search

pantheon-systems / drops-8

Pantheon Upstream for Drupal 8 Sites. Deprecated; please see https://github.com/pantheon-upstreams/drupal-composer-managed
GNU General Public License v2.0
80 stars 117 forks source link

Update to Drupal 9.5.2. For more information, see https://www.drupal.org/project/drupal/releases/9.5.2 #422

Closed pantheon-upstream closed 1 year ago

pantheon-upstream commented 1 year ago

Update from Drupal 9.1.0 to Drupal 9.5.2.

This is experimental. Do not merge.

guardrails[bot] commented 1 year ago

:warning: We detected 14 security issues in this pull request:

Hard-Coded Secrets (1)
Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#) | Title: **Secret Keyword**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/modules/user/config/install/user.mail.yml#L34 More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#). ---
Insecure Use of Regular Expressions (7)
Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#) | Title: **Regex DOS (ReDOS)**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/misc/position.es6.js#L30 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#) | Title: **Regex DOS (ReDOS)**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/misc/position.js#L13 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#) | Title: **Regex DOS (ReDOS)**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/scripts/js/ckeditor5-types-documentation.js#L30 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#) | Title: **Regex DOS (ReDOS)**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/scripts/js/vendor-update.js#L34 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#) | Title: **Regex DOS (ReDOS)**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/misc/position.es6.js#L38 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#) | Title: **Regex DOS (ReDOS)**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/misc/position.es6.js#L40 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#) | Title: **Regex DOS (ReDOS)**, Severity: Medium
https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/misc/position.js#L18 More info on how to fix Insecure Use of Regular Expressions in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#). ---
Vulnerable Libraries (6)
Severity | Details ----- | -------- High | [pkg:npm/json5@2.2.1@2.2.1](https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/yarn.lock#L4313) (t) upgrade to: *2.2.2* N/A | [pkg:npm/jake@10.8.5@10.8.5](https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/yarn.lock#L4145) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/yarn.lock#L4649) (t) upgrade to: *3.0.5* Medium | [pkg:npm/jquery-form@4.3.0@4.3.0](https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/yarn.lock#L4168) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/yarn.lock#L2792) (t) upgrade to: *3.1.0* Medium | [pkg:npm/node-fetch@2.6.7@2.6.7](https://github.com/pantheon-systems/drops-8/blob/b1237259c7da85859758e7f591363a947568e676/core/yarn.lock#L4822) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

pantheon-upstream commented 1 year ago

Superseeded by #423.