Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , , aws-cdk, jest, , , , , source-map-support, aws-xray-sdk, esbuild, ts-jest, ts-node, typescript #523

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@aws-cdk/core
from 1.128.0 to 1.203.0 | 86 versions ahead of your current version | a year ago
on 2023-05-31
@aws-cdk/assert
from 1.128.0 to 2.68.0 | 219 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
on 2023-03-08
@aws-cdk/aws-appsync
from 1.128.0 to 1.203.0 | 86 versions ahead of your current version | a year ago
on 2023-05-31
aws-cdk
from 1.128.0 to 2.154.1 | 341 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-23
jest
from 26.6.3 to 29.7.0 | 88 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-12
@aws-cdk/aws-lambda-nodejs
from 1.128.0 to 1.203.0 | 86 versions ahead of your current version | a year ago
on 2023-05-31
@types/aws-lambda
from 8.10.85 to 8.10.145 | 60 versions ahead of your current version | 21 days ago
on 2024-08-28
@types/node
from 10.17.27 to 22.5.1 | 1264 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 21 days ago
on 2024-08-28
@types/jest
from 26.0.24 to 29.5.12 | 50 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 8 months ago
on 2024-02-01
source-map-support
from 0.5.20 to 0.5.21 | 1 version ahead of your current version | 3 years ago
on 2021-11-19
aws-xray-sdk
from 3.3.3 to 3.9.0 | 16 versions ahead of your current version | 3 months ago
on 2024-06-10
esbuild
from 0.13.8 to 0.23.1 | 165 versions ahead of your current version | a month ago
on 2024-08-16
ts-jest
from 26.5.6 to 29.2.5 | 60 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-23
ts-node
from 9.1.1 to 10.9.2 | 16 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 9 months ago
on 2023-12-08
typescript
from 3.9.10 to 5.5.4 | 1513 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-22

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
124 No Known Exploit
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
124 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
124 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
124 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
124 Proof of Concept
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
124 No Known Exploit
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827
124 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
124 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
124 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
124 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
124 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
124 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
124 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-NWSAPI-2841516
124 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
124 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874
124 Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
124 Proof of Concept
medium severity Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088
124 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856
124 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
124 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
124 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
124 Proof of Concept
critical severity Sandbox Bypass
SNYK-JS-VM2-2309905
124 Proof of Concept
critical severity Arbitrary Code Execution
SNYK-JS-VM2-2990237
124 Proof of Concept
critical severity Sandbox Bypass
SNYK-JS-VM2-3018201
124 Proof of Concept
critical severity Sandbox Escape
SNYK-JS-VM2-5415299
124 Proof of Concept
critical severity Sandbox Escape
SNYK-JS-VM2-5422057
124 Proof of Concept
critical severity Improper Handling of Exceptional Conditions
SNYK-JS-VM2-5426093
124 No Known Exploit
medium severity Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
SNYK-JS-VM2-5537079
124 Proof of Concept
critical severity Sandbox Bypass
SNYK-JS-VM2-5537100
124 Proof of Concept
critical severity Remote Code Execution (RCE)
SNYK-JS-VM2-5772823
124 Proof of Concept
critical severity Remote Code Execution (RCE)
SNYK-JS-VM2-5772825
124 Mature
Release notes
Package name: @aws-cdk/core
  • 1.203.0 - 2023-05-31

    Features

  • 1.202.0 - 2023-05-22

    ⚠ BREAKING CHANGES

    • eks: A masters role is no longer provisioned by default. Use the mastersRole property to explicitly pass a role that needs cluster access. In addition, the creation role no longer allows any identity (with the appropriate sts:AssumeRole permissions) to assume it.

    Features

    Bug Fixes

  • 1.201.0 - 2023-05-10
  • 1.200.0 - 2023-04-26
  • 1.199.0 - 2023-04-20
  • 1.198.1 - 2023-03-31
  • 1.198.0 - 2023-03-22
  • 1.197.0 - 2023-03-14
  • 1.196.0 - 2023-03-08
  • 1.195.0 - 2023-03-02
  • 1.194.0 - 2023-02-21
  • 1.193.0 - 2023-02-15
  • 1.192.0 - 2023-02-09
  • 1.191.0 - 2023-01-31
  • 1.190.0 - 2023-01-25
  • 1.189.0 - 2023-01-19
  • 1.188.0 - 2023-01-11
  • 1.187.0 - 2023-01-03
  • 1.186.1 - 2022-12-30
  • 1.186.0 - 2022-12-29
  • 1.185.0 - 2022-12-28
  • 1.184.1 - 2022-12-23
  • 1.184.0 - 2022-12-22
  • 1.183.0 - 2022-12-14
  • 1.182.0 - 2022-12-07
  • 1.181.1 - 2022-11-29
  • 1.181.0 - 2022-11-18
  • 1.180.0 - 2022-11-01
  • 1.179.0 - 2022-10-27
  • 1.178.0 - 2022-10-20
  • 1.177.0 - 2022-10-14
  • 1.176.0 - 2022-10-06
  • 1.175.0 - 2022-09-29
  • 1.174.0 - 2022-09-22
  • 1.173.0 - 2022-09-16
  • 1.172.0 - 2022-09-08
  • 1.171.0 - 2022-08-31
  • 1.170.1 - 2022-08-31
  • 1.170.0 - 2022-08-25
  • 1.169.0 - 2022-08-18
  • 1.168.0 - 2022-08-09
  • 1.167.0 - 2022-08-02
  • 1.166.1 - 2022-07-29
  • 1.165.0 - 2022-07-19
  • 1.164.0 - 2022-07-16
  • 1.163.2 - 2022-07-14
  • 1.163.1 - 2022-07-09
  • 1.163.0 - 2022-07-06
  • 1.162.0 - 2022-07-01
  • 1.161.0 - 2022-06-23
  • 1.160.0 - 2022-06-14
  • 1.159.0 - 2022-06-03
  • 1.158.0 - 2022-05-27
  • 1.157.0 - 2022-05-21
  • 1.156.1 - 2022-05-13
  • 1.156.0 - 2022-05-12
  • 1.155.0 - 2022-05-04
  • 1.154.0 - 2022-04-28
  • 1.153.1 - 2022-04-23
  • 1.153.0 - 2022-04-22
  • 1.152.0 - 2022-04-07
  • 1.151.0 - 2022-04-01
  • 1.150.0 - 2022-03-26
  • 1.149.0 - 2022-03-17
  • 1.148.0 - 2022-03-10
  • 1.147.0 - 2022-03-01
  • 1.146.0 - 2022-02-25
  • 1.145.0 - 2022-02-19
  • 1.144.0 - 2022-02-08
  • 1.143.0 - 2022-02-02
  • 1.142.0 - 2022-01-29
  • 1.141.0 - 2022-01-27
  • 1.140.0 - 2022-01-20
  • 1.139.0 - 2022-01-11
  • 1.138.2 - 2022-01-10
  • 1.138.1 - 2022-01-07
  • 1.138.0 - 2022-01-04
  • 1.137.0 - 2021-12-21
  • 1.136.0 - 2021-12-15
  • 1.135.0 - 2021-12-10
  • 1.134.0 - 2021-11-23
  • 1.133.0 - 2021-11-19
  • 1.132.0 - 2021-11-09
  • 1.131.0 - 2021-11-07
  • 1.130.0 - 2021-10-29
  • 1.129.0 - 2021-10-21
  • 1.128.0 - 2021-10-14
from @aws-cdk/core GitHub release notes
Package name: @aws-cdk/assert
  • 2.68.0 - 2023-03-08
  • 2.67.0 - 2023-03-02

    Features

    Bug Fixes


    Alpha modules (2.67.0-alpha.0)

