jgowdy
commented
2 years ago 
Checkmarx AST – Scan Summary & Details – 7e050961-832f-48d1-a458-82abf573f276
New Issues
| Severity | Issue | File / Package | Scan Engine |
|---|---|---|---|
| HIGH | CVE-2021-23343 | Npm-path-parse-1.0.6 | CxSCA |
| HIGH | CVE-2021-3807 | Npm-ansi-regex-3.0.0 | CxSCA |
| HIGH | CVE-2021-3807 | Npm-ansi-regex-5.0.0 | CxSCA |
| HIGH | CVE-2021-3807 | Npm-ansi-regex-4.1.0 | CxSCA |
| HIGH | CVE-2021-43138 | Npm-async-1.5.2 | CxSCA |
| HIGH | CVE-2021-44906 | Npm-minimist-1.2.5 | CxSCA |
| HIGH | Cx89601373-08db | Npm-debug-3.2.6 | CxSCA |
| HIGH | Cx89601373-08db | Npm-debug-4.1.1 | CxSCA |
| HIGH | Cx8bc4df28-fcf5 | Npm-debug-3.2.6 | CxSCA |
| HIGH | Cx8bc4df28-fcf5 | Npm-debug-4.1.1 | CxSCA |
| HIGH | Cxdca8e59f-8bfe | Npm-inflight-1.0.6 | CxSCA |
| MEDIUM | CVE-2020-15366 | Npm-ajv-6.10.2 | CxSCA |
| MEDIUM | Cx65603961-769c | Npm-debug-4.1.1 | CxSCA |
| MEDIUM | Cx65603961-769c | Npm-debug-3.2.6 | CxSCA |
| MEDIUM | Cxbd6f2b91-dd38 | Npm-debug-4.1.1 | CxSCA |
| MEDIUM | Cxbd6f2b91-dd38 | Npm-debug-3.2.6 | CxSCA |
sonarcloud[bot]
Bumps moment from 2.24.0 to 2.29.4.
Changelog
Sourced from moment's changelog.
... (truncated)
Commits
000ac18Build 2.24.4f2006b6Bump version to 2.24.4536ad0cUpdate changelog for 2.29.49a3b589[bugfix] Fix redos in preprocessRFC2822 regex (#6015)6374fd8Merge branch 'master' into developb4e6153Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"7aebb16[bugfix] Fix redos in preprocessRFC2822 regex (#6015)57c9062Build 2.29.3aaf50b6Fixup release complaints26f4aefBump version to 2.29.3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/godaddy/datastar/network/alerts).