Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- | 599/1000 Why? Has a fix available, CVSS 7.7 | Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020 | Yes | No Known Exploit | 534/1000 Why? Has a fix available, CVSS 6.4 | Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022 | Yes | No Known Exploit | 539/1000 Why? Has a fix available, CVSS 6.5 | Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024 | Yes | No Known Exploit | 554/1000 Why? Has a fix available, CVSS 6.8 | Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026 | Yes | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020
• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022
• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024
• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- | 461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433 | No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-DEBUG-3227433

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • utils/labeller/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- | 461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433 | Yes | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

fix: utils/labeller/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-DEBUG-3227433

fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-JSZIP-3188562

fix: test/rules/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:

• https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/rules/requirements.txt

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- | 551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-SETUPTOOLS-3180412 | setuptools: 39.0.1 -> 65.5.1 | No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • utils/issue-format-bot/package.json
  • utils/issue-format-bot/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- | 671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7 | Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020 | Yes | No Known Exploit | 611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 | Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022 | Yes | No Known Exploit | 611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 | Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024 | Yes | No Known Exploit | 526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8 | Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026 | Yes | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

fix: utils/issue-format-bot/package.json & utils/issue-format-bot/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020
• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022
• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024
• https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026

fix: test/rules/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:

• https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- | 768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution SNYK-JS-QS-3153490 | No | Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

See the full diff

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-QS-3153490

fix: test/rules/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:

• https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/rules/requirements.txt

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- | 441/1000 Why? Recently disclosed, Has a fix available, CVSS 3.1 | Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-SETUPTOOLS-3113904 | setuptools: 39.0.1 -> 65.5.1 | No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)