search

sanity-io / sanity-plugin-markdown

Markdown support in the Sanity Studio
MIT License
51 stars 8 forks source link

[Snyk] Security upgrade sanity from 3.57.1 to 3.62.0 #105

Open svcsnyksanity opened 3 weeks ago

svcsnyksanity commented 3 weeks ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 666/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.9		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sanity The new version differs by 159 commits.
  • f352db8 v3.62.0
  • 9c72c74 fix: warnings on React 19 (#7654)
  • 5452e3d fix(deps): update dependency @ sanity/ui to ^2.8.10 (#7652)
  • b6df802 fix(deps): update dependency @ sanity/ui to ^2.8.10 (#7653)
  • 6c1d4c8 chore(deps): update dependency @ sanity/visual-editing to v2.2.2 (#7651)
  • 4298fe0 fix(core): inherit readOnly state from ancestors in copyPaste function (#7643)
  • c9b574d fix(deps): update dependency @ sanity/mutate to ^0.10.1 (#7650)
  • 65d7e7e fix(deps): Update dev-non-major (#7649)
  • 2bc49be fix(deps): update dependency @ sanity/presentation to v1.17.3 (#7648)
  • 07c48a0 fix(deps): update dependency @ portabletext/editor to ^1.1.5 (#7638)
  • 93a1114 fix(deps): update dependency @ sanity/presentation to v1.17.2 (#7647)
  • 5a8965e fix(deps): Update dev-non-major (#7646)
  • 3698fd3 fix(deps): update dependency @ sanity/presentation to v1.17.1 (#7645)
  • 816067e chore(deps): update dependency @ sanity/preview-url-secret to v2 (#7641)
  • 4973abc fix(deps): update dependency @ sanity/presentation to v1.17.0 (#7640)
  • 97f1db0 fix(deps): Update dev-non-major (#7639)
  • a4bd01d chore(cli): update help copy for deploy command (#7624)
  • f1f21fd chore(test-studio): add asset types to structure navigation (#7631)
  • 01d0313 chore(deps): update dependency sanity-diff-patch to v4 (#7630)
  • a9525c8 feat: validate PR title against conventional commits (#7580)
  • ede88ac chore(deps): update dependency @ sanity/tsdoc to v1.0.113 (#7627)
  • 2e150f1 fix(deps): update dependency @ sanity/client to ^6.22.2 (#7625)
  • 7f2c1ce chore(deps): update typescript-tooling (#7605)
  • 02da757 fix: restore support for defaultOrdering. (#7626)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

socket-security[bot] commented 3 weeks ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@sanity/ui@2.8.10 Transitive: environment +33 12 MB armandocerna, ash, atombender, ...59 more
npm/sanity@3.62.0 Transitive: environment, eval, filesystem, network, shell, unsafe +831 859 MB bjoerge

🚮 Removed packages: npm/@sanity/ui@2.8.9, npm/sanity@3.57.1

View full report↗︎