search

stryker-mutator / azure-devops-mutationreport-publisher

Azure Devops extension to publish and display the mutation testing report in the build result
Apache License 2.0
11 stars 6 forks source link

Fix security issues #1062

Closed marioleed closed 9 months ago

marioleed commented 9 months ago

Snyk is giving high severity issues on azure-pipelines-task-lib. Could you upgrade this package?

Issues to fix by upgrading: Upgrade azure-pipelines-task-lib@4.4.0 to azure-pipelines-task-lib@4.7.0 to fix ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-MOCKERY-3043117] in mockery@2.1.0 introduced by azure-pipelines-task-lib@4.4.0 > mockery@2.1.0

Issues with no direct upgrade or patch: ✗ Missing Release of Resource after Effective Lifetime [High Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 introduced by azure-pipelines-task-lib@4.4.0 > shelljs@0.8.5 > glob@7.1.6 > inflight@1.0.6 No upgrade or patch available

✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@5.7.1 introduced by azure-pipelines-task-lib@4.4.0 > semver@5.7.1 This issue was fixed in versions: 5.7.2, 6.3.1, 7.5.2

rouke-broersma commented 9 months ago

A new version is being released that should solve this CVE