Skip to content
This repository has been archived by the owner on Jul 15, 2024. It is now read-only.

[Snyk] Security upgrade @stoplight/spectral-cli from 6.6.0 to 6.9.0 #124

Merged
merged 1 commit into from
Jul 10, 2024
Merged

[Snyk] Security upgrade @stoplight/spectral-cli from 6.6.0 to 6.9.0 #124

merged 1 commit into from
Jul 10, 2024

Conversation

svcprodsec-sendgrid
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 876/1000
Why? Mature exploit, Has a fix available, CVSS 9.8		 Remote Code Execution (RCE)
SNYK-JS-VM2-5772825		 No Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @stoplight/spectral-cli The new version differs by 94 commits.
  • bddf82e chore(release): 6.9.0 [skip ci]
  • 9b2d347 feat(cli): use hpagent (#2513)
  • ed6b65c build(cli): build nix binaries for both x64 and arm64 (#2492)
  • 890d88c chore(deps): bump word-wrap from 1.2.3 to 1.2.5 (#2514)
  • 86af2af chore(repo): add Node 20.5 to the matrix (#2478)
  • 50d8825 chore(release): 1.18.3 [skip ci]
  • 69403c1 fix(core): pointer in overrides are applied too broadly (#2511)
  • 91bdc88 chore(deps): bump semver from 5.7.1 to 5.7.2 (#2502)
  • 641660c chore(release): 1.0.4 [skip ci]
  • 6f73151 fix(ref-resolver): update @ stoplight/json-ref-resolver from ~3.1.5 to ~3.1.6
  • a3ddee8 chore(release): 1.0.3 [skip ci]
  • e906d20 fix(parsers): update @ stoplight/json from ~3.20.1 to ~3.21.0
  • 13bec9f chore(release): 1.18.2 [skip ci]
  • 46ff8ff test(runtime): update expected values
  • 3b18cbb test(formatters): update expected outputs
  • 758de21 fix(core): dedupe paths containing special characters correctly
  • a79d26a chore(release): 1.18.1 [skip ci]
  • db91553 fix(core): invalid then produced by Rule#toJSON (#2496)
  • ed6e1dc docs(repo): adds json formatter docs (#2481)
  • f7512e5 chore(release): 1.9.4 [skip ci]
  • 89a6a67 fix(ruleset-migrator): correct package.json's browser field (#2497)
  • 39a341c chore(repo): disable scheduled-packages-release
  • 6f392d2 chore(release): 1.1.0 [skip ci]
  • 84faec8 chore(repo): use multi-semantic-release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

@snyk-bot
fix: package.json to reduce vulnerabilities
2b1ccef 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-VM2-5772825
@thinkingserious thinkingserious merged commit bef1536 into main Jul 10, 2024
1 check failed
@thinkingserious thinkingserious deleted the snyk-fix-3e9a298ef560cd6b7d9ce4b080dc0c56 branch July 10, 2024 00:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@thinkingserious thinkingserious thinkingserious approved these changes

@wadethemaker wadethemaker wadethemaker approved these changes

@wadethemaker-work wadethemaker-work wadethemaker-work approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@svcprodsec-sendgrid @thinkingserious @wadethemaker @wadethemaker-work @snyk-bot