search

kc-workspace / kcws-js

A personal monorepo for javascript and typescript libraries
https://js.kcws.kamontat.net
GNU Affero General Public License v3.0
1 stars 0 forks source link

[Snyk] Security upgrade @rushstack/heft-sass-plugin from 0.12.12 to 0.13.0 #147

Closed kamontat closed 8 months ago

kamontat commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - packages/web-rig/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-POSTCSS-1255640](https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JS-POSTCSS-5926692](https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @rushstack/heft-sass-plugin The new version differs by 149 commits.
  • a1d26d9 Bump versions [skip ci]
  • 386ec46 Update changelogs [skip ci]
  • 1085e78 Merge pull request #4297 from kamontat/feature/upgrade-postcss-modules
  • 62b223a Update common/changes/@ rushstack/heft-sass-plugin/feature-upgrade-postcss-modules_2023-08-23-11-43.json
  • 35267a7 Upgrade postcss-modules
  • d391f10 Merge pull request #4442 from william2958/will/intro-subspace
  • f7f4cfd Update some config file docs; mark new API's as "@ beta"
  • 7184e21 PR comments
  • bf2cd20 Update libraries/rush-lib/src/api/RushConfiguration.ts
  • 67c0c5f Update libraries/rush-lib/src/api/RushConfiguration.ts
  • db32b88 rename _cachedRushProjectsBySubspaceName to _rushProjectsBySubspaceName
  • 64f1628 chore: add check to verify hydration of subspace names set
  • fa0c483 PR comments
  • c8e85bf PR comments
  • 0aa57a4 Update libraries/rush-lib/src/schemas/subspaces.schema.json
  • bf31ea6 Update libraries/rush-lib/src/schemas/rush.schema.json
  • d81881c Update common/changes/@ microsoft/rush/will-intro-subspace_2023-12-04-16-28.json
  • 8d42b59 Update libraries/rush-lib/src/api/SubspaceConfiguration.ts
  • 8f65295 Update libraries/rush-lib/src/api/RushConfiguration.ts
  • b5d58c6 Update libraries/rush-lib/src/api/RushConfiguration.ts
  • 43b274f Update libraries/rush-lib/assets/rush-init/subspaces.json
  • 8913f8a Bump versions [skip ci]
  • aa76974 Update changelogs [skip ci]
  • d39d41f Merge pull request #4443 from D4N14L/user/danade/ListProcesses
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/kamontat/project/5096ffc1-f5e9-4ff3-9317-9dd021ebc677?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/kamontat/project/5096ffc1-f5e9-4ff3-9317-9dd021ebc677?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"8ec3f798-072a-4b23-9365-efac3a22663f","prPublicId":"8ec3f798-072a-4b23-9365-efac3a22663f","dependencies":[{"name":"@rushstack/heft-sass-plugin","from":"0.12.12","to":"0.13.0"}],"packageManager":"npm","projectPublicId":"5096ffc1-f5e9-4ff3-9317-9dd021ebc677","projectUrl":"https://app.snyk.io/org/kamontat/project/5096ffc1-f5e9-4ff3-9317-9dd021ebc677?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-POSTCSS-1255640","SNYK-JS-POSTCSS-5926692"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-POSTCSS-1255640","SNYK-JS-POSTCSS-5926692"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[696,586,479],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) πŸ¦‰ [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)
mergify[bot] commented 8 months ago

Hey @kamontat, this pull request failed to merge and has been dequeued from the merge train. If you believe your PR failed in the merge train because of a flaky test, requeue it by commenting with @mergifyio requeue. More details can be found on the Queue: Embarked in merge train check-run.

kamontat commented 8 months ago

Fixed by weekly upgrade process