search

parse-community / parse-server-s3-adapter

AWS S3 file storage adapter for Parse Server
Other
80 stars 83 forks source link

refactor: Security upgrade semantic-release from 17.4.6 to 19.0.3 #185

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		 Yes Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		 Yes Proof of Concept
medium severity Information Exposure
SNYK-JS-SEMANTICRELEASE-2866292		 Yes No Known Exploit
Commit messages
Package name: semantic-release The new version differs by 61 commits.
  • 58a226f fix(log-repo): use the original form of the repo url to remove the need to mask credentials (#2459)
  • 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
  • ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
  • ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
  • fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
  • b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
  • 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
  • 2b94bb4 docs: update broken link to CI config recipes (#2378)
  • b4bc191 docs: Correct circleci workflow (#2365)
  • 2c30e26 Merge pull request #2333 from semantic-release/next
  • 0eca144 fix(npm-plugin): upgraded to the stable version
  • 8097afb fix(npm-plugin): upgraded to the latest beta version
  • 95af1e4 Merge pull request #2332 from semantic-release/beta
  • f634b8c fix(npm-plugin): upgraded to the beta, which upgrades npm to v8
  • d9e5bc0 fix: upgrade `marked` to resolve ReDos vulnerability (#2330)
  • dd7d664 docs: fix a broken link (#2318)
  • cd6136d docs: wrong prerelease example (#2307)
  • e62c83d docs: remove repeated 'with' word (#2289)
  • 5d78fa4 docs(breaking-change): highlighted the need for `BREAKING CHANGE: ` to be in the commit footer (#2283)
  • b64855f docs(badge): mentioned referencing the commit convention (#2269)
  • 09bcf7a docs: update badges to include preset names (#2266)
  • 8e96b23 docs(issue-templates): fixed links to templates for opening issues (#2264)
  • 5535268 docs: fix typo (#2262)
  • 7f971f3 fix: bump @ semantic-release/commit-analyzer to 9.0.2 (#2258)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

parse-github-assistant[bot] commented 1 year ago

I will reformat the title to use the proper commit message syntax.