[Snyk] Security upgrade @golemio/core from 1.10.4-dev.1352554894 to 1.11.0
Snyk has created this Merge Request to fix 4 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
package.json
zero-installs users
Note forIf you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/
directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn
to update the contents of the ./yarn/cache
directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.
⚠ ️ Warning
```
Failed to update the yarn.lock, please update manually before merging.
```
Vulnerabilities that will be fixed with an upgrade:
Issue | Score | |
---|---|---|
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
696 | |
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728 |
589 | |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') SNYK-JS-AZUREIDENTITY-7246760 |
489 | |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') SNYK-JS-AZUREMSALNODE-7246761 |
489 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@golemio/core","from":"1.10.4-dev.1352554894","to":"1.11.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AZUREIDENTITY-7246760","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AZUREMSALNODE-7246761","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"357b49cc-60f6-4398-a8f7-a3363d256eb6","prPublicId":"357b49cc-60f6-4398-a8f7-a3363d256eb6","packageManager":"yarn","priorityScoreList":[489,489,589,696],"projectPublicId":"fba88c19-11a3-4753-a392-1f92ad2b7149","projectUrl":"https://app.snyk.io/org/operator-ict/project/fba88c19-11a3-4753-a392-1f92ad2b7149?utm_source=gitlab&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-JS-AZUREIDENTITY-7246760","SNYK-JS-AZUREMSALNODE-7246761","SNYK-JS-MICROMATCH-6838728","SNYK-JS-SEMVER-3247795"],"vulns":["SNYK-JS-AZUREIDENTITY-7246760","SNYK-JS-AZUREMSALNODE-7246761","SNYK-JS-MICROMATCH-6838728","SNYK-JS-SEMVER-3247795"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'