Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: babel-jest, , focus-visible, module-alias, polished, react-router-dom, snyk, styled-components #248

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jesusidev
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

babel-jest
from 27.2.0 to 27.5.1 | 15 versions ahead of your current version | 3 years ago
on 2022-02-08
@types/styled-components
from 5.1.14 to 5.1.34 | 20 versions ahead of your current version | 9 months ago
on 2023-12-06
focus-visible
from 5.2.0 to 5.2.1 | 1 version ahead of your current version | a month ago
on 2024-08-12
module-alias
from 2.2.2 to 2.2.3 | 1 version ahead of your current version | a year ago
on 2023-06-03
polished
from 4.1.3 to 4.3.1 | 6 versions ahead of your current version | 7 months ago
on 2024-02-01
react-router-dom
from 5.3.0 to 5.3.4 | 4 versions ahead of your current version | 2 years ago
on 2022-10-02
snyk
from 1.813.0 to 1.1292.4 | 493 versions ahead of your current version | a month ago
on 2024-08-12
styled-components
from 5.3.1 to 5.3.11 | 10 versions ahead of your current version | a year ago
on 2023-05-26

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Code Injection
SNYK-JS-SNYK-3111871
504 No Known Exploit
medium severity Command Injection
SNYK-JS-SNYK-3037342
504 Proof of Concept
medium severity Command Injection
SNYK-JS-SNYK-3038622
504 Proof of Concept
Release notes
Package name: babel-jest
  • 27.5.1 - 2022-02-08

    Features

    • [jest-config] Support comments in JSON config file (#12316)
    • [pretty-format] Expose ConvertAnsi plugin (#12308)

    Fixes

    • [expect] Add type definitions for asymmetric closeTo matcher (#12304)
    • [jest-cli] Load binary via exported API (#12315)
    • [jest-config] Replace jsonlint with parse-json (#12316)
    • [jest-repl] Make module importable (#12311 & #12315)

    Chore & Maintenance

    • [*] Avoid anonymous default exports (#12313)

    New Contributors

    Full Changelog: v27.5.0...v27.5.1

  • 27.5.0 - 2022-02-05

    Features

    • [expect] Add asymmetric matcher expect.closeTo (#12243)
    • [jest-mock] Added mockFn.mock.lastCall to retrieve last argument (#12285)

    Fixes

    • [expect] Add a fix for .toHaveProperty('') (#12251)
    • [jest-each, @ jest/globals] Allow passing ReadonlyArray type of a table to describe.each and test.each (#12297)
    • [@ jest/globals] Add missing options argument to jest.doMock typing (#12292)
    • [jest-environment-node] Add atob and btoa (#12269)
    • [jest-matcher-utils] Correct diff for expected asymmetric matchers (#12264)
    • [jest-message-util] Fix .getTopFrame() (and toMatchInlineSnapshot()) with mjs files (#12277)

    Chore & Maintenance

    • [*] Update graceful-fs to ^4.2.9 (#11749)

    Performance

    • [jest-resolve] perf: skip error creation on not found stat calls (#11749)

    New Contributors

    Full Changelog: v27.4.7...v27.5.0

  • 27.4.6 - 2022-01-04

    Fixes

    • [jest-environment-node] Add AbortSignal (#12157)
    • [jest-environment-node] Add Missing node global performance (#12002)
    • [jest-runtime] Handle missing mocked property (#12213)
    • [@ jest/transform] Update dependency package pirates to 4.0.4 (#12002)

    Performance

    • jest-config perf: only register ts-node once when loading TS config files (#12160)

    New Contributors

    Full Changelog: v27.4.5...v27.4.6

  • 27.4.5 - 2021-12-13

    Fixes

    • [jest-worker] Stop explicitly passing process.env (#12141)

    New Contributors

    Full Changelog: v27.4.4...v27.4.5

  • 27.4.4 - 2021-12-10

    Fixes

    • [babel-jest] Add process.version chunk to the cache key (#12122)
    • [jest-environment] Add mocked to jest object (#12133)
    • [jest-worker] Stop explicitly passing execArgv (#12128)

    Chore & Maintenance

    • [website] Fix the card front that looks overlapping part of the card back

    New Contributors

    Full Changelog: v27.4.3...v27.4.4

  • 27.4.2 - 2021-11-30

    27.4.2

    Fixes

    • [jest-worker] Add additional execArgv to filter (#12103)

    New Contributors

    Full Changelog: v27.4.1...v27.4.2

  • 27.4.1 - 2021-11-30

    Fixes

    • [jest-worker] Filter execArgv correctly (#12097)

    New Contributors

    Full Changelog: v27.4.0...v27.4.1

  • 27.4.0 - 2021-11-29

    Features

    • [expect] Enhancing the toHaveProperty matcher to support array selection (#12092)
    • [jest-core] Add support for testResultsProcessor written in ESM (#12006)
    • [jest-diff, pretty-format] Add compareKeys option for custom sorting of object keys (#11992)
    • [jest-mock] Add ts-jest mock util functions (#12089)

    Fixes

    • [expect] Allow again expect.Matchers generic with single value (#11986)
    • [jest-circus, jest-jasmine2] Avoid false concurrent test failures due to unhandled promise rejections (#11987)
    • [jest-config] Add missing slash dependency to package.json (#12080)
    • [jest-core] Incorrect detection of open ZLIB handles (#12022)
    • [jest-diff] Break dependency cycle (#10818)
    • [jest-environment-jsdom] Add @ types/jsdom dependency (#11999)
    • [jest-environment-jsdom] Do not reset the global.document too early on teardown (#11871)
    • [jest-transform] Improve error and warning messages (#11998)
    • [jest-worker] Pass execArgv correctly to worker_threads worker (#12069)

    Chore & Maintenance

    • [docs] CLI options alphabetized (#11586)
    • [jest-runner] Add info regarding timers to forcedExit message(#12083)
    • [*] Replaced substr method with substring (#12066)
    • [*] Add types entry to all export maps (#12073)

    New Contributors

    Full Changelog: v27.3.1...v27.4.0

  • 27.3.1 - 2021-10-19
  • 27.3.0 - 2021-10-17
  • 27.2.5 - 2021-10-08
  • 27.2.4 - 2021-09-29
  • 27.2.3 - 2021-09-28
  • 27.2.2 - 2021-09-25
  • 27.2.1 - 2021-09-20
  • 27.2.0 - 2021-09-13
from babel-jest GitHub release notes
Package name: @types/styled-components
  • 5.1.34 - 2023-12-06
  • 5.1.33 - 2023-12-06
  • 5.1.32 - 2023-11-22
  • 5.1.31 - 2023-11-21
  • 5.1.30 - 2023-11-07
  • 5.1.29 - 2023-10-18
  • 5.1.28 - 2023-09-25
  • 5.1.27 - 2023-09-11
  • 5.1.26 - 2022-08-10
  • 5.1.25 - 2022-04-07
  • 5.1.24 - 2022-03-01
  • 5.1.23 - 2022-02-18
  • 5.1.22 - 2022-02-05
  • 5.1.21 - 2022-01-21
  • 5.1.20 - 2022-01-11
  • 5.1.19 - 2021-12-24
  • 5.1.18 - 2021-12-13
  • 5.1.17 - 2021-12-06
  • 5.1.16 - 2021-11-30
  • 5.1.15 - 2021-10-07
  • 5.1.14 - 2021-09-04
from @types/styled-components GitHub release notes
Package name: focus-visible from focus-visible GitHub release notes
Package name: module-alias
  • 2.2.3 - 2023-06-03
  • 2.2.2 - 2019-10-01

    Make module-alias work in cli mode #76

from module-alias GitHub release notes
Package name: polished
  • 4.3.1 - 2024-02-01

    Bug Fixes & Improvements

    • Remove annotate-pure-calls plugin to address incompatibility with later versions of rollup.
    • Update dependencies.
  • 4.3.0 - 2024-02-01

    Remove unneeded pure function annotation plugin.

    re: #642

  • 4.2.2 - 2022-04-06

    Bug Fixes

    • Color Modules - addresses an issue with longer floats in color values. (#610 - Thanks to @ levymetal)
  • 4.2.1 - 2022-04-04

    Bug Fixes

    • hls(a) - now properly parses percentages for opacity.
    • rgb(a) - now properly parses percentages for opacity.
  • 4.2.0 - 2022-04-03

    Improvements

    • color Modules - now support space-separated CSS color values for rgb(a) and hsl(a). (#605)
    • rgb - now accepts optional opacity value.
    • hsl - now accepts optional opacity value.
  • 4.1.4 - 2022-01-22

    Bug Fixes

    • mix - remove unnecessary division by 1 (#59)
  • 4.1.3 - 2021-05-31

    Bug Fixes

    • Addressed several performance issues with regexes.
from polished GitHub release notes
Package name: react-router-dom
  • 5.3.4 - 2022-10-02
  • 5.3.3 - 2022-05-18
  • 5.3.2 - 2022-05-17
  • 5.3.1 - 2022-04-17
  • 5.3.0 - 2021-09-03
from react-router-dom GitHub release notes
Package name: snyk
  • 1.1292.4 - 2024-08-12

    1.1292.4 (2024-08-12)

    The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

    Complete changelog

    Bug Fixes

    • deployment: Rollback of digital signature for the bundled macOS binary (#5416)
  • 1.1292.3 - 2024-08-12

    1.1292.3 (2024-08-12)

    The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

    Complete changelog

    Bug Fixes

    • deployment: Add digital signature for the bundled macOS binary
      (#5404)
  • 1.1292.2 - 2024-08-01

    1.1292.2 (2024-08-01)

    The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

    Complete changelog

    Bug Fixes

    • container test: Improve the accuracy of identifying npm projects within docker images by removing the explicit folder ignore rules
      (#5384)
    • container test: Pass platform parameter when pulling an image from a container registry (#5360)
  • 1.1292.1 - 2024-06-27

    1.1292.1 (2024-06-27)

    The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

    Complete changelog

    Bug Fixes

    • test,monitor: fix improper permission error handling when accessing 'enablePnpmCli' feature flag
  • 1.1292.0 - 2024-06-26

    1.1292.0 (2024-06-26)

    The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

    News

    This Snyk CLI release delivers an assortment of bug fixes and improvements.

    • We've added support for pnpm, giving you more flexibility in your project setup.
    • You can now scan npm/yarn projects even without lockfiles, ensuring comprehensive vulnerability detection regardless of your dependency management approach.
    • We're committed to strengthening security. This release includes redaction of additional sensitive data in debug logs, minimizing potential risks.

    Complete changelog

    Features

    • test: Added pnpm support under 'enablePnpmCli' feature flag (#5181) (46769cc)
    • test: Support scan of npm/yarn projects without lockfiles (e2d77a9)
    • monitor: Set target-reference in the monitor request (51ed8f5)
    • code: Centrally check if code test is enabled (#5239) (e5a00e2)
    • sbom: Improve depgraph for Maven projects (fbb33d7)
    • sbom: Use RFC 3339 for all timestamps in sbom test result (#5204) (91bf191)
    • language-server: Add --all-projects flag scans by default IDE-318 (fdcf30e)
    • language-server: Enable incremental scanning IDE-275 (d198685)
    • language-server: Add support for IDE themes (c1c4d08)
    • language-server: Consistent styling across intellij and vscode (#5282) (9aa6f76)
    • logging: Redact additional types of sensitive data from debug logs (#5254) (056cdab)

    Bug Fixes

    • auth: Autodetect IDE usage and fallback to API token based authentication (#5241) (4c795e0)
    • iac: Upgrade iac custom rules to address Vulnerabilities IAC-2944 (453db24)
    • language-server: Caching problem when no vulnerabilities in the IDE (#5223) (89c9491)
    • language-server: Remove incorrect /v1 path (#5214) (cf16470)
    • dependencies: Update dependencies to reduce vulnerabilities (#5131) (4c7cb3c)
    • sbom: sbom test output padding (e3b7cac)
    • sbom: Fix container purl generation for apt and rpm (#5207) (fa9d512)
    • sbom: Retain error code during SBOM generation (#5202) (5e98aaa)
    • test: support cyclic dependencies in maven with dverbose (#5208) (fb24c02)
    • test: Add tool version and informationUri to sarif output (#5203) (b899fd3)
    • test: fixing several .NET bugs (#5217) (c27d767)
    • test: fixing a bug causing .NET beta scanning to fail on older versions of .NET (#5228) (5fdecf7)
    • test: .NET runtime resolution testing now supports projects targeting .NET Standard frameworks (#5169) (44d0861)
    • test: fix issues of type 'Cannot find module ...' in snyk-docker-plugin (#5301) (88efd54)
    • monitor: fix project name when using assets-project-name flag (#5077) (57dc718)
  • 1.1291.1 - 2024-05-27

    1.1291.1 (2024-05-27)

    The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

    Bug Fixes

    • dependencies: Upgrade go-getter to v1.7.4 to fix vulnerabilities (#5252)
  • 1.1291.0 - 2024-04-30

    1.1291.0 (2024-04-30)

    The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

    News

    • This is the first stable release of the CLI
    • It makes use of semantic versioning and is the successor of 1.1290.0

    Bug Fixes

    • test: Fix support of cyclic dependencies in maven with dverbose

Snyk has created this PR to upgrade:
  - babel-jest from 27.2.0 to 27.5.1.
    See this package in npm: https://www.npmjs.com/package/babel-jest
  - @types/styled-components from 5.1.14 to 5.1.34.
    See this package in npm: https://www.npmjs.com/package/@types/styled-components
  - focus-visible from 5.2.0 to 5.2.1.
    See this package in npm: https://www.npmjs.com/package/focus-visible
  - module-alias from 2.2.2 to 2.2.3.
    See this package in npm: https://www.npmjs.com/package/module-alias
  - polished from 4.1.3 to 4.3.1.
    See this package in npm: https://www.npmjs.com/package/polished
  - react-router-dom from 5.3.0 to 5.3.4.
    See this package in npm: https://www.npmjs.com/package/react-router-dom
  - snyk from 1.813.0 to 1.1292.4.
    See this package in npm: https://www.npmjs.com/package/snyk
  - styled-components from 5.3.1 to 5.3.11.
    See this package in npm: https://www.npmjs.com/package/styled-components

See this project in Snyk:
https://app.snyk.io/org/gdevtech/project/fdde0747-f239-452d-9e04-aba4549eb7e8?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

vercel bot commented Sep 7, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
axon-react-startup-atny ❌ Failed (Inspect) Sep 7, 2024 8:08am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants