New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #113

Open

hzhz wants to merge 1 commit into master from snyk-fix-a41ef16dd5decb8a582ffb9f564a99d3

Owner

hzhz commented May 15, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/react-scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

be16e47 v27.0.0
63102ec chore: update changelog for release
564694a docs(blog): Jest 27 blog post (Vulnerability issue of css-what and normalize-url facebook/create-react-app#11131)
b68d91b feat(pretty-print): add option `printBasicPrototype` (unrecognized error facebook/create-react-app#11441)
2226742 chore: minor simplify format results error (CRA is not downloading the latest version of webpack facebook/create-react-app#11432)
78eb25d chore: remove needless assign (Flow Enums support facebook/create-react-app#11433)
696c455 chore: update lockfile after publish
e2eb9ae v27.0.0-next.11
3b253f8 Wait for closed resources to actually close before detecting open handles (I keep having to rm node_modules/.cache/.eslintcache facebook/create-react-app#11429)
27bee72 fix: run GC before collecting open handles (Create React App 5 Alpha facebook/create-react-app#11278)
50451df feat: use fallback if prettier not found (Delete package.json facebook/create-react-app#11400)
150dbd8 chore: update lockfile after publish
6f44529 v27.0.0-next.10
cbcec7d Upgrade fsevents in jest-haste-map (npx creat-react-app project creates lots of error in cmd facebook/create-react-app#11428)
9633a26 feat: support reporters written in ESM (Allow configuring jest's cacheDirectory facebook/create-react-app#11427)
59f42d8 fix: do not cache modules that throw during evaluation (Support for changing the cache location facebook/create-react-app#11263)
57e32e9 Detect open handles with done callbacks (Delete .gitignore facebook/create-react-app#11382)
a397607 Document and test dontThrow for custom inline snapshot matchers (Create React App (CommonJS, ESNext) + Path Alias + Module (Import/Export) + NodeJS + TSConfig.json facebook/create-react-app#10995)
4fa3a0b feat: custom haste (import-plugin-helpers facebook/create-react-app#11107)
2047a36 chore: bump deps (Error Overlay appears on TS compilation errors when TSC_COMPILE_ON_ERROR=true facebook/create-react-app#11419)
a4358d6 chore: run prettier on changelog
bdd6282 Move all default values into `jest-config` (Showing blank page when the site is idle facebook/create-react-app#9924)
db643a1 Link to Jest config (#11106)
b16082c Fix locale issue Use "paths" in tsconfig.json and jsconfig.json facebook/create-react-app#10014 (Bug: when i run react locally the on network ip address is not correct facebook/create-react-app#11412)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption
🦉 Prototype Pollution


          fix: packages/react-scripts/package.json to reduce vulnerabilities

b046bd2

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet