Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @strapi/strapi from 4.15.5 to 4.23.0 #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade @strapi/strapi from 4.15.5 to 4.23.0 #10

wants to merge 1 commit into from

Conversation

ykshprskyi
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Access Control Bypass
SNYK-JS-VITE-6182924		 No Proof of Concept
medium severity 688/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.9		 Improper Access Control
SNYK-JS-VITE-6531286		 No Proof of Concept
high severity 691/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.4		 Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @strapi/strapi The new version differs by 250 commits.
  • c2dbce3 v4.23.0
  • c9e2020 Merge pull request #20073 from strapi/fix/content-releases-without-i18n
  • 11403f3 chore: remove empty spaces
  • 8ce71b0 chore: get i18n service outside the for loop
  • 1777765 fix: fix boot issue when removing i18n from an app
  • 1663bb2 chore(deps): revert sharp to 0.32.6 (#20066)
  • 2788104 feat(releases): add release column to CM list view (#19926)
  • 4dbfc9c Hide Locale column and grouping option when i18n plugin is not installed (#19358)
  • 68c52dc Chore: Update vite and webpack-dev-middleware (#20037)
  • 2fe3160 Merge branch 'releases/4.22.1' into develop
  • 009bd52 v4.22.1
  • 8a05303 Merge pull request #20041 from strapi/revert/19921
  • 3fe3bbf Chore: Revert #19921
  • 5ab818b test: add e2e tests for CTB restarts from file changes
  • 79f8c92 Merge pull request #19971 from strapi/fix/issue-12225
  • 54c5072 Update packages/core/database/src/query/helpers/where.ts
  • 689d28d Merge pull request #20023 from strapi/chore/ignore-nx-cache
  • faf860c chore: ignore nx cache
  • 117cb87 fix(content-manager): populate media and nested components on cloning (#19958)
  • 488120b Merge pull request #20012 from strapi/chore/labelAction
  • 2106229 Merge branch 'develop' into chore/labelAction
  • 1ce4160 Remove commented action and rename squad
  • 18f20ff remove enhancement
  • 24323ae Fix squad name

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access Control Bypass
🦉 Path Traversal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ykshprskyi @snyk-bot