search

hypertrace / hypertrace-ui

UI for Hypertrace
Other
25 stars 12 forks source link

[Snyk] Security upgrade rudder-sdk-js from 2.46.0 to 2.48.7 #2647

Open surajpuvvada opened 4 months ago

surajpuvvada commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: rudder-sdk-js The new version differs by 215 commits.
  • 727804c chore(release): pulling release/3.7.0 into main (#1703)
  • d2e5fe0 chore(monorepo): sync versions and generate release logs
  • e58b2fe chore(@ rudderstack/analytics-js-sanity-suite): release version 3.0.6
  • 5454b88 chore(@ rudderstack/analytics-js-loading-scripts): release version 3.0.5
  • c5eb782 chore(@ rudderstack/analytics-js-integrations): release version 3.1.0
  • 4a1bfda chore(rudder-sdk-js): release version 2.48.7
  • 5f4367f chore(@ rudderstack/analytics-js): release version 3.1.0
  • 5d9f75a chore(@ rudderstack/analytics-js-plugins): release version 3.0.4
  • 0c11299 chore(@ rudderstack/analytics-js-common): release version 3.2.0
  • e85208b chore: remove duplicate config named eventWhiteList (#1652)
  • 607c381 feat: add autoConfig support in FBPixel, add tests (#1702)
  • c57cf82 feat: warn users on missing plugins (#1691)
  • bb7e1df feat: supporting add to cart for criteo (#1696)
  • 3543cc1 feat: added custom domain support in ga4 (#1697)
  • ba33b9e feat: upgrade storejs lib and remove the patch (#1700)
  • 695b229 chore: update all the sample applications to latest (#1695)
  • 36a13b0 feat: add a patch for storejs to expose length of the store (#1694)
  • f3a59a1 chore(release): pull main into develop post release v3.6.0 (#1692)
  • 711180c chore(release): pulling release/3.6.0 into main (#1690)
  • d19c0c0 chore(monorepo): sync versions and generate release logs
  • 90cad53 chore(@ rudderstack/analytics-js-sanity-suite): release version 3.0.5
  • c9a5928 chore(@ rudderstack/analytics-js-loading-scripts): release version 3.0.4
  • c607507 chore(@ rudderstack/analytics-js-integrations): release version 3.0.4
  • 74704da chore(@ rudderstack/analytics-js): release version 3.0.4
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/surajpuvvada/project/553e7174-0e22-4c7f-aa2c-12ae5f5768b5?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/surajpuvvada/project/553e7174-0e22-4c7f-aa2c-12ae5f5768b5?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"4bda8225-84bd-44fd-a720-671c0fef5ab8","prPublicId":"4bda8225-84bd-44fd-a720-671c0fef5ab8","dependencies":[{"name":"rudder-sdk-js","from":"2.46.0","to":"2.48.7"}],"packageManager":"npm","projectPublicId":"553e7174-0e22-4c7f-aa2c-12ae5f5768b5","projectUrl":"https://app.snyk.io/org/surajpuvvada/project/553e7174-0e22-4c7f-aa2c-12ae5f5768b5?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-BRACES-6838727"],"upgrade":["SNYK-JS-BRACES-6838727"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Uncontrolled resource consumption](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
github-actions[bot] commented 4 months ago

Test Results

β€‡β€ˆβ€‡β€‡4 files  Β±0β€‚β€ƒβ€‡β€ˆ317 suites  Β±0   30m 23s :stopwatch: - 2m 9s 1β€ˆ143 tests Β±0  1β€ˆ143 :white_check_mark: Β±0  0 :zzz: Β±0  0 :x: Β±0  1β€ˆ153 runsβ€Š Β±0  1β€ˆ153 :white_check_mark: Β±0  0 :zzz: Β±0  0 :x: Β±0 

Results for commit d5f4fb6e. ± Comparison against base commit cf7c36a3.