Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #42

Closed
wants to merge 1 commit into from
Closed

[Snyk] Fix for 1 vulnerabilities #42

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 5, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/barebones/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-JS-MOMENT-2440688		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @dwp/govuk-casa The new version differs by 48 commits.
  • ea00c18 chore(release): 7.0.1
  • 542cbee refactor: push to internal npm registry
  • 45442b3 chore(release): 7.0.0
  • 7f02fbe chore: update dependencies
  • 1553627 refactor(ci): avoid detached pipeline on dast job
  • 1010e6b refactor: simplify origin extraction from route creation
  • 56b9619 refactor: simplify field path parsing
  • b47778e refactor: apply regex sanitisation
  • 465cb16 chore(ci): add standard-version config
  • 0174423 refactor(ci): add dast tooling
  • e6a3ffd refactor(ci): move to using shared pipeline blueprints
  • 3b20f3d chore(ci): use the correct git hook for commitlint
  • c0303df refactor: husky config after upgrade
  • 1af9c3b chore: update dependencies
  • 70e30e2 chore: update dependencies
  • 103f679 chore: minor review fixes
  • 81b2669 chore: update dependencies
  • e7d6b0e chore: package 7.0.0-beta1
  • 42392d0 chore(ci): enable all jobs for 7.0.0
  • 3fb0ecd chore: lint fixes
  • bedf253 feat: add new wordCount validator
  • cddee56 fix: postalAddressObject welsh translations
  • 716c7f5 refactor: [bc] add govuk/ prefix to nunjucks macros
  • 60cdcdd refactor: extract some common functions into utils

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

@lhokktyn lhokktyn closed this Nov 26, 2022
@lhokktyn lhokktyn deleted the snyk-fix-4e35a49e69d08cfb9a5d81bbc182b15a branch May 3, 2023 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @lhokktyn