[Snyk] Upgrade eslint-plugin-github from 4.1.3 to 4.10.0 #5

Ganjahmanvenenodedios · 2023-10-05T20:35:44Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade eslint-plugin-github from 4.1.3 to 4.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 22 versions ahead of your current version.
The recommended version was released a month ago, on 2023-08-28.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	35/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 644, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.47, Score Version: V5	No Known Exploit
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	35/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 644, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.47, Score Version: V5	No Known Exploit
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	35/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 644, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.47, Score Version: V5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	35/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 644, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.47, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: eslint-plugin-github

4.10.0 - 2023-08-28
What's Changed
- Update a11y-no-visually-hidden-interactive-element.md by @ kendallgassner in #468
- chore(deps): bump the all-dependencies group with 3 updates by @ dependabot in #469
- chore(deps): bump the all-dependencies group with 6 updates by @ dependabot in #471
- chore(deps): bump the all-dependencies group with 4 updates by @ dependabot in #472
- chore(deps): bump the all-dependencies group with 3 updates by @ dependabot in #473
- chore(deps): bump the all-dependencies group with 4 updates by @ dependabot in #474
- chore(deps): bump the all-dependencies group with 4 updates by @ dependabot in #475
- Override rule config temporarily to address false positive by @ khiga8 in #476
Full Changelog: v4.9.2...v4.10.0
4.9.2 - 2023-07-18
What's Changed
- Use getLiteralPropValue for sr-only class by @ khiga8 in #466
Full Changelog: v4.9.1...v4.9.2
4.9.1 - 2023-07-17
Bug fixes

This release includes bug fixes for a few accessibility rules including: a11y-aria-role-supports-props, a11y-no-title-attribute, and
jsx-a11y/no-interactive-element-to-noninteractive-role.

What's Changed
- Ignore calls to a method named innerText by @ camchenry in #455
- bump prettier and eslint-plugin-prettier to latest versions by @ shiftkey in #457
- chore(deps): bump the all-dependencies group with 5 updates by @ dependabot in #458
- Set config override for false positive rule by @ khiga8 in #460
- Re-introduce accidentally removed testing commands by @ khiga8 in #459
- Fix bugs with getRole and getElementType by @ khiga8 in #461
- [Fix] Only look at semantic elements for a11y-no-title-attribute by @ kendallgassner in #464
- Check for presence of attribute in getRole rather than the value by @ khiga8 in #463
New Contributors
- @ camchenry made their first contribution in #455
- @ shiftkey made their first contribution in #457
Full Changelog: v4.9.0...v4.9.1
4.9.0 - 2023-07-13
What's Changed
- create rule: github/a11y-no-visually-hidden-interactive-element by @ kendallgassner in #446
- Add polymorphic component check in getElementType by @ kendallgassner in #449
- Adds svg-has-accessible-name rule by @ lindseywild in #450
- chore(deps): bump semver from 5.7.1 to 5.7.2 by @ dependabot in #451
- Create rule: a11y-no-title-attribute by @ kendallgassner in #453
- Bump aria-query and update to fix tests by @ khiga8 in #448
- Rename role-supports-aria-props to a11y- by @ khiga8 in #454
New Contributors
- @ kendallgassner made their first contribution in #446
- @ lindseywild made their first contribution in #450
Full Changelog: v4.8.0...v4.9.0
4.8.0 - 2023-06-02
Read more
4.7.0 - 2023-03-23
Read more
4.6.1 - 2023-02-14
What's Changed
- Update events handled by no-useless-passive and require-passive-events by @ boris-petrov in #354
- feat: role-supports-aria-props rule (no aria-label-misuse) by @ smockle in #362
- Updated dependencies
New Contributors
- @ boris-petrov made their first contribution in #354
- @ smockle made their first contribution in #362
Full Changelog: v4.6.0...v4.6.1
4.6.0 - 2022-12-06
What's Changed
- Allow wildcard *.*.* prefix extension by @ theinterned in #357
Full Changelog: v4.5.0...v4.6.0
4.5.0 - 2022-12-06
Read more
4.4.1 - 2022-11-03
Read more
4.4.0 - 2022-10-11
4.3.7 - 2022-07-22
4.3.6 - 2022-03-22
4.3.5 - 2021-11-16
4.3.4 - 2021-11-08
4.3.3 - 2021-10-29
4.3.2 - 2021-10-06
4.3.1 - 2021-10-06
4.3.0 - 2021-09-09
4.2.0 - 2021-08-11
4.1.5 - 2021-07-16
4.1.4 - 2021-07-16
4.1.3 - 2021-04-07

from eslint-plugin-github GitHub release notes

Commit messages

Package name: eslint-plugin-github

baa4a50 Override rule config temporarily to address false positive (Update packages/glob/package-lock.json actions/toolkit#476)
379041a chore(deps): bump the all-dependencies group with 4 updates (Use posix archive format actions/toolkit#475)
b93f04a Merge pull request Remove unnecessary trailing spaces actions/toolkit#474 from github/dependabot/npm_and_yarn/all-dependencies-201a1bced9
32a95b4 chore(deps): bump the all-dependencies group with 4 updates
b662bad Merge pull request Problem matchers which match an invalid file cause annotations to come up as being in the file .github actions/toolkit#473 from github/dependabot/npm_and_yarn/all-dependencies-898afcd72b
cd64c60 chore(deps): bump the all-dependencies group with 3 updates
ed7759f Merge pull request Add hashFiles to the toolkit actions/toolkit#472 from github/dependabot/npm_and_yarn/all-dependencies-d1a59f249a
0b510e4 chore(deps): bump the all-dependencies group with 4 updates
a7db0f5 chore(deps): bump the all-dependencies group with 6 updates (Fix a bug with getCompressionMethod and minor edit to release note actions/toolkit#471)
0f1bd10 Merge pull request Fix two issues related to using zstd compression actions/toolkit#469 from github/dependabot/npm_and_yarn/all-dependencies-2ba8e48a4f
aac2dad chore(deps): bump the all-dependencies group with 3 updates
2a6777e Merge pull request Update @octokit dependencies actions/toolkit#468 from github/kendallgassner-patch-1
6e469d2 prettier;
cce449a clean up;
213894f Update a11y-no-visually-hidden-interactive-element.md
cd17c09 Merge pull request Update Bug Report Template actions/toolkit#466 from github/kh-use-literal-prop-for-class
c2ea115 Use literal prop
dd3cba1 Add failing test case
0c0441f Merge pull request cache.saveCache is not atomic actions/toolkit#463 from github/kh-use-prop-value
8c5f809 Merge branch 'main' into kh-use-prop-value
125ac51 Merge pull request d802066f16d22e actions/toolkit#464 from github/fix-a11y-no-title-attribute
ee9e16d lint
29ead03 add test
b05b0cb Do not look up as prop

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade eslint-plugin-github from 4.1.3 to 4.10.0. See this package in npm: https://www.npmjs.com/package/eslint-plugin-github See this project in Snyk: https://app.snyk.io/org/ganjahmanvenenodedios/project/d1482a42-295a-482f-99a7-9e832897e2ee?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade eslint-plugin-github from 4.1.3 to 4.10.0 #5

[Snyk] Upgrade eslint-plugin-github from 4.1.3 to 4.10.0 #5

Ganjahmanvenenodedios commented Oct 5, 2023

What's Changed

What's Changed

Bug fixes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

[Snyk] Upgrade eslint-plugin-github from 4.1.3 to 4.10.0 #5

Are you sure you want to change the base?

[Snyk] Upgrade eslint-plugin-github from 4.1.3 to 4.10.0 #5

Conversation

Ganjahmanvenenodedios commented Oct 5, 2023

Snyk has created this PR to upgrade eslint-plugin-github from 4.1.3 to 4.10.0.

What's Changed

What's Changed

Bug fixes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed