Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @aws-sdk/client-ses from 3.348.0 to 3.350.0 #941

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade @aws-sdk/client-ses from 3.348.0 to 3.350.0 #941

wants to merge 1 commit into from

Conversation

k2xl
Copy link
Collaborator

@k2xl k2xl commented Jul 2, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @aws-sdk/client-ses from 3.348.0 to 3.350.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 23 days ago, on 2023-06-09.
Release notes
Package name: @aws-sdk/client-ses
  • 3.350.0 - 2023-06-09

    3.350.0(2023-06-09)

    Documentation Changes
    • client-acm-pca: Document-only update to refresh CLI documentation for AWS Private CA. No change to the service. (72364d27)
    New Features
    • client-connect: This release adds search APIs for Prompts, Quick Connects and Hours of Operations, which can be used to search for those resources within a Connect Instance. (37fc985c)
    Bug Fixes
    • node-http-handler: stop waiting for continue event on error (#4805) (20a210e1)

    For list of updated packages, view updated-packages.md in assets-3.350.0.zip

  • 3.348.0 - 2023-06-07

    3.348.0(2023-06-07)

    Documentation Changes
    • client-direct-connect: This update corrects the jumbo frames mtu values from 9100 to 8500 for transit virtual interfaces. (f96195ba)
    New Features
    • client-customer-profiles: This release introduces event stream related APIs. (52630226)
    • client-cloudformation: AWS CloudFormation StackSets is updating the deployment experience for all stackset operations to skip suspended AWS accounts during deployments. StackSets will skip target AWS accounts that are suspended and set the Detailed Status of the corresponding stack instances as SKIPPED_SUSPENDED_ACCOUNT (83514dbf)
    • client-emr-containers: EMR on EKS adds support for log rotation of Spark container logs with EMR-6.11.0 onwards, to the StartJobRun API. (9a4e1431)
    • client-cloudwatch-logs: This change adds support for account level data protection policies using 3 new APIs, PutAccountPolicy, DeleteAccountPolicy and DescribeAccountPolicy. DescribeLogGroup API has been modified to indicate if account level policy is applied to the LogGroup via "inheritedProperties" list in the response. (d6b00582)
    • client-iotdeviceadvisor: AWS IoT Core Device Advisor now supports new Qualification Suite test case list. With this update, customers can more easily create new qualification test suite with an empty rootGroup input. (1f9abd0f)
    Bug Fixes
    • node-http-handler: begin socket timeout countdown before socket event (#4804) (f5ce61a9)
    • middleware-websocket: update eventStreamHandler to use MessageSigner (#4803) (d8317fef)

    For list of updated packages, view updated-packages.md in assets-3.348.0.zip

from @aws-sdk/client-ses GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@github-actions
Copy link

github-actions bot commented Jul 2, 2023 

# npm audit report

fast-xml-parser  4.2.4
fast-xml-parser regex vulnerability patch could be improved from a safety perspective - https://github.com/advisories/GHSA-gpv5-7x3g-ghjv
fix available via `npm audit fix`
node_modules/fast-xml-parser
  @aws-sdk/client-ses  3.347.1 - 3.358.0
  Depends on vulnerable versions of @aws-sdk/client-sts
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@aws-sdk/client-ses
  @aws-sdk/client-sts  3.54.2 || 3.186.2 || 3.335.1 || 3.347.1 - 3.358.0
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@aws-sdk/client-ses/node_modules/@aws-sdk/client-sts
  node_modules/@aws-sdk/client-sts
    @aws-sdk/client-cognito-identity  3.54.2 || 3.347.1 - 3.358.0
    Depends on vulnerable versions of @aws-sdk/client-sts
    node_modules/@aws-sdk/client-cognito-identity
      @aws-sdk/credential-provider-cognito-identity  3.347.1 - 3.358.0
      Depends on vulnerable versions of @aws-sdk/client-cognito-identity
      node_modules/@aws-sdk/credential-provider-cognito-identity
    @aws-sdk/credential-providers  3.347.1 - 3.358.0
    Depends on vulnerable versions of @aws-sdk/client-cognito-identity
    Depends on vulnerable versions of @aws-sdk/client-sts
    Depends on vulnerable versions of @aws-sdk/credential-provider-cognito-identity
    node_modules/@aws-sdk/credential-providers

