[Snyk] Fix for 2 vulnerabilities#44
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-15274295 - https://snyk.io/vuln/SNYK-JS-QS-15268416
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: accd3543f9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "eslint": "^9.0.0", | ||
| "jest": "^26.0.0", |
There was a problem hiding this comment.
These dependency range changes are not accompanied by a package-lock.json update, and the lockfile in this commit still pins @wordpress/scripts to eslint ^4.19.1 / jest ^23.6.0 with resolved entries at 4.19.1 and 23.6.0, so lockfile-based installs will continue using the vulnerable versions and the security fix will not actually be applied in reproducible environments.
Useful? React with 👍 / 👎.
2 participants
Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
packages/scripts/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AJV-15274295
SNYK-JS-QS-15268416
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Allocation of Resources Without Limits or Throttling