    Features

    Bug Fixes

    • servicecatalogappregistry: applicationName can not be changed after deployment (#24409) (6aa763f)
  • 2.66.1 - 2023-02-24

    Bug Fixes


    Alpha modules (2.66.1-alpha.0)

  • 2.66.0 - 2023-02-21

    Features

    Bug Fixes

    • apigateway: rest api deployment does not depend on authorizers (#23215) (12e13c1)
    • cognito: changing installLatestAwsSdk breaks Client Secret reference (#23798) (844d407), closes #23796
    • ecs: validate ecs healthcheck (#24197) (89802a9)
    • eks: nested OCI repository names for private ECR helmchart deployments are not properly handled (#23378) (72f2a95)
    • lambda: RuntimeManagementMode.FUNCTION_UPDATE has wrong value (#24252) (fdb0cf1)

    Alpha modules (2.66.0-alpha.0)

    Features

    Bug Fixes

    • servicecatalogappregistry: Allow user to control stack id via stack name for Application stack (#24171) (0c7c7e4), closes #24160
  • 2.65.0 - 2023-02-15

    Features

    Bug Fixes


    Alpha modules (2.65.0-alpha.0)

    Features

  • 2.64.0 - 2023-02-09

    Features

    Bug Fixes

    • Use the correct LB full name when creating metrics for imported LBs (#23972) (16c23b7), closes #23853
    • cdk-assets: asset concurrency leaves a corrupted archive (#24026) (989454f)
    • cdk-assets: packaging assets is broken on Node older than 14.17 (#23994) (5bde92c), closes #23859
    • codedeploy: cross-region referenced groups use wrong config (#23986) (390ec78)
    • core: cross-stack reference error doesn't include violation (#23987) (c7ad66f)
    • ec2: Cannot deploy VPC flow log with other resources that requires bucket policies (#23889) (e646ad5), closes #18985
    • pipelines: cannot configure actionName for all sources (#24027) (9cd639b)
    • s3: infer bucketWebsiteUrl and bucketDomainName suffixes from bucket region (#23919) (252f052)
    • s3-deployment: wrong URL in BucketDeployment.deployedBucket.bucketWebsiteUrl (#24055) (ece46db), closes #23354

    Alpha modules (2.64.0-alpha.0)

    Features

    Bug Fixes

    • servicecatalogappregistry: default stack name is not meaningful and causes conflict when multiple stacks deployed to the same account-region (#23823) (420b5ff)
  • 2.63.2 - 2023-02-04

    Alpha modules (2.63.2-alpha.0)