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/@newrelic/native-metrics/node_modules/semver
node_modules/@newrelic/next/node_modules/semver
node_modules/@typescript-eslint/eslint-plugin/node_modules/semver
node_modules/@typescript-eslint/typescript-estree/node_modules/semver
node_modules/@typescript-eslint/utils/node_modules/semver
node_modules/jest-snapshot/node_modules/semver
node_modules/jsonwebtoken/node_modules/semver
node_modules/mongodb-memory-server-core/node_modules/semver
node_modules/newrelic/node_modules/semver
node_modules/node-abi/node_modules/semver
node_modules/protobufjs-cli/node_modules/semver
node_modules/semver
node_modules/sharp/node_modules/semver
node_modules/ts-jest/node_modules/semver
  @babel/core  *
  Depends on vulnerable versions of @babel/helper-compilation-targets
  Depends on vulnerable versions of semver
  node_modules/@babel/core
    @babel/helper-compilation-targets  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-compilation-targets
      @babel/plugin-transform-classes  >=7.19.0
      Depends on vulnerable versions of @babel/helper-compilation-targets
      node_modules/@babel/plugin-transform-classes
        @babel/preset-env  *
        Depends on vulnerable versions of @babel/helper-compilation-targets
        Depends on vulnerable versions of @babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression
        Depends on vulnerable versions of @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
        Depends on vulnerable versions of @babel/plugin-syntax-unicode-sets-regex
        Depends on vulnerable versions of @babel/plugin-transform-async-generator-functions
        Depends on vulnerable versions of @babel/plugin-transform-async-to-generator
        Depends on vulnerable versions of @babel/plugin-transform-class-properties
        Depends on vulnerable versions of @babel/plugin-transform-class-static-block
        Depends on vulnerable versions of @babel/plugin-transform-classes
        Depends on vulnerable versions of @babel/plugin-transform-function-name
        Depends on vulnerable versions of @babel/plugin-transform-named-capturing-groups-regex
        Depends on vulnerable versions of @babel/plugin-transform-object-rest-spread
        Depends on vulnerable versions of @babel/plugin-transform-private-methods
        Depends on vulnerable versions of @babel/plugin-transform-private-property-in-object
        Depends on vulnerable versions of @babel/plugin-transform-unicode-property-regex
        Depends on vulnerable versions of @babel/plugin-transform-unicode-sets-regex
        Depends on vulnerable versions of babel-plugin-polyfill-corejs2
        Depends on vulnerable versions of babel-plugin-polyfill-corejs3
        Depends on vulnerable versions of babel-plugin-polyfill-regenerator
        Depends on vulnerable versions of semver
        node_modules/@babel/preset-env
      @babel/plugin-transform-function-name  >=7.16.7
      Depends on vulnerable versions of @babel/helper-compilation-targets
      node_modules/@babel/plugin-transform-function-name
      @babel/plugin-transform-object-rest-spread  *
      Depends on vulnerable versions of @babel/helper-compilation-targets
      node_modules/@babel/plugin-transform-object-rest-spread
    @babel/helper-create-class-features-plugin  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-create-class-features-plugin
      @babel/plugin-transform-class-properties  *
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-class-properties
      @babel/plugin-transform-class-static-block  *
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-class-static-block
      @babel/plugin-transform-private-methods  *
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-private-methods
      @babel/plugin-transform-private-property-in-object  *
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-private-property-in-object
    @babel/helper-create-regexp-features-plugin  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-create-regexp-features-plugin
      @babel/plugin-transform-named-capturing-groups-regex  *
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of @babel/helper-create-regexp-features-plugin
      node_modules/@babel/plugin-transform-named-capturing-groups-regex
      @babel/plugin-transform-unicode-property-regex  *
      Depends on vulnerable versions of @babel/helper-create-regexp-features-plugin
      node_modules/@babel/plugin-transform-unicode-property-regex
      @babel/plugin-transform-unicode-sets-regex  *
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of @babel/helper-create-regexp-features-plugin
      node_modules/@babel/plugin-transform-unicode-sets-regex
    @babel/helper-remap-async-to-generator  >=7.18.6
    Depends on vulnerable versions of @babel/core
    node_modules/@babel/helper-remap-async-to-generator
      @babel/plugin-transform-async-generator-functions  *
      Depends on vulnerable versions of @babel/helper-remap-async-to-generator
      node_modules/@babel/plugin-transform-async-generator-functions
      @babel/plugin-transform-async-to-generator  >=7.18.6
      Depends on vulnerable versions of @babel/helper-remap-async-to-generator
      node_modules/@babel/plugin-transform-async-to-generator
    @babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression  *
    Depends on vulnerable versions of @babel/core
    node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression
    @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining  *
    Depends on vulnerable versions of @babel/core
    node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
    @babel/plugin-syntax-unicode-sets-regex  *
    Depends on vulnerable versions of @babel/core
    node_modules/@babel/plugin-syntax-unicode-sets-regex
    @jest/transform  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of babel-plugin-istanbul
    node_modules/@jest/transform
      babel-jest  >=18.5.0-alpha.7da3df39
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of babel-plugin-istanbul
      Depends on vulnerable versions of babel-preset-jest
      node_modules/babel-jest
        ts-jest  >=25.10.0-alpha.1
        Depends on vulnerable versions of babel-jest
        Depends on vulnerable versions of jest
        node_modules/ts-jest
      jest-runner  >=27.0.0-next.0
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of jest-runtime
      node_modules/jest-runner
        jest-config  >=24.0.0-alpha.0
        Depends on vulnerable versions of @babel/core
        Depends on vulnerable versions of babel-jest
        Depends on vulnerable versions of jest-circus
        Depends on vulnerable versions of jest-runner
        node_modules/jest-config
          jest-cli  >=24.0.0-alpha.0
          Depends on vulnerable versions of @jest/core
          Depends on vulnerable versions of jest-config
          node_modules/jest-cli
            jest  >=24.0.0-alpha.0
            Depends on vulnerable versions of @jest/core
            Depends on vulnerable versions of jest-cli
            node_modules/jest
      jest-runtime  >=24.2.0-alpha.0
      Depends on vulnerable versions of @jest/globals
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of jest-snapshot
      node_modules/jest-runtime
    babel-preset-current-node-syntax  *
    Depends on vulnerable versions of @babel/core
    node_modules/babel-preset-current-node-syntax
      babel-preset-jest  >=24.2.0-alpha.0
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of babel-preset-current-node-syntax
      node_modules/babel-preset-jest
    istanbul-lib-instrument  >=1.2.0
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/istanbul-lib-instrument
      @jest/reporters  *
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of istanbul-lib-instrument
      Depends on vulnerable versions of istanbul-lib-report
      Depends on vulnerable versions of istanbul-reports
      node_modules/@jest/reporters
        @jest/core  *
        Depends on vulnerable versions of @jest/reporters
        Depends on vulnerable versions of @jest/transform
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-resolve-dependencies
        Depends on vulnerable versions of jest-runner
        Depends on vulnerable versions of jest-runtime
        Depends on vulnerable versions of jest-snapshot
        node_modules/@jest/core
      babel-plugin-istanbul  >=3.1.0-candidate.0
      Depends on vulnerable versions of istanbul-lib-instrument
      node_modules/babel-plugin-istanbul
    jest-snapshot  >=27.0.0-next.0
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of @jest/transform
    Depends on vulnerable versions of babel-preset-current-node-syntax
    node_modules/jest-snapshot
      @jest/expect  *
      Depends on vulnerable versions of jest-snapshot
      node_modules/@jest/expect
        @jest/globals  >=28.0.0-alpha.0
        Depends on vulnerable versions of @jest/expect
        node_modules/@jest/globals
        jest-circus  >=27.0.0-next.0
        Depends on vulnerable versions of @jest/expect
        Depends on vulnerable versions of jest-runtime
        Depends on vulnerable versions of jest-snapshot
        node_modules/jest-circus
      jest-resolve-dependencies  >=27.0.0-next.0
      Depends on vulnerable versions of jest-snapshot
      node_modules/jest-resolve-dependencies
  @babel/helper-define-polyfill-provider  *
  Depends on vulnerable versions of @babel/core
  Depends on vulnerable versions of @babel/helper-compilation-targets
  Depends on vulnerable versions of semver
  node_modules/@babel/helper-define-polyfill-provider
    babel-plugin-polyfill-corejs3  >=0.0.1
    Depends on vulnerable versions of @babel/helper-define-polyfill-provider
    node_modules/babel-plugin-polyfill-corejs3
    babel-plugin-polyfill-regenerator  >=0.0.1
    Depends on vulnerable versions of @babel/helper-define-polyfill-provider
    node_modules/babel-plugin-polyfill-regenerator
  @newrelic/native-metrics  3.1.1 - 9.0.0
  Depends on vulnerable versions of semver
  node_modules/@newrelic/native-metrics
  babel-plugin-polyfill-corejs2  >=0.0.1
  Depends on vulnerable versions of @babel/helper-define-polyfill-provider
  Depends on vulnerable versions of semver
  node_modules/babel-plugin-polyfill-corejs2
  eslint-plugin-import  >=2.27.4
  Depends on vulnerable versions of semver
  node_modules/eslint-plugin-import
  eslint-plugin-jsx-a11y  >=6.6.0
  Depends on vulnerable versions of semver
  node_modules/eslint-plugin-jsx-a11y
  eslint-plugin-react  7.19.0 || >=7.26.0
  Depends on vulnerable versions of semver
  node_modules/eslint-plugin-react
    eslint-config-next  >=12.0.5-canary.0
    Depends on vulnerable versions of eslint-plugin-react
    node_modules/eslint-config-next
  make-dir  2.0.0 - 3.1.0
  Depends on vulnerable versions of semver
  node_modules/make-dir
    find-cache-dir  2.1.0 - 3.3.2
    Depends on vulnerable versions of make-dir
    node_modules/find-cache-dir
      mongodb-memory-server-core  >=5.1.3
      Depends on vulnerable versions of find-cache-dir
      node_modules/mongodb-memory-server-core
        mongodb-memory-server  >=5.1.3
        Depends on vulnerable versions of mongodb-memory-server-core
        node_modules/mongodb-memory-server
    istanbul-lib-report  >=2.0.5
    Depends on vulnerable versions of make-dir
    node_modules/istanbul-lib-report
      istanbul-reports  >=3.0.0-alpha.0
      Depends on vulnerable versions of istanbul-lib-report
      node_modules/istanbul-reports
  newrelic  1.15.1 - 10.3.0
  Depends on vulnerable versions of semver
  node_modules/newrelic

word-wrap  *
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
  optionator  0.8.3 - 0.9.1
  Depends on vulnerable versions of word-wrap
  node_modules/escodegen/node_modules/optionator
  node_modules/optionator

65 vulnerabilities (6 low, 59 moderate)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

@codecov
Copy link

codecov bot commented Jul 2, 2023

Codecov Report

Patch coverage has no change and project coverage change: -48.59 ⚠️

Comparison is base (9e32db5) 88.62% compared to head (d3607a5) 40.03%.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main     #941       +/-   ##
===========================================
- Coverage   88.62%   40.03%   -48.59%     
===========================================
  Files         175      175               
  Lines        4668     4668               
  Branches      951      951               
===========================================
- Hits         4137     1869     -2268     
- Misses        506     2577     +2071     
- Partials       25      222      +197

see 89 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@sspenst sspenst closed this Jul 5, 2023
@sspenst sspenst deleted the snyk-upgrade-bce9c17462aa5895b60f8d01d6156b35 branch July 5, 2023 21:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@k2xl @sspenst @snyk-bot