[Snyk] Upgrade @cyclonedx/cyclonedx-npm from 1.16.1 to 1.19.3 #114
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade @cyclonedx/cyclonedx-npm from 1.16.1 to 1.19.3. See this package in npm: @cyclonedx/cyclonedx-npm See this project in Snyk: https://app.snyk.io/org/mihikanigam/project/53dfe3f2-496c-46a6-bf3f-68f2be7f7016?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @cyclonedx/cyclonedx-npm from 1.16.1 to 1.19.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 6 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-7361793
SNYK-JS-BRACES-6838727
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
SNYK-JS-WS-7266574
SNYK-JS-WS-7266574
SNYK-JS-CYCLONEDXCYCLONEDXLIBRARY-6820989
SNYK-JS-LIBXMLJS2-6808810
SNYK-JS-LIBXMLJS2-6808816
SNYK-JS-MICROMATCH-6838728
SNYK-JS-RAILROADDIAGRAMS-6282875
SNYK-JS-TAR-6476909
SNYK-JS-EJS-6689533
SNYK-JS-EXPRESS-6474509
SNYK-JS-FOLLOWREDIRECTS-6444610
Release notes
Package name: @cyclonedx/cyclonedx-npm
-
1.19.3 - 2024-07-15
- Raised runtime dependency
- Use TypeScript
- Raised runtime dependency
- chore(deps): bum
- chore(deps-dev): bump typescript from 5.4.5 to 5.5.3 in the typescript group across 1 directory by @ dependabot in #1201
-
1.19.2 - 2024-07-10
- CycloneDX
- CycloneDX property
- tests: tests are less noisy by @ jkowalleck in #1194
- tests: more tests by @ jkowalleck in #1195
- fix: path property on windows by @ jkowalleck in #1203
- fix: vcs url git ssh by @ jkowalleck in #1202
-
1.19.0 - 2024-06-01
- Try to sanitize distribution URLs (via #1187, #1191)
- More debug output when it comes to package manifest loading (via #1189)
- Added direct dependency
- test: alternative package registry by @ jkowalleck in #1186
- feat: try sanitize dist urls by @ jkowalleck in #1187
- feat: more debug when loading package manifests by @ jkowalleck in #1189
- feat: git url sanitation by @ jkowalleck in #1191
-
1.18.0 - 2024-05-08
- Licenses acknowledgement might be populated (#1171 via #1183)
- Raised dependency
- chore(ci): fix macos runners by @ jkowalleck in #1176
- ci: modernize artifact action by @ jkowalleck in #1178
- ci: use node22 by @ jkowalleck in #1179
- chore: reduce duplicate test beds by @ jkowalleck in #1181
- feat: license acknowledgement by @ jkowalleck in #1183
-
1.17.0 - 2024-04-23
- This tool explicitly supports CycloneDX Specification-1.6 now (via #1175)
- CLI switch
- Use TypeScript
- docs: add CycloneDX 1.6 to README by @ XSpielinbox in #1174
- feat: explicitely support CycloneDX 1.6 by @ jkowalleck in #1175
- chore(deps-dev): bump typescript from 5.4.2 to 5.4.5 in the typescript group by @ dependabot in #1167
- @ XSpielinbox made their first contribution in #1174
-
1.16.2 - 2024-03-19
- Applied latest code standards (via #1149)
- Use TypeScript
- refactor: fix typescript-eslint annotations by @ jkowalleck in #1146
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1149
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1152
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1157
- tests: run with latest CDX spec-version by @ jkowalleck in #1158
- chore(deps): bump softprops/action-gh-release from 1 to 2 by @ dependabot in #1159
- chore(deps-dev): bump the typescript group with 1 update by @ dependabot in #1160
-
1.16.1 - 2024-01-11
- Fixed
- Writing large results to buffered streams no longer drops data, but retries until success (via #1145)
- Docs
- Showcase programmatic CLI usage (#1142 via #1145)
- chore(deps-dev): bump the eslint group with 2 updates by @ dependabot in #1139
- fix: large results on small streams by @ jkowalleck in #1145
from @cyclonedx/cyclonedx-npm GitHub release notesDependencies
@ cyclonedx/cyclonedx-library@^6.11.0, was@^6.6.0(via #1205)This was done to incorporate non-breaking upstream changes and fixes.
Build
v5.5.3now, wasv5.4.5(via #1201)What's Changed
@ cyclonedx/cyclonedx-library@^6.11.0by @ jkowalleck in #1205eslint-plugin-simple-import-sort@12.1.1by @ jkowalleck in #1206Full Changelog: v1.19.2...v1.19.3
Fixed
externalReferences forvcstype (#1198 via #1202)cdx:npm:package:path's value on Windows systems (via #1203)What's Changed
Full Changelog: v1.19.0...v1.19.2
Changed
Added
Misc
hosted-git-info@^4||^5||^6||^7(via #1191)This is also a transitive dependency via already existing direct dependency
normalize-package-data.What's Changed
Full Changelog: v1.18.0...v1.19.0
Added
Misc
@ cyclonedx/cyclonedx-library@^6.6.0, was@^6.5.0(via #1183)What's Changed
Full Changelog: v1.17.0...v1.18.0
Added support for CycloneDX Specification-1.6.
Changed
Added
--spec-versionnow supports value1.6to reflect CycloneDX Specification-1.6 (via #1175)Default value for that option is unchanged - still
1.4.Build
v5.4.5now, wasv5.4.2(via #1167)What's Changed
New Contributors
Full Changelog: v1.16.2...v1.17.0
Style
Build
v5.4.2now, wasv5.3.3(via #1160)What's Changed
Full Changelog: v1.16.1...v1.16.2
What's Changed
Full Changelog: v1.16.0...v1.16.1
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"cyclonedx/cyclonedx-npm","to":"cyclonedx/cyclonedx-npm"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-AXIOS-7361793","issue_id":"SNYK-JS-AXIOS-7361793","priority_score":833,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","issue_id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":477,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-CYCLONEDXCYCLONEDXLIBRARY-6820989","issue_id":"SNYK-JS-CYCLONEDXCYCLONEDXLIBRARY-6820989","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"XML External Entity (XXE) Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LIBXMLJS2-6808810","issue_id":"SNYK-JS-LIBXMLJS2-6808810","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Type Confusion"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LIBXMLJS2-6808816","issue_id":"SNYK-JS-LIBXMLJS2-6808816","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Type Confusion"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-RAILROADDIAGRAMS-6282875","issue_id":"SNYK-JS-RAILROADDIAGRAMS-6282875","priority_score":270,"priority_score_factors":[{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EJS-6689533","issue_id":"SNYK-JS-EJS-6689533","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Control of Dynamically-Managed Code Resources"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":305,"priority_score_factors":[{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"}],"prId":"9eb72665-a7b1-47d7-8788-5269a4656610","prPublicId":"9eb72665-a7b1-47d7-8788-5269a4656610","packageManager":"npm","priorityScoreList":[833,482,477,482,512,512,512,375,270,432,265,305,432],"projectPublicId":"53dfe3f2-496c-46a6-bf3f-68f2be7f7016","projectUrl":"https://app.snyk.io/org/mihikanigam/project/53dfe3f2-496c-46a6-bf3f-68f2be7f7016?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-AXIOS-7361793","SNYK-JS-BRACES-6838727","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574","SNYK-JS-WS-7266574","SNYK-JS-CYCLONEDXCYCLONEDXLIBRARY-6820989","SNYK-JS-LIBXMLJS2-6808810","SNYK-JS-LIBXMLJS2-6808816","SNYK-JS-MICROMATCH-6838728","SNYK-JS-RAILROADDIAGRAMS-6282875","SNYK-JS-TAR-6476909","SNYK-JS-EJS-6689533","SNYK-JS-EXPRESS-6474509","SNYK-JS-FOLLOWREDIRECTS-6444610"],"upgradeInfo":{"versionsDiff":6,"publishedDate":"2024-07-15T13:01:23.244Z"},"vulns":["SNYK-JS-AXIOS-7361793","SNYK-JS-BRACES-6838727","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574","SNYK-JS-WS-7266574","SNYK-JS-CYCLONEDXCYCLONEDXLIBRARY-6820989","SNYK-JS-LIBXMLJS2-6808810","SNYK-JS-LIBXMLJS2-6808816","SNYK-JS-MICROMATCH-6838728","SNYK-JS-RAILROADDIAGRAMS-6282875","SNYK-JS-TAR-6476909","SNYK-JS-EJS-6689533","SNYK-JS-EXPRESS-6474509","SNYK-JS-FOLLOWREDIRECTS-6444610"]}'