  • 2.63.1 - 2023-02-03
  • 2.63.0 - 2023-01-31
  • 2.62.2 - 2023-01-27
  • 2.62.1 - 2023-01-26
  • 2.62.0 - 2023-01-25
  • 2.61.1 - 2023-01-20
  • 2.61.0 - 2023-01-19
  • 2.60.0 - 2023-01-12
  • 2.59.0 - 2023-01-03
  • 2.58.1 - 2022-12-30
  • 2.58.0 - 2022-12-29
  • 2.57.0 - 2022-12-27
  • 2.56.1 - 2022-12-23
  • 2.56.0 - 2022-12-21
  • 2.55.1 - 2022-12-16
  • 2.55.0 - 2022-12-14
  • 2.54.0 - 2022-12-07
  • 2.53.0 - 2022-11-29
  • 2.52.1 - 2022-11-29
  • 2.52.0 - 2022-11-27
  • 2.51.1 - 2022-11-18
  • 2.51.0 - 2022-11-18
  • 2.50.0 - 2022-11-01
  • 2.49.1 - 2022-11-01
  • 2.49.0 - 2022-10-28
  • 2.48.0 - 2022-10-27
  • 2.47.0 - 2022-10-20
  • 2.46.0 - 2022-10-13
  • 2.45.0 - 2022-10-06
  • 2.44.0 - 2022-09-29
  • 2.43.1 - 2022-09-23
  • 2.43.0 - 2022-09-21
  • 2.42.1 - 2022-09-19
  • 2.42.0 - 2022-09-16
  • 2.41.0 - 2022-09-08
  • 2.40.0 - 2022-09-01
  • 2.39.1 - 2022-08-29
  • 2.39.0 - 2022-08-25
  • 2.38.1 - 2022-08-18
  • 2.38.0 - 2022-08-17
  • 2.37.1 - 2022-08-10
  • 2.37.0 - 2022-08-09
  • 2.36.0 - 2022-08-08
  • 2.35.0 - 2022-08-02
  • 2.34.2 - 2022-07-30
  • 2.34.1 - 2022-07-29
  • 2.34.0 - 2022-07-29
  • 2.33.0 - 2022-07-19
  • 2.32.1 - 2022-07-16
  • 2.32.0 - 2022-07-14
  • 2.31.2 - 2022-07-14
  • 2.31.1 - 2022-07-09
  • 2.31.0 - 2022-07-06
  • 2.30.0 - 2022-07-01
  • 2.29.1 - 2022-06-24
  • 2.29.0 - 2022-06-23
  • 2.28.1 - 2022-06-16
  • 2.28.0 - 2022-06-14
  • 2.27.0 - 2022-06-03
  • 2.26.0 - 2022-05-30
  • 2.25.0 - 2022-05-21
  • 2.24.1 - 2022-05-13
  • 2.24.0 - 2022-05-12
  • 2.23.0 - 2022-05-04
  • 2.22.0 - 2022-04-28
  • 2.21.1 - 2022-04-23
  • 2.21.0 - 2022-04-22
  • 2.20.0 - 2022-04-07
  • 2.19.0 - 2022-04-01
  • 2.18.0 - 2022-03-29
  • 2.17.0 - 2022-03-17
  • 2.16.0 - 2022-03-12
  • 2.15.0 - 2022-03-01
  • 2.14.0 - 2022-02-25
  • 2.13.0 - 2022-02-19
  • 2.12.0 - 2022-02-09
  • 2.11.0 - 2022-02-08
  • 2.10.0 - 2022-01-29
  • 2.9.0 - 2022-01-26
  • 2.8.0 - 2022-01-13
  • 2.7.0 - 2022-01-12
  • 2.6.0 - 2022-01-12
  • 2.5.0 - 2022-01-09
  • 2.4.0 - 2022-01-06
  • 2.3.0 - 2021-12-22
  • 2.2.0 - 2021-12-15
  • 2.1.0 - 2021-12-08
  • 2.0.0 - 2021-12-02
  • 2.0.0-rc.33 - 2021-11-26
  • 2.0.0-rc.32 - 2021-11-25
  • 2.0.0-rc.31 - 2021-11-23
  • 2.0.0-rc.30 - 2021-11-17
  • 2.0.0-rc.29 - 2021-11-10
  • 2.0.0-rc.28 - 2021-11-09
  • 2.0.0-rc.27 - 2021-10-27
  • 2.0.0-rc.26 - 2021-10-26
  • 2.0.0-rc.25 - 2021-10-22
  • 2.0.0-rc.24 - 2021-10-13
  • 2.0.0-rc.23 - 2021-09-23
  • 2.0.0-rc.22 - 2021-09-22
  • 2.0.0-rc.21 - 2021-09-08
  • 2.0.0-rc.20 - 2021-09-01
  • 2.0.0-rc.19 - 2021-08-25
  • 2.0.0-rc.18 - 2021-08-18
  • 2.0.0-rc.17 - 2021-08-11
  • 2.0.0-rc.16 - 2021-08-04
  • 2.0.0-rc.15 - 2021-07-28
  • 2.0.0-rc.14 - 2021-07-21
  • 2.0.0-rc.13 - 2021-07-20
  • 2.0.0-rc.12 - 2021-07-19
  • 2.0.0-rc.11 - 2021-07-07
  • 2.0.0-rc.10 - 2021-06-30
  • 2.0.0-rc.9 - 2021-06-23
  • 2.0.0-rc.8 - 2021-06-16
  • 2.0.0-rc.7 - 2021-06-09
  • 2.0.0-rc.6 - 2021-06-02
  • 2.0.0-rc.5 - 2021-05-28
  • 2.0.0-rc.4 - 2021-05-19
  • 2.0.0-rc.3 - 2021-05-12
  • 2.0.0-rc.1 - 2021-04-29
  • 2.0.0-alpha.14 - 2021-04-28
  • 2.0.0-alpha.13 - 2021-04-21
  • 2.0.0-alpha.12 - 2021-04-21
  • 2.0.0-alpha.11 - 2021-04-19
  • 2.0.0-alpha.10 - 2021-04-16
  • 1.204.0 - 2023-06-19
  • 1.203.0 - 2023-05-31
  • 1.202.0 - 2023-05-22
  • 1.201.0 - 2023-05-10
  • 1.200.0 - 2023-04-26
  • 1.199.0 - 2023-04-20
  • 1.198.1 - 2023-03-31
  • 1.198.0 - 2023-03-22
  • 1.197.0 - 2023-03-14
  • 1.196.0 - 2023-03-08
  • 1.195.0 - 2023-03-02

