[Snyk] Security upgrade @types/jest from 25.2.3 to 27.4.1 #41

Open

odemolliens wants to merge 1 commit from snyk-fix-3255b76748d3133278395ef6936e7a13 into develop

odemolliens commented

2024-09-06 10:21:57 +00:00

(Migrated from github.com)

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

package.json
yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696

Important

Check the changes in this PR to ensure they won't cause issues with your project.

Max score is 1000. Note that the real score may have changed since the PR was raised.

This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project. #### Snyk changed the following file(s): - `package.json` - `yarn.lock` #### Note for [zero-installs](https://yarnpkg.com/features/zero-installs) users If you are using the Yarn feature [zero-installs](https://yarnpkg.com/features/zero-installs) that was introduced in Yarn V2, note that this PR does not update the `.yarn/cache/` directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run `yarn` to update the contents of the `./yarn/cache` directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged. #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) |   **696**   --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiNmE4MDYzMi0xMzU5LTQyNmItODY5OS1jMTYwOWFkMjk5M2YiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImI2YTgwNjMyLTEzNTktNDI2Yi04Njk5LWMxNjA5YWQyOTkzZiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/odemolliens/project/b8a3cf00-dfa1-4ff9-a946-9d14cd51e4b3?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/odemolliens/project/b8a3cf00-dfa1-4ff9-a946-9d14cd51e4b3?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@types/jest","from":"25.2.3","to":"27.4.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"b6a80632-1359-426b-8699-c1609ad2993f","prPublicId":"b6a80632-1359-426b-8699-c1609ad2993f","packageManager":"yarn","priorityScoreList":[696],"projectPublicId":"b8a3cf00-dfa1-4ff9-a946-9d14cd51e4b3","projectUrl":"https://app.snyk.io/org/odemolliens/project/b8a3cf00-dfa1-4ff9-a946-9d14cd51e4b3?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JS-ANSIREGEX-1583908"],"vulns":["SNYK-JS-ANSIREGEX-1583908"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin snyk-fix-3255b76748d3133278395ef6936e7a13:snyk-fix-3255b76748d3133278395ef6936e7a13

git switch snyk-fix-3255b76748d3133278395ef6936e7a13

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch develop

git merge --no-ff snyk-fix-3255b76748d3133278395ef6936e7a13

git switch snyk-fix-3255b76748d3133278395ef6936e7a13

git rebase develop

git switch develop

git merge --ff-only snyk-fix-3255b76748d3133278395ef6936e7a13

git switch snyk-fix-3255b76748d3133278395ef6936e7a13

git rebase develop

git switch develop

git merge --no-ff snyk-fix-3255b76748d3133278395ef6936e7a13

git switch develop

git merge --squash snyk-fix-3255b76748d3133278395ef6936e7a13