Skip to content

Commit

Permalink
Merge pull request #1660 from forcedotcom/release-4.7.0
Browse files Browse the repository at this point in the history
RELEASE @W-16879137@: Conducting v4.7.0 release
  • Loading branch information
stephen-carter-at-sf authored Oct 29, 2024
2 parents 85789b1 + 50ba465 commit f1347aa
Show file tree
Hide file tree
Showing 21 changed files with 1,141 additions and 996 deletions.
2 changes: 1 addition & 1 deletion messages/common.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ Emit additional command output to stdout.

# surveyRequestMessage

We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at https://research.net/r/SalesforceCA
We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at http://sfdc.co/CodeAnalyzerFeedback
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "4.6.0",
"version": "4.7.0",
"author": "Salesforce Code Analyzer Team",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down
18 changes: 18 additions & 0 deletions pmd-appexchange/docs/AvoidDisableProtocolSecurityInXML.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
AvoidDisableProtocolSecurityInXML[](#avoiddisableprotocolsecurityinxml)
------------------------------------------------------------------------------------------------------------------------------------------------------

**Violation:**

Protocol security setting is disabled


**Priority:** Medium (3)

**Description:**

Detects if "Disable Protocol Security" setting is checked/true

**Example(s):**



18 changes: 18 additions & 0 deletions pmd-appexchange/docs/AvoidInsecureHttpRemoteSiteSettingInXML.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
AvoidInsecureHttpRemoteSiteSettingInXML[](#avoidinsecurehttpremotesitesettinginxml)
------------------------------------------------------------------------------------------------------------------------------------------------------

**Violation:**

Avoid using insecure http urls in Remote Site Settings.


**Priority:** Medium (3)

**Description:**

Detects instances of a Remote Site Settings that use HTTP.Use HTTPS instead.

**Example(s):**



18 changes: 18 additions & 0 deletions pmd-appexchange/docs/AvoidLmcIsExposedTrueInXML.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
AvoidLmcIsExposedTrueInXML[](#avoidlmcisexposedtrueinxml)
------------------------------------------------------------------------------------------------------------------------------------------------------

**Violation:**

Detected Lightning Message Channel with isExposed set to true.


**Priority:** High (2)

**Description:**

Detects a Lightning Message Channel with isExposed=true,which isn’t allowed in managed packages.

**Example(s):**



Binary file modified pmd-appexchange/lib/pmd-aura-html-sf-0.1.jar
Binary file not shown.
Binary file modified pmd-appexchange/lib/pmd-customrules-utils-0.1.jar
Binary file not shown.
Binary file modified pmd-appexchange/lib/sf_metadata_pmd_xml-0.1.jar
Binary file not shown.
Binary file not shown.
Binary file removed pmd-appexchange/lib/sfca-pmd-aurahtml-0.15.jar
Binary file not shown.
Binary file added pmd-appexchange/lib/sfca-pmd-aurahtml-0.16.jar
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file removed pmd-appexchange/lib/sfca-pmd-xml-0.15.jar
Binary file not shown.
Binary file added pmd-appexchange/lib/sfca-pmd-xml-0.16.jar
Binary file not shown.
2 changes: 1 addition & 1 deletion pmd7/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ repositories {
}

// Keep this in sync with src/Constants.ts > PMD7_VERSION
var pmd7Version = "7.5.0"
var pmd7Version = "7.6.0"

val pmdDist7Dir = "$buildDir/../../dist/pmd7"

Expand Down
96 changes: 95 additions & 1 deletion retire-js/RetireJsVulns.json
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
]
},
{
"atOrAbove": "1.2.1",
"below": "1.9.0",
"cwe": [
"CWE-79"
Expand All @@ -92,7 +93,8 @@
},
"info": [
"https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"https://research.insecurelabs.org/jquery/test/"
]
},
{
Expand Down Expand Up @@ -4363,6 +4365,30 @@
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.5.0",
"cwe": [
"CWE-79"
],
"severity": "high",
"identifiers": {
"summary": "DOMpurify has a nesting-based mXSS",
"CVE": [
"CVE-2024-47875"
],
"githubID": "GHSA-gx9m-whjm-85jf"
},
"info": [
"https://github.com/advisories/GHSA-gx9m-whjm-85jf",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
"https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
"https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
"https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
"https://github.com/cure53/DOMPurify",
"https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
]
},
{
"atOrAbove": "0",
"below": "2.5.4",
Expand All @@ -4387,6 +4413,30 @@
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "3.0.0",
"below": "3.1.3",
"cwe": [
"CWE-79"
],
"severity": "high",
"identifiers": {
"summary": "DOMpurify has a nesting-based mXSS",
"CVE": [
"CVE-2024-47875"
],
"githubID": "GHSA-gx9m-whjm-85jf"
},
"info": [
"https://github.com/advisories/GHSA-gx9m-whjm-85jf",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
"https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
"https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
"https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
"https://github.com/cure53/DOMPurify",
"https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
]
},
{
"atOrAbove": "3.0.0",
"below": "3.1.3",
Expand Down Expand Up @@ -5613,6 +5663,28 @@
"https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
"https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
]
},
{
"atOrAbove": "40.0.0",
"below": "43.1.1",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Cross-site scripting (XSS) in the clipboard package",
"CVE": [
"CVE-2024-45613"
],
"githubID": "GHSA-rgg8-g5x8-wr9v"
},
"info": [
"https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
"https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
"https://github.com/ckeditor/ckeditor5",
"https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
]
}
],
"extractors": {
Expand Down Expand Up @@ -6697,6 +6769,28 @@
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "10.0.0",
"below": "14.2.7",
"cwe": [
"CWE-674"
],
"severity": "medium",
"identifiers": {
"summary": "Denial of Service condition in Next.js image optimization",
"CVE": [
"CVE-2024-47831"
],
"githubID": "GHSA-g77x-44xx-532m"
},
"info": [
"https://github.com/advisories/GHSA-g77x-44xx-532m",
"https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
"https://nvd.nist.gov/vuln/detail/CVE-2024-47831",
"https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "14.0.0",
"below": "14.2.10",
Expand Down
4 changes: 2 additions & 2 deletions src/Constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ import os = require('os');
import path = require('path');

// Keep this in sync with <repoRoot>/pmd7/build.gradle.kts > pmd7Version
export const PMD7_VERSION = '7.5.0';
export const PMD7_VERSION = '7.6.0';

export const PMD_APPEXCHANGE_RULES_VERSION = '0.15';
export const PMD_APPEXCHANGE_RULES_VERSION = '0.16';

// Keep this in sync with <repoRoot>/sfge/build.gradle.kts > version
export const SFGE_VERSION = '1.0.1-pilot';
Expand Down
Loading

0 comments on commit f1347aa

Please sign in to comment.