    chore(release): 1.195.0 (#24417)

    See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.195.0/CHANGELOG.md)

  • 1.194.0 - 2023-02-21

    chore(release): 1.194.0 (#24255)

    See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.194.0/CHANGELOG.md)

  • 1.193.0 - 2023-02-15

    chore(release): 1.193.0 (#24184)

    See [CHANGELOG](https://github.com/aws/aws-c...

Snyk has created this PR to upgrade:
  - @aws-cdk/core from 1.128.0 to 1.203.0.
    See this package in npm: https://www.npmjs.com/package/@aws-cdk/core
  - @aws-cdk/assert from 1.128.0 to 2.68.0.
    See this package in npm: https://www.npmjs.com/package/@aws-cdk/assert
  - @aws-cdk/aws-appsync from 1.128.0 to 1.203.0.
    See this package in npm: https://www.npmjs.com/package/@aws-cdk/aws-appsync
  - aws-cdk from 1.128.0 to 2.154.1.
    See this package in npm: https://www.npmjs.com/package/aws-cdk
  - jest from 26.6.3 to 29.7.0.
    See this package in npm: https://www.npmjs.com/package/jest
  - @aws-cdk/aws-lambda-nodejs from 1.128.0 to 1.203.0.
    See this package in npm: https://www.npmjs.com/package/@aws-cdk/aws-lambda-nodejs
  - @types/aws-lambda from 8.10.85 to 8.10.145.
    See this package in npm: https://www.npmjs.com/package/@types/aws-lambda
  - @types/node from 10.17.27 to 22.5.1.
    See this package in npm: https://www.npmjs.com/package/@types/node
  - @types/jest from 26.0.24 to 29.5.12.
    See this package in npm: https://www.npmjs.com/package/@types/jest
  - source-map-support from 0.5.20 to 0.5.21.
    See this package in npm: https://www.npmjs.com/package/source-map-support
  - aws-xray-sdk from 3.3.3 to 3.9.0.
    See this package in npm: https://www.npmjs.com/package/aws-xray-sdk
  - esbuild from 0.13.8 to 0.23.1.
    See this package in npm: https://www.npmjs.com/package/esbuild
  - ts-jest from 26.5.6 to 29.2.5.
    See this package in npm: https://www.npmjs.com/package/ts-jest
  - ts-node from 9.1.1 to 10.9.2.
    See this package in npm: https://www.npmjs.com/package/ts-node
  - typescript from 3.9.10 to 5.5.4.
    See this package in npm: https://www.npmjs.com/package/typescript

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/18b50fdb-edce-4c2a-bd13-875d2c743c3d?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

google-cla bot commented Sep 18, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Copy link

sonarcloud bot commented Sep 18, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment