Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade uswds from 2.11.2 to 2.12.2 #262

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade uswds from 2.11.2 to 2.12.2 #262

wants to merge 1 commit into from

Conversation

JJediny
Copy link
Member

@JJediny JJediny commented May 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 No No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: uswds The new version differs by 250 commits.
  • b913720 Merge pull request #4377 from uswds/release-2.12.2
  • 3dcf9f9 Create uswds-2.12.2-zip-hash.txt
  • 8d6b61f 2.12.2
  • b20a82e npm audit fix
  • 1d5789b Merge pull request #4376 from uswds/dw-update-references
  • 45c905c Update references to 2.12.2
  • 679369d Merge pull request #4375 from uswds/dw-update-notifications
  • 4e34998 Add notification about tooltip content
  • 2d24b92 Merge pull request #4373 from uswds/jm-update-deps
  • 3464df5 Update peer dependencies.
  • ef2d2fb Merge pull request #4313 from mahoneycm/cm-file-upload-test
  • fa8939b Merge branch 'develop' into cm-file-upload-test
  • 2c832b3 Merge pull request #4342 from aduth/aduth-rm-input-inline
  • 36b25d6 Merge pull request #4329 from uswds/gsq-xss-audit
  • 2d5b4b3 Merge pull request #4345 from fpigeonjr/patch-2
  • 9da0b06 Merge pull request #4349 from aduth/aduth-del-dev-dependency
  • 187c74c typo
  • ff30ee4 Merge branch 'develop' of github.com:uswds/uswds into gsq-xss-audit
  • 2065553 Move del to devDependencies
  • 37bce34 Merge branch 'gsq-xss-audit' of github.com:uswds/uswds into gsq-xss-audit
  • 07f9573 confirms aria-label returns as string
  • 03b45af updates MEDCoE sites
  • 3e6828f Run prettier on component js.
  • 2e19f8e Run prettier on unit tests.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JJediny @snyk-bot