Skip to content

refactor: Security upgrade semver from 7.3.7 to 7.5.2 #2493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 8, 2023
Merged

refactor: Security upgrade semver from 7.3.7 to 7.5.2 #2493

merged 1 commit into from
Jul 8, 2023

Conversation

parseplatformorg
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: semver The new version differs by 63 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@parse-github-assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title [Snyk] Security upgrade semver from 7.3.7 to 7.5.2 refactor: Security upgrade semver from 7.3.7 to 7.5.2 Jul 7, 2023
@parse-github-assistant
Copy link

Thanks for opening this pull request!

  • ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

@uffizzi-cloud
Copy link

uffizzi-cloud bot commented Jul 7, 2023

Uffizzi Ephemeral Environment deployment-30439

⌚ Updated Jul 07, 2023, 20:39 UTC

☁️ https://app.uffizzi.com/github.com/parse-community/parse-dashboard/pull/2493

📄 View Application Logs etc.

What is Uffizzi? Learn more

@mtrezza mtrezza merged commit 3e696f8 into alpha Jul 8, 2023
@mtrezza mtrezza deleted the snyk-fix-5bcfac82b463d5c4b0d7c1359b19694f branch July 8, 2023 10:52
@parseplatformorg
Copy link
Contributor Author

🎉 This change has been released in version 5.2.0-alpha.28

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Aug 27, 2023
@parseplatformorg
Copy link
Contributor Author

🎉 This change has been released in version 5.3.0-beta.1

@parseplatformorg parseplatformorg added the state:released-beta Released as beta version label Sep 15, 2023
@parseplatformorg
Copy link
Contributor Author

🎉 This change has been released in version 5.3.0-alpha.1

@parseplatformorg
Copy link
Contributor Author

🎉 This change has been released in version 5.3.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Nov 16, 2023
beiguancyc pushed a commit to beiguancyc/parse-dashboard that referenced this pull request Nov 20, 2023
@cycqitianwushuge
Merge branch 'release'
178259d 
* release: (34 commits)
  chore(release): 5.3.0 [skip ci]
  release
  chore(release): 5.3.0-beta.1 [skip ci]
  release
  chore(release): 5.2.0-alpha.28 [skip ci]
  feat: Add security checks page (parse-community#2491)
  refactor: Security upgrade semver from 7.3.7 to 7.5.2 (parse-community#2493)
  refactor: Add lint and prettier (parse-community#2492)
  chore(release): 5.2.0-alpha.27 [skip ci]
  fix: Adding a file when adding a new row in the data browser doesn't show filename (parse-community#2471)
  chore(release): 5.2.0-alpha.26 [skip ci]
  fix: File extension is hidden in file field when editing object in modal dialog in data browser (parse-community#2472)
  chore(release): 5.2.0-alpha.25 [skip ci]
  fix: Incorrect highlight maker position in class list in data browser (parse-community#2490)
  chore(release): 5.2.0-alpha.24 [skip ci]
  feat: Add support for confirmation dialog before script execution in data browser (parse-community#2481)
  chore(release): 5.2.0-alpha.23 [skip ci]
  feat: Add parameter `selectedField` to script payload to determine which object field was selected when script was invoked (parse-community#2483)
  chore(release): 5.2.0-alpha.22 [skip ci]
  feat: Add refresh button to Cloud Config page (parse-community#2480)
  ...

# Conflicts:
#	package-lock.json
#	src/components/LogView/LogViewEntry.react.js
#	src/dashboard/Data/Jobs/Jobs.react.js
#	src/dashboard/Data/Jobs/JobsForm.react.js
#	src/lib/DateUtils.js
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
state:released Released as stable version state:released-alpha Released as alpha version state:released-beta Released as beta version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@parseplatformorg @mtrezza @snyk-bot