Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade netlify-cli from 9.16.7 to 12.0.8 #12

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 169/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 9, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5
Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
Yes Proof of Concept
high severity 124/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 9, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5
Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: netlify-cli The new version differs by 250 commits.
  • a0a4c2f chore(main): release 12.0.8 (#5144)
  • 10c175a fix: add debug logs to config resolution (#5162)
  • dc75103 fix(deps): update dependency minimist to v1.2.7 (#5160)
  • bb61fb3 fix(deps): update netlify packages (#5159)
  • b8940e1 fix(deps): update netlify packages (#5158)
  • 2975b10 chore: fix grouping of renovate updates (#5157)
  • 92f46bf fix(deps): update dependency @ netlify/build to ^27.20.6 (#5152)
  • bea2c83 fix(deps): update dependency @ netlify/build to ^27.20.4 (#5151)
  • f3d4916 chore: start migration to ESM (#5140)
  • adb85d7 fix(deps): update dependency @ netlify/build to ^27.20.3 (#5141)
  • 2ccbf1b fix(deps): update dependency axios to v1 (#5149)
  • 75e753a fix(deps): update dependency ci-info to v3.5.0 (#5147)
  • af4fff8 fix(deps): update dependency stripe to v10.13.0 (#5148)
  • d0c0c1c fix(deps): update rust crate aws_lambda_events to 0.7.1 (#5146)
  • d6e503b fix(deps): update dependency express to v4.18.2 (#5145)
  • 7c5e675 fix: follow standard pattern for auto-generated site names (#5007)
  • 85f961d fix(deps): update dependency @ netlify/edge-bundler to ^2.7.0 (#5142)
  • be3d57d chore(main): release 12.0.7 (#5139)
  • dd9c209 fix(deps): update dependency @ netlify/framework-info to ^9.3.0 (#5138)
  • cb1df05 chore(main): release 12.0.6 (#5136)
  • b6d80e5 chore(deps): update dependency supertest to v6.3.0 (#5134)
  • d29c7fd chore(deps): update dependency sinon to v14.0.1 (#5132)
  • d91db97 fix(deps): update dependency @ netlify/functions to ^1.3.0 (#5135)
  • dc0d7f6 fix(deps): update dependency semver to v7.3.8 (#5133)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants