search

estruyf / doctor

Doctor - Maintain your documentation on SharePoint without pain.
http://getdoctor.io
MIT License
112 stars 17 forks source link

[Snyk] Security upgrade @pnp/cli-microsoft365 from 3.7.0-beta.b01397d to 7.0.0 #150

Open estruyf opened 8 months ago

estruyf commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **748/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1 | Cross-site Request Forgery (CSRF)
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @pnp/cli-microsoft365 The new version differs by 250 commits.
  • 18ce559 Restructures upgrade guidance. Closes #5535
  • 6fa2bd1 Updates release notes
  • e63ce0b Renames option for 'spo user get'. Closes #5515
  • 2617b90 Align options and documentation power platform. Closes #5411
  • 88c4694 Updates release notes
  • 8d9b366 Removes Node 16 workflow
  • e4bf054 Adds 'listitem attachment get'. Closes #5221
  • 6f1b989 Adds 'listitem attachment remove'. Closes #5220
  • 1eed249 Adds 'listitem attachment set'. Closes #5222
  • 63bc931 Adds 'listitem attachment add'. Closes #5219
  • 6f20988 Ensure aad m365group command only works for m365 groups. Closes #5438
  • 8726fe8 Updates release notes
  • 8a35681 Adds interactive mode as default. Closes #5181
  • 14c7857 Updates release notes
  • f9a35e3 Fixes 'planner task list' command without options. Closes #5503
  • 02c42e5 Updates show login message using spinner. Closes #5484
  • 93ceec4 Fixes spfx project upgrade for v1.18.0. Closes #5500
  • 6ef084d Fixes docs build
  • e15bb2d Updates release notes and last fixes
  • e8ee4b1 Adds name option to 'teams app remove'. Closes #5445
  • 0e9f83e Enhances 'spo page set' command Closes #4840
  • c5bf38c Adds user-friendly option values for 'spo site commsite enable'. Closes #5199
  • 40f2698 Updates release notes
  • bbc1281 Adds visibility option to 'aad m365group add' command. Closes #5477
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/estruyf/project/4608a3a3-f2ce-42ff-95d5-c062475fb283?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/estruyf/project/4608a3a3-f2ce-42ff-95d5-c062475fb283?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"a5074a87-5acb-497f-9ed2-ed1789e88449","prPublicId":"a5074a87-5acb-497f-9ed2-ed1789e88449","dependencies":[{"name":"@pnp/cli-microsoft365","from":"3.7.0-beta.b01397d","to":"7.0.0"}],"packageManager":"npm","projectPublicId":"4608a3a3-f2ce-42ff-95d5-c062475fb283","projectUrl":"https://app.snyk.io/org/estruyf/project/4608a3a3-f2ce-42ff-95d5-c062475fb283?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-AXIOS-6032459"],"upgrade":["SNYK-JS-AXIOS-6032459"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[748],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Cross-site Request Forgery (CSRF)](https://learn.snyk.io/lesson/csrf-attack/?loc=fix-pr)
vercel[bot] commented 8 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
doctor ❌ Failed (Inspect) Oct 28, 2023 2:04am