Skip to content

Main2Dev @W-16608399@ Merging main to dev after v4.6.0 #1633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jag-j merged 2 commits into from
Sep 24, 2024
Merged

Main2Dev @W-16608399@ Merging main to dev after v4.6.0 #1633

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
be427d8
Preparing for v4.6.0 release.
github-actions[bot] Sep 20, 2024
85789b1
Merge pull request #1628 from forcedotcom/release-4.6.0
jag-j Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "4.5.0",
"version": "4.6.0",
"author": "Salesforce Code Analyzer Team",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down
164 changes: 163 additions & 1 deletion retire-js/RetireJsVulns.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3223,6 +3223,28 @@
"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
]
},
{
"atOrAbove": "0",
"below": "1.8.4",
"cwe": [
"CWE-791"
],
"severity": "low",
"identifiers": {
"summary": "AngularJS allows attackers to bypass common image source restrictions",
"CVE": [
"CVE-2024-8373"
],
"githubID": "GHSA-mqm9-c95h-x2p6"
},
"info": [
"https://github.com/advisories/GHSA-mqm9-c95h-x2p6",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8373",
"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b",
"https://github.com/angular/angular.js",
"https://www.herodevs.com/vulnerability-directory/cve-2024-8373"
]
},
{
"atOrAbove": "1.3.0",
"below": "1.8.4",
Expand All @@ -3247,6 +3269,28 @@
"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
]
},
{
"atOrAbove": "1.3.0-rc.4",
"below": "1.8.4",
"cwe": [
"CWE-1289"
],
"severity": "low",
"identifiers": {
"summary": "AngularJS allows attackers to bypass common image source restrictions",
"CVE": [
"CVE-2024-8372"
],
"githubID": "GHSA-m9gf-397r-hwpg"
},
"info": [
"https://github.com/advisories/GHSA-m9gf-397r-hwpg",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8372",
"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017",
"https://github.com/angular/angular.js",
"https://www.herodevs.com/vulnerability-directory/cve-2024-8372"
]
},
{
"below": "1.999",
"severity": "low",
Expand Down Expand Up @@ -4318,6 +4362,54 @@
"info": [
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.5.4",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "3.0.0",
"below": "3.1.3",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
}
],
"extractors": {
Expand Down Expand Up @@ -5119,7 +5211,7 @@
},
{
"atOrAbove": "4.0.0",
"below": "4.6.3",
"below": "5.0.0",
"cwe": [
"CWE-79"
],
Expand Down Expand Up @@ -5723,6 +5815,27 @@
"info": [
"https://github.com/sveltejs/svelte/pull/7530"
]
},
{
"below": "4.2.19",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Svelte has a potential mXSS vulnerability due to improper HTML escaping",
"CVE": [
"CVE-2024-45047"
],
"githubID": "GHSA-8266-84wp-wv5c"
},
"info": [
"https://github.com/advisories/GHSA-8266-84wp-wv5c",
"https://github.com/sveltejs/svelte/security/advisories/GHSA-8266-84wp-wv5c",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45047",
"https://github.com/sveltejs/svelte/commit/83e96e044deb5ecbae2af361ae9e31d3e1ac43a3",
"https://github.com/sveltejs/svelte"
]
}
],
"extractors": {
Expand All @@ -5734,6 +5847,7 @@
],
"filecontent": [
"generated by Svelte v\\$\\{['\"](§§version§§)['\"]\\}",
"generated by Svelte v(§§version§§) \\*/",
"version: '(§§version§§)' [\\s\\S]{80,200}'SvelteDOMInsert'",
"VERSION = '(§§version§§)'[\\s\\S]{21,200}parse\\$[0-9][\\s\\S]{10,80}preprocess",
"var version\\$[0-9] = \"(§§version§§)\";[\\s\\S]{10,30}normalizeOptions\\(options\\)[\\s\\S]{80,200}'SvelteComponent.html'"
Expand Down Expand Up @@ -6536,6 +6650,30 @@
"https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
]
},
{
"atOrAbove": "13.5.1",
"below": "13.5.7",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "13.4.0",
"below": "14.1.1",
Expand All @@ -6558,6 +6696,30 @@
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "14.0.0",
"below": "14.2.10",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
}
],
"extractors": {
Expand Down
Loading