search

estruyf / doctor

Doctor - Maintain your documentation on SharePoint without pain.
http://getdoctor.io
MIT License
112 stars 17 forks source link

[Snyk] Security upgrade @pnp/cli-microsoft365 from 3.7.0-beta.b01397d to 3.7.0 #157

Open estruyf opened 6 months ago

estruyf commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **758/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3 | Improper Input Validation
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @pnp/cli-microsoft365 The new version differs by 24 commits.
  • 0731a34 Updates release notes
  • 3fcc7ce Extends spfx doctor with support for SPFx v1.12. Closes #2173
  • 78619f9 Adds support for upgrading SPFx projects to v1.12. Closes #2154
  • bbd07ba Updates release notes
  • d469cde Add site external users report sample. Closes #2277
  • bb5c52d Adds the 'Delete all Microsoft 365 groups and SharePoint sites' sample. Closes #2278
  • 713002b Updates release notes
  • 03aeb2c Updates product name from 'Microsoft Flow' to 'Power Automate'. Closes #2259
  • 0994167 Adds the `spo site apppermission get` command. Closes #2207
  • e182711 Adds the 'List site collections and their lists' sample script. Closes #2272
  • fd082c3 Updates release notes
  • 91e244e Adds the `teams conversationmember add` command. Closes #1878
  • a166647 Extends `aad o365group remove` with skipRecycleBin. Closes #1986
  • 1f77da9 Updates release notes
  • 0bfaa70 Adds the 'Provision a Team with channels and assign a custom icon' sample. Closes #2148
  • ed02913 Adds the `cli config set` command. Closes #1945
  • 89cbe45 Updates release notes
  • dada231 Moves `spo page list` to use pages API. Closes #2241
  • 6ae76e4 Adds Remote Development container. Closes #1832
  • 39ebbbb Updates release notes
  • 9c9ba04 Adds the `spo site apppermission list` command. Closes #2206
  • 97a77f3 Updates dependencies
  • 110642a Updates release notes
  • c026445 Adds missing includeOndriveSites option to `spo site classic list` docs. Closes #2234
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/estruyf/project/4608a3a3-f2ce-42ff-95d5-c062475fb283?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/estruyf/project/4608a3a3-f2ce-42ff-95d5-c062475fb283?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"f5e34829-eba9-4388-b19b-ec89112a234a","prPublicId":"f5e34829-eba9-4388-b19b-ec89112a234a","dependencies":[{"name":"@pnp/cli-microsoft365","from":"3.7.0-beta.b01397d","to":"3.7.0"}],"packageManager":"npm","projectPublicId":"4608a3a3-f2ce-42ff-95d5-c062475fb283","projectUrl":"https://app.snyk.io/org/estruyf/project/4608a3a3-f2ce-42ff-95d5-c062475fb283?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-FOLLOWREDIRECTS-6141137"],"upgrade":["SNYK-JS-FOLLOWREDIRECTS-6141137"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[758],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)
vercel[bot] commented 6 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
doctor ❌ Failed (Inspect) Jan 2, 2024 6:25pm