Conversation
Bumps [cloudflare/cloudflare](https://github.com/cloudflare/terraform-provider-cloudflare) from 2.24.0 to 2.25.0. - [Release notes](https://github.com/cloudflare/terraform-provider-cloudflare/releases) - [Changelog](https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/CHANGELOG.md) - [Commits](cloudflare/terraform-provider-cloudflare@v2.24.0...v2.25.0) --- updated-dependencies: - dependency-name: cloudflare/cloudflare dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…mpose # Conflicts: # app/client/src/commonMain/kotlin/service/LibraryServiceImpl.kt # app/client/src/commonMain/kotlin/store/thunk/AppThunk.kt
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://gentle-mud-0876db203-92.westeurope.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://gentle-mud-0876db203-92.westeurope.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://gentle-mud-0876db203-92.westeurope.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://gentle-mud-0876db203-92.westeurope.azurestaticapps.net |
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://gentle-mud-0876db203-92.westeurope.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://gentle-mud-0876db203-92.westeurope.azurestaticapps.net |
kotlin-js-store/yarn.lock
Outdated
| minimatch "^3.0.4" | ||
| webpack-merge "^4.1.5" | ||
|
|
||
| karma@6.3.16: |
There was a problem hiding this comment.
Severe OSS Vulnerability:
pkg:npm/karma@6.3.16
0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/ua-parser-js@0.7.31
SEVERE Vulnerabilities (1)
[sonatype-2018-0272] CWE-185: Incorrect Regular Expression
ua-parser-js - Regular Expression Denial of Service (ReDoS)
The software specifies a regular expression in a way that causes data to be improperly matched or compared.
CVSS Score: 5.9
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-185
Reply with "@sonatype-lift help" for more info.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
kotlin-js-store/yarn.lock
Outdated
| dependencies: | ||
| minimist "^1.2.6" | ||
|
|
||
| mocha@9.2.1: |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:npm/mocha@9.2.1
4 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 3 dependencies
Components
pkg:npm/mocha@9.2.1
CRITICAL Vulnerabilities (2)
sonatype-2021-1683
[sonatype-2021-1683] Unknown
mocha - Regular Expression Denial of Service (ReDoS)
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
sonatype-2021-4946
[sonatype-2021-4946] Unknown
mocha - Regular Expression Denial of Service (ReDoS)
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
pkg:npm/flat@5.0.2
CRITICAL Vulnerabilities (1)
[sonatype-2020-0889] CWE-471: Modification of Assumed-Immutable Data (MAID)
flat - Prototype Pollution
The software does not properly protect an assumed-immutable element from being modified by an attacker.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-471
pkg:npm/minimatch@3.0.4
CRITICAL Vulnerabilities (1)
[sonatype-2021-4879] Unknown
minimatch - Regular Expression Denial of Service (ReDoS)
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
Reply with "@sonatype-lift help" for more info.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
kotlin-js-store/yarn.lock
Outdated
| range-parser "^1.2.1" | ||
| schema-utils "^4.0.0" | ||
|
|
||
| webpack-dev-server@4.7.4: |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:npm/webpack-dev-server@4.7.4
1 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/express@4.18.1
CRITICAL Vulnerabilities (1)
[sonatype-2012-0022] CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
expressjs - HTTP Splitting Attack
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CVSS Score: 7.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-113
SEVERE Vulnerabilities (1)
[sonatype-2021-0078] CWE-23: Relative Path Traversal
express + hbs - Local File Read via Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory.
CVSS Score: 5.9
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-23
Reply with "@sonatype-lift help" for more info.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
1 participant
Closes #61