search

turkdevops / sourcegraph

Universal code search (self-hosted)
https://sourcegraph.com
Other
1 stars 0 forks source link

[Snyk] Security upgrade @graphql-codegen/cli from 1.19.4 to 2.0.0 #402

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

guardrails[bot] commented 1 year ago

:warning: We detected 5 security issues in this pull request:

Mode: paranoid | Total findings: 5 | Considered vulnerability: 5

Vulnerable Libraries (5)
Severity | Details ----- | -------- Low | [pkg:npm/request@2.88.2@2.88.2](https://github.com/turkdevops/sourcegraph/blob/ed50863bd38976c41c7caf4c8444afdbd7af7567/yarn.lock#L19622) (t) - **no patch available** Low | [pkg:npm/node-fetch@2.6.1@2.6.1](https://github.com/turkdevops/sourcegraph/blob/ed50863bd38976c41c7caf4c8444afdbd7af7567/yarn.lock#L16369) (t) - **no patch available** Medium | [pkg:npm/ws@7.4.0@7.4.0](https://github.com/turkdevops/sourcegraph/blob/ed50863bd38976c41c7caf4c8444afdbd7af7567/yarn.lock#L23617) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Medium | [pkg:npm/node-fetch@2.6.7@2.6.7](https://github.com/turkdevops/sourcegraph/blob/ed50863bd38976c41c7caf4c8444afdbd7af7567/yarn.lock#L16354) (t) - **no patch available** N/A | [pkg:npm/jsonwebtoken@8.5.1@8.5.1](https://github.com/turkdevops/sourcegraph/blob/ed50863bd38976c41c7caf4c8444afdbd7af7567/yarn.lock#L14624) (t) upgrade to: *9.0.0* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.