Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: security upgrade glob from 7.2.3 to 9.0.0 [HEAD-1125] #404

Merged
merged 5 commits into from
Dec 8, 2023
Merged

fix: security upgrade glob from 7.2.3 to 9.0.0 [HEAD-1125] #404

merged 5 commits into from
Dec 8, 2023

Conversation

strassl-snyk
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@strassl-snyk strassl-snyk requested a review from a team as a code owner November 30, 2023 17:45
@cat2608 cat2608 force-pushed the snyk-fix-fb1f3b5267587d721382e86eb1e58dbf branch from d100c66 to cd15de2 Compare December 7, 2023 13:59
@cat2608
chore: remove unused import
57b1bb6
@cat2608
fix: replace glob.sync with globSync from glog upgrade version
937bc9a
@cat2608
fix: use async/await with glob for file resolution in integration tests
3cdc749 
Refactored the test runner to handle promises returned by glob using async/await.
Previously, the glob function's callback pattern was used, which did not properly handle
the promises.
@cat2608
chore: upgrade glob types
97a8d11
@cat2608 cat2608 changed the title [Snyk] Security upgrade glob from 7.2.3 to 9.0.0 fix: security upgrade glob from 7.2.3 to 9.0.0 [HEAD-1125] Dec 7, 2023
cat2608
cat2608 reviewed Dec 7, 2023
View reviewed changes
src/test/integration/index.ts
} catch (err) {
console.error(err);
throw err; // Rethrow the error for the caller to handle
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This refactor was needed after upgrading Glob. It highlighted that the returned Promise was not handled.

@cat2608 cat2608 merged commit 14a7921 into main Dec 8, 2023
6 checks passed
@cat2608 cat2608 deleted the snyk-fix-fb1f3b5267587d721382e86eb1e58dbf branch December 8, 2023 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cat2608 cat2608 cat2608 left review comments

@Avishagp Avishagp Avishagp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@strassl-snyk @cat2608 @Avishagp @snyk-bot