Skip to content

[Snyk] Fix for 1 vulnerabilities#522

Closed
snyk-bot wants to merge 3 commits intomasterfrom
snyk-fix-3fa1837d0c05a9992f74ad349b9b5f69
Closed

[Snyk] Fix for 1 vulnerabilities#522
snyk-bot wants to merge 3 commits intomasterfrom
snyk-fix-3fa1837d0c05a9992f74ad349b9b5f69

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Jan 21, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • jhipster-modules/jhipster-uaa/gateway/package.json
    • jhipster-modules/jhipster-uaa/gateway/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: generator-jhipster The new version differs by 250 commits.
  • db02a7f Release v7.9.0
  • 933d19a Merge pull request #19290 from jhipster/dependabot/npm_and_yarn/generators/client/templates/vue/types/node-16.11.47
  • e41ba32 Merge pull request #19289 from jhipster/dependabot/npm_and_yarn/generators/client/templates/vue/autoprefixer-10.4.8
  • c5f990d chore(deps-dev): bump @ types/node in /generators/client/templates/vue
  • 5277a91 Merge pull request #19288 from jhipster/dependabot/npm_and_yarn/generators/client/templates/angular/types/node-16.11.47
  • a9f200a Merge pull request #19280 from jhipster/dependabot/npm_and_yarn/yeoman-environment-3.10.0
  • 7edbc17 chore(deps-dev): bump autoprefixer in /generators/client/templates/vue
  • 43e7176 chore(deps-dev): bump @ types/node
  • 6dcfe17 Merge pull request #19287 from jhipster/dependabot/npm_and_yarn/generators/client/templates/react/core-js-3.24.1
  • eb85cd9 Merge pull request #19285 from jhipster/dependabot/npm_and_yarn/generators/client/templates/react/types/node-16.11.47
  • e0781f7 Merge pull request #19286 from jhipster/dependabot/npm_and_yarn/generators/client/templates/angular/ngx-cookie-service-14.0.1
  • 8c7e763 Merge pull request #19283 from jhipster/dependabot/npm_and_yarn/generators/client/templates/react/react-transition-group-4.4.4
  • 6bd62a8 Merge pull request Create InterceptingClientHttpRequestTest.java BAEL-8373 Support Request Attributes in RestClient  eugenp/tutorials#18384 from anarsultanov/main
  • efb5d0a Merge pull request #19284 from jhipster/dependabot/npm_and_yarn/generators/client/templates/react/autoprefixer-10.4.8
  • dce48f9 Merge pull request #19282 from jhipster/dependabot/npm_and_yarn/aws-sdk-2.1185.0
  • f08dac0 chore(deps): bump yeoman-environment from 3.9.1 to 3.10.0
  • 55dc215 Merge pull request #19281 from jhipster/dependabot/npm_and_yarn/conf-10.2.0
  • 09a1744 Merge pull request #19279 from jhipster/dependabot/npm_and_yarn/simple-git-3.11.0
  • f2b7262 Merge pull request #19278 from jhipster/dependabot/npm_and_yarn/yeoman-generator-5.7.0
  • 32372a4 chore(deps-dev): bump core-js in /generators/client/templates/react
  • ad70dcc chore(deps): bump ngx-cookie-service
  • 589585a chore(deps-dev): bump @ types/node in /generators/client/templates/react
  • 6066769 chore(deps-dev): bump autoprefixer in /generators/client/templates/react
  • 5a2c07a chore(deps): bump react-transition-group

See the full diff

Package name: webpack-cli The new version differs by 20 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

Centaurioun and others added 3 commits January 11, 2023 20:12
@Centaurioun @snyk-bot
fix: json-modules/json/src/main/webapp/package.json to reduce vulnera…
af59c74 
…bilities (#425)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Centaurioun
ci(Mergify): configuration update (#443)
10f5ee8 
Signed-off-by: null <null>

Signed-off-by: null <null>
@snyk-bot
fix: jhipster-modules/jhipster-uaa/gateway/package.json & jhipster-mo…
e1351c6 
…dules/jhipster-uaa/gateway/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EJS-2803307
@restyled-io restyled-io bot mentioned this pull request Jan 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot @Centaurioun