths correctly on window when migrating angular cli workspaces to nx (#10611)
  • 838170e fix(linter): relative paths should be correct on windows (#10604)
  • fd1194e fix(core): ensure file hasher initialized before usage (#10603)
  • 4d7e5ba chore(misc): remove defaultCollection from generators (#10601)
  • 9324043 cleanup(core): use npm.json instead core.json as the preset name for npm workspaces
  • a0bf1f0 fix(js): resolve shallow dependencies when building package.json (#10600)
  • 5c9abff fix(core): store relative file name in hash details (#10166)
  • 339b129 fix(angular): apply default eager packages correctly #10496 (#10596)
  • 9b47c97 docs(core): fix typo (#10588)
  • c0a0f16 fix(js): semver regex update (#10416)
  • 5daeaf8 fix(js): return empty array if no helper dependencies found (#10582)
  • 26177d1 fix(testing): fix ts-node migration version (#10578)
  • 7f7bc1a fix(core): require.resolve(m/package.json) is not guarunteed to work for modern module format (#10497)
  • 66f2e77 chore(repo): update yarn to 1.22.19 (#10501)
  • 10363e3 feat(nx-plugin): add plugin eslint rules (#9697)
  • 70efd2e docs(core): fix typo in ci bitbucket link (#10576)
  • d782ab5 chore(repo): updated husky to 8.0.1 (#10502)
  • 8c19036 chore(repo): update nx to 14.2.0-rc.1 (#10577)
  • 2fb1059 fix(core): print normalized generator name instead of aliases (#10574)
  • 41882bf fix(core): fix outputs migration (#10575)
  • 8b12832 fix(storybook): fix migration (#10573)
  • 1de896f feat(storybook): choose to generate ts config (#10572)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

nx-cloud[bot] commented 1 year ago

☁️ Nx Cloud Report

Attention: This version of the Nx Cloud GitHub bot will cease to function on July 1st, 2023. An organization admin can update your integration here.

We didn't find any information for the current pull request with the commit aa4a9ea8e3af25a811cb33a883d4586dd11ab874. You might need to set the 'NX_BRANCH' environment variable in your CI pipeline.

Check the Nx Cloud Github Integration documentation for more information.

Sent with 💌 from NxCloud.