search

e-square-io / nx-github-actions

A set of Github Actions for NX workspaces
MIT License
30 stars 6 forks source link

[Snyk] Fix for 2 vulnerabilities #82

Open ronnetzer opened 4 months ago

ronnetzer commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json
⚠️ Warning ``` Failed to update the package-lock.json, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Inefficient Regular Expression Complexity
[SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nrwl/workspace The new version differs by 250 commits.
  • f537a4c chore(misc): publish 16.0.0
  • 9a14ae4 chore: update nx-cloud to 16.0.5 (#16623)
  • 7660cf6 chore(misc): publish 16.0.0-rc.1
  • c2a0ef0 chore(repo): change more references from @ nrwl to @ nx (#16621)
  • abc5055 chore(repo): update nx to 16.0.0-rc.0 (#16598)
  • b1e3545 fix(core): do not strip additional angular.json properties (#16615)
  • 24b2dee feat(core): remove tasks runner v2 (#16616)
  • 9ed96a1 fix(linter): do not replace legacy package in binary files (#16617)
  • 68f019e chore(core): add missing formatFiles call to migration (#16614)
  • fbf8d9c feat(js): adding simpleName option to library generator (#16025)
  • 43a7d77 cleanup(testing): rename cypress-component-project to cypress-component-configuration (#16382)
  • f91920d docs(core): make migrate latest more prominent (#16596)
  • f004e22 fix(repo): replace remaining instances of yarn with pnpm (#16571)
  • 9d71c71 fix(react): skip DefinePlugin for SSR (#16612)
  • 9753acb fix(core): handle nested gitignores in the filewatcher
  • 2be25eb feat(nest): adding simpleName option to library generator (#16024)
  • e3c50a9 docs(nx-dev): add ProductHunt banner (#16607)
  • 5e2bf07 docs(core): fixing some references to old architect terminology (#16424)
  • 6dd1385 feat(react): refactor util `getModuleFederationConfig` to avoid to pass function to determinate the remote url (#16488)
  • 0947eb4 fix(repo): run nightly e2e with pnpm (#16602)
  • 19e34df chore(misc): publish 16.0.0-rc.0
  • eb425b6 fix(angular): fix the imports of @ angular-devkit/architect/node for n… (#16595)
  • 7b0f96b feat(nx-plugin): simplify generated plugin code (#16590)
  • 010ddee feat(core): update nx schema to include more tasksRunnerOptions options (#16591)
See the full diff
Package name: nx The new version differs by 250 commits.
  • e62f0b1 chore(repo): update nx to 16.9.0-rc.1 (#19302)
  • 2b84f10 bugfix(react-native): fix run-ios failed on 2nd run (#19287)
  • 295ec47 fix(core): do not attempt to publish private npm packages (#19299)
  • b0e48a6 chore(repo): update nx to 16.9.0-rc.0 (#19296)
  • d1fe398 docs(core): packages to api (#19281)
  • 94d8356 fix(vite): provide correct root directory when building a root project (#19298)
  • ca85d26 fix(core): unregister in-process ts transpilers when projectGraph is created (#19187)
  • 9f0e9c8 chore(core): nx plugin submission nx-gcp-cache (#18172)
  • e9eb10f chore(core): nx plugin submission @ jnxplus/nx-maven (#19081)
  • f2edb29 chore(core): remove deprecated plugins from approved-plugins.json file (#19082)
  • c18c0b2 feat(misc): prepend cwd to directory in project generators when using as-provided format (#19227)
  • 78f7f9f fix(nextjs): Add missing env to base Nx Env (#19201)
  • 903c4fe fix(js): update generated .swcrc file to align with @ swc/core@1.3.85 (#19214)
  • 75890f5 chore(repo): remove dep from nx-dev-e2e -> devkit (#19288)
  • d8261b4 fix(repo): add native packages to the release group (#19289)
  • 91b1451 fix(core): ensure target-only argument is rewritten correctly to be forwarded (#17971)
  • 5545ffb feat(core): allow multiple targets in show projects commmand (#18506)
  • 57dc105 chore(core): prepare Angular specific error only before throwing it (#18904)
  • 82fb209 fix(nx-plugin): pass full context into parseTargetString (#19154)
  • 1aef24b chore(angular): move parseTargetString to pass executor context (#19133)
  • d4a6d32 feat(core): run createDependencies plugins concurrently (#19176)
  • 90c811a Revert "chore(repo): increate npm fetch retires count and timeout (#1… (#19283)
  • ed0456e chore(repo): increate npm fetch retires count and timeout (#19191)
  • 6327fab chore(repo): dogfood nx release commands (#19237)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/e-square/project/c7c99b78-67f4-4fb1-a677-4100464990ae?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/e-square/project/c7c99b78-67f4-4fb1-a677-4100464990ae?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"455f4e40-f22f-4925-b565-04aadaf628e1","prPublicId":"455f4e40-f22f-4925-b565-04aadaf628e1","dependencies":[{"name":"@nrwl/workspace","from":"13.10.6","to":"16.0.0"},{"name":"nx","from":"13.10.6","to":"16.9.0"}],"packageManager":"npm","projectPublicId":"c7c99b78-67f4-4fb1-a677-4100464990ae","projectUrl":"https://app.snyk.io/org/e-square/project/c7c99b78-67f4-4fb1-a677-4100464990ae?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"upgrade":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["pr-warning-shown","priorityScore"],"priorityScoreList":[661,661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Uncontrolled resource consumption](https://learn.snyk.io/lesson/redos/?loc=fix-pr)