Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: [Snyk] Security upgrade express from 4.19.2 to 4.21.0 in packages/graphql #30225

Merged
merged 3 commits into from
Sep 23, 2024

Conversation

jennifer-shehane
Copy link
Member

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • packages/graphql/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860
  696  
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867
  541  
low severity Cross-site Scripting
SNYK-JS-SEND-7926862
  391  
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865
  391  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

@jennifer-shehane jennifer-shehane changed the title [Snyk] Security upgrade express from 4.19.2 to 4.21.0 chore: [Snyk] Security upgrade express from 4.19.2 to 4.21.0 Sep 12, 2024
@jennifer-shehane jennifer-shehane changed the title chore: [Snyk] Security upgrade express from 4.19.2 to 4.21.0 chore: [Snyk] Security upgrade express from 4.19.2 to 4.21.0 in packages/graphql Sep 12, 2024
Copy link

cypress bot commented Sep 12, 2024

cypress    Run #57068

Run Properties:  status check passed Passed #57068  •  git commit ce08b3a068: Merge branch 'develop' into snyk-fix-98aa4b227c9cc28ee655d85417156a14
Project cypress
Branch Review snyk-fix-98aa4b227c9cc28ee655d85417156a14
Run status status check passed Passed #57068
Run duration 12m 48s
Commit git commit ce08b3a068: Merge branch 'develop' into snyk-fix-98aa4b227c9cc28ee655d85417156a14
Committer Jennifer Shehane
View all properties for this run ↗︎

Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 4
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 233
View all changes introduced in this branch ↗︎
UI Coverage  67.9%
  Untested elements 24  
  Tested elements 55  
Accessibility  96.4%
  Failed rules  0 critical   6 serious   1 moderate   0 minor
  Failed elements 208  

@jennifer-shehane jennifer-shehane self-assigned this Sep 17, 2024
@jennifer-shehane jennifer-shehane merged commit 954cc50 into develop Sep 23, 2024
85 of 86 checks passed
@jennifer-shehane jennifer-shehane deleted the snyk-fix-98aa4b227c9cc28ee655d85417156a14 branch September 23, 2024 15:28
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Sep 25, 2024

Released in 13.15.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v13.15.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Sep 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants