twilio-labs / actions-sms

Send an SMS through GitHub Actions
MIT License
150 stars 40 forks source link

[Snyk] Security upgrade jest from 24.9.0 to 26.0.0 #37

Closed twilio-product-security closed 3 months ago

twilio-product-security commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jest The new version differs by 250 commits.
  • 343532a v26.0.0
  • 075854a chore: update changelog for release
  • 68b65af v26.0.0-alpha.2
  • d30a586 fix: disallow hook definitions in tests (#9957)
  • 3375ac3 chore: remove unused prettier uninstall step from CI
  • 0a63d40 fix: absolute path moduleNameMapper + jest.mock issue (#8727)
  • 03dbb2f chore: fix watch mode test with utimes (#9967)
  • 68d12d5 chore: skip broken test on windows (#9966)
  • e8e8146 align circus with jasmine's top-to-bottom execution order (#9965)
  • 968a301 Fix invalid re-run of tests in watch mode (#7347)
  • 5d1be03 chore: fix windows CI (#9964)
  • 2bac04f v26.0.0-alpha.1
  • c665f22 feat: add `createMockFromModule` to replace `genMockFromModule` (#9962)
  • 8147af1 chore: improve error on module not found (#9963)
  • 71631f6 feat: add new 'modern' implementation of Fake Timers (#7776)
  • d7f3427 chore: rename LolexFakeTimers to ModernFakeTimers (#9960)
  • 2c7682c Update index.js (#9095)
  • 5a16415 docs: Updated Testing Frameworks guide with React; make it generic (#9106)
  • 4216b86 updated docs regarding testSequencer (#9174)
  • 2e8f8d5 fix: handle `null` being passed to `createTransformer` (#9955)
  • 7a3c997 jest-circus: throw if a test / hook is defined asynchronously (#8096)
  • 42f920c chore: update ts-eslint (#9953)
  • 3078172 Updated config docs with default transform value (#8583)
  • b6052e0 Update jest-phabricator documentation (#8662)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic