Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade execa from 0.6.3 to 0.11.0 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

weinrich15
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade execa from 0.6.3 to 0.11.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 5 years ago, on 2018-08-20.
Release notes
Package name: execa from execa GitHub release notes
Commit messages
Package name: execa

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@weinrich15
Copy link
Owner Author

Logo
Checkmarx One – Scan Summary & Details871a1c9c-6c09-4353-a399-26ef8bf2289e

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2016-10707 Npm-jquery-1.10.2 Vulnerable Package
HIGH CVE-2017-12964 Ruby-sassc-2.4.0 Vulnerable Package
HIGH CVE-2018-20834 Npm-tar-2.2.1 Vulnerable Package
HIGH CVE-2019-13173 Npm-fstream-1.0.11 Vulnerable Package
HIGH CVE-2019-20149 Npm-kind-of-6.0.2 Vulnerable Package
HIGH CVE-2020-28469 Npm-glob-parent-3.1.0 Vulnerable Package
HIGH CVE-2020-28469 Npm-glob-parent-2.0.0 Vulnerable Package
HIGH CVE-2020-8164 Ruby-actionpack-5.1.7 Vulnerable Package
HIGH CVE-2020-8165 Ruby-activesupport-5.1.7 Vulnerable Package
HIGH CVE-2021-22880 Ruby-activerecord-5.1.7 Vulnerable Package
HIGH CVE-2021-22885 Ruby-actionpack-5.1.7 Vulnerable Package
HIGH CVE-2021-22904 Ruby-actionpack-5.1.7 Vulnerable Package
HIGH CVE-2021-29509 Ruby-puma-3.12.6 Vulnerable Package
HIGH CVE-2021-32803 Npm-tar-2.2.1 Vulnerable Package
HIGH CVE-2021-32804 Npm-tar-2.2.1 Vulnerable Package
HIGH CVE-2021-37701 Npm-tar-2.2.1 Vulnerable Package
HIGH CVE-2021-37712 Npm-tar-2.2.1 Vulnerable Package
HIGH CVE-2021-37713 Npm-tar-2.2.1 Vulnerable Package
HIGH CVE-2021-3918 Npm-json-schema-0.2.3 Vulnerable Package
HIGH CVE-2021-43138 Npm-async-1.0.0 Vulnerable Package
HIGH CVE-2021-44906 Npm-minimist-0.0.8 Vulnerable Package
HIGH CVE-2022-0686 Npm-url-parse-1.4.4 Vulnerable Package
HIGH CVE-2022-24790 Ruby-puma-3.12.6 Vulnerable Package
HIGH CVE-2022-24999 Npm-qs-6.5.2 Vulnerable Package
HIGH CVE-2022-25883 Npm-semver-5.6.0 Vulnerable Package
HIGH CVE-2022-30122 Ruby-rack-2.2.3.1 Vulnerable Package
HIGH CVE-2022-32224 Ruby-activerecord-5.1.7 Vulnerable Package
HIGH CVE-2022-3517 Npm-minimatch-3.0.4 Vulnerable Package
HIGH CVE-2022-43357 Ruby-sassc-2.4.0 Vulnerable Package
HIGH CVE-2022-44566 Ruby-activerecord-5.1.7 Vulnerable Package
HIGH CVE-2022-44570 Ruby-rack-2.2.3.1 Vulnerable Package
HIGH CVE-2022-44571 Ruby-rack-2.2.3.1 Vulnerable Package
HIGH CVE-2022-44572 Ruby-rack-2.2.3.1 Vulnerable Package
HIGH CVE-2023-22792 Ruby-actionpack-5.1.7 Vulnerable Package
HIGH CVE-2023-22795 Ruby-actionpack-5.1.7 Vulnerable Package
HIGH CVE-2023-22796 Ruby-activesupport-5.1.7 Vulnerable Package
HIGH CVE-2023-26136 Npm-tough-cookie-2.4.3 Vulnerable Package
HIGH CVE-2023-27530 Ruby-rack-2.2.3.1 Vulnerable Package
HIGH CVE-2023-40175 Ruby-puma-3.12.6 Vulnerable Package
HIGH Cx2d55b83a-7aa0 Npm-braces-1.8.5 Vulnerable Package
HIGH Cx89601373-08db Npm-debug-3.1.0 Vulnerable Package
HIGH Cx8bc4df28-fcf5 Npm-debug-3.1.0 Vulnerable Package
HIGH Cxb3ca64d2-9cd1 Npm-mocha-4.1.0 Vulnerable Package
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6 Vulnerable Package
HIGH Cxf6e7f2c1-dc59 Npm-yauzl-2.10.0 Vulnerable Package
HIGH Missing User Instruction /Dockerfile: 4 A user should be specified in the dockerfile, otherwise the image will run as root
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 6 When installing a package, its pin version should be defined
MEDIUM CVE-2007-2379 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2014-6071 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2015-9251 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2018-1109 Npm-braces-1.8.5 Vulnerable Package
MEDIUM CVE-2019-11358 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2020-11022 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2020-11023 Npm-jquery-1.10.2 Vulnerable Package
MEDIUM CVE-2020-15169 Ruby-actionview-5.1.7 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-6.5.5 Vulnerable Package
MEDIUM CVE-2020-5267 Ruby-actionview-5.1.7 Vulnerable Package
MEDIUM CVE-2020-7598 Npm-minimist-0.0.8 Vulnerable Package
MEDIUM CVE-2020-8124 Npm-url-parse-1.4.4 Vulnerable Package
MEDIUM CVE-2021-27515 Npm-url-parse-1.4.4 Vulnerable Package
MEDIUM CVE-2021-3664 Npm-url-parse-1.4.4 Vulnerable Package
MEDIUM CVE-2022-0512 Npm-url-parse-1.4.4 Vulnerable Package
MEDIUM CVE-2022-0639 Npm-url-parse-1.4.4 Vulnerable Package
MEDIUM CVE-2022-23633 Ruby-actionpack-5.1.7 Vulnerable Package
MEDIUM CVE-2022-23634 Ruby-puma-3.12.6 Vulnerable Package
MEDIUM CVE-2022-27777 Ruby-actionview-5.1.7 Vulnerable Package
MEDIUM CVE-2022-3704 Ruby-actionpack-5.1.7 Vulnerable Package
MEDIUM CVE-2023-23913 Ruby-actionview-5.1.7 Vulnerable Package
MEDIUM CVE-2023-27539 Ruby-rack-2.2.3.1 Vulnerable Package
MEDIUM CVE-2023-28120 Ruby-activesupport-5.1.7 Vulnerable Package
MEDIUM CVE-2023-28155 Npm-request-2.88.0 Vulnerable Package
MEDIUM CVE-2023-28362 Ruby-actionpack-5.1.7 Vulnerable Package
MEDIUM Cx435a6fda-ca38 Npm-commander-2.11.0 Vulnerable Package
MEDIUM Cxf0b588a3-5c6f Npm-jquery-1.10.2 Vulnerable Package
MEDIUM Gem Install Without Version /Dockerfile: 35 Instead of 'gem install ' we should use 'gem install :'
MEDIUM Gem Install Without Version /Dockerfile: 55 Instead of 'gem install ' we should use 'gem install :'
MEDIUM Not Using JSON In CMD And ENTRYPOINT Arguments /Dockerfile: 69 Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments
LOW CVE-2021-41136 Ruby-puma-3.12.6 Vulnerable Package
LOW Healthcheck Instruction Missing /Dockerfile: 4 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Multiple RUN, ADD, COPY, Instructions Listed /Dockerfile: 55 Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support Ruby 2.2 and 64-bit Ruby on Windows
2 participants