search

equinor / esv-intersection

A reusable component to create intersection visualizations for wells
https://equinor.github.io/esv-intersection/storybook/latest
MIT License
12 stars 7 forks source link

[Snyk] Security upgrade vite from 4.3.4 to 4.3.9 #623

Closed rohag-equinor closed 1 year ago

rohag-equinor commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Path Equivalence
[SNYK-JS-VITE-5664718](https://snyk.io/vuln/SNYK-JS-VITE-5664718) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: vite The new version differs by 51 commits.
  • a460a2b release: v4.3.9
  • 813ddd6 fix: fs.deny with leading double slash (#13348)
  • 28923fb fix(css): return deps if have no postcss plugins (#13344)
  • 6198b0d fix: revert enable provenance (#13338)
  • 2a30a07 chore: revert prev release commit
  • 5c9abf7 release: v4.3.9
  • 8f85262 release: plugin-legacy@4.0.4
  • e30e287 fix: enable provenance (#13336)
  • b34e79c docs: optimizeDeps.needsInterop (#13323)
  • 32c5a9a docs: preview not for production on CLI guide (#13316)
  • 57d3023 docs: transformIndexHtml order note (#13318)
  • e3db771 fix: optimizeDeps during build and external ids (#13274)
  • e444375 fix(legacy): style insert order (#13266)
  • 19e8c68 test: respect commonjs options in playgrounds (#13273)
  • 8013a66 refactor: simplify SSR options' if statement (#13254)
  • 906c4c1 perf(ssr): calculate stacktrace offset lazily (#13256)
  • 3f3fff2 release: v4.3.8
  • e62f8da feat: enable provenance (#13247)
  • 3609e79 fix: avoid outdated module to crash in importAnalysis after restart (#13231)
  • 0cbd818 docs: update features.md note about ESM imports in web workers (#13223)
  • 13fc345 fix(ssr): skip updateCjsSsrExternals if legacy flag disabled (#13230)
  • d09bbd0 release: v4.3.7
  • d5d9a31 fix(assetImportMetaUrl): allow ternary operator in template literal urls (#13121)
  • 0fd4616 fix: revert only watch .env files in envDir (#12587) (#13217)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/videx/project/00f225a2-6115-4e79-a942-cb14dcf86be8?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/videx/project/00f225a2-6115-4e79-a942-cb14dcf86be8?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"900abd19-a2e8-43e9-83dd-29d436d92d7d","prPublicId":"900abd19-a2e8-43e9-83dd-29d436d92d7d","dependencies":[{"name":"vite","from":"4.3.4","to":"4.3.9"}],"packageManager":"npm","projectPublicId":"00f225a2-6115-4e79-a942-cb14dcf86be8","projectUrl":"https://app.snyk.io/org/videx/project/00f225a2-6115-4e79-a942-cb14dcf86be8?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-VITE-5664718"],"upgrade":["SNYK-JS-VITE-5664718"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[768],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)
changeset-bot[bot] commented 1 year ago

⚠️ No Changeset found

Latest commit: 7f34625e6e210f81f6934df0e9ea532507a199ee

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR