Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gitlab from 3.3.6 to 5.0.0 #436

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade gitlab from 3.3.6 to 5.0.0 #436

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PARSELINKHEADER-1582783		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gitlab The new version differs by 250 commits.
  • c180684 chore(release): 5.0.0 [skip ci]
  • 356f056 chore(merge): Fixing some merge conflicts
  • d85a64e Merge branch 'next'
  • 0659370 refactor: Updating typings on all functions to include additional options (ie sudo)
  • 62e032b refactor: Triggers API required arguments exposed as optional
  • 7453779 refactor: Requiring content for the Note related APIs
  • 1ba9126 refactor: Expose optional parameters for the NotiicationSettings API
  • 46a541b refactor: Updating the MergeRequest API's pipeline function header
  • e4ba731 fix: Merge Request Approvals API did not match official API
  • 97dd060 refactor: Similar to the RepositoryFiles API changes
  • 6ea90d3 refactor: SystemHooks API function header updates
  • 037f4ed refactor: Removed Fs dependency for better browser support
  • aa6acb1 fix: [$1] Test DynamoDB 2 #227 Fixing array syntax thanks to Lukas Eipert (https://snyk.io/redirect/github/leipert)
  • cea5a2b fix: Fixing Todos support. If todoId was not passed, an undefined value would be introduced into the url
  • a7b29c1 fix: ResourceAwardEmojis API wasn't properly filtering based on awardId
  • 3f6d409 feat: Added LDAP support to the Groups API
  • ee6d490 feat: Added the missing edit function to the Groups API
  • 6c5f81b test: Updating push rule test to improve clarity
  • c10690c test: More jest matcher updates
  • 106e112 test: General updates to various tests to use the proper jest matchers
  • 052d6ea test: Fix the ApplicationSettings test to work with the default camelize option
  • 844e8f4 test: Add integration test for the ProjectBundle export
  • 7e4a3f1 refactor(config): Updating tslint configuration
  • a79dabe fix: Fixing typing structure and configuration

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[$1] Test DynamoDB 2
1 participant
@snyk-bot