Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

[Snyk] Security upgrade aws-amplify from 4.0.3 to 4.2.8 #194

Open
wants to merge 1 commit into
base: v5
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Sep 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: aws-amplify The new version differs by 154 commits.
  • 2346129 chore(release): Publish [ci skip]
  • 1f9ed9a chore: preparing release
  • 836c94a chore(fix axios version): patch security vuln for api-rest and storage (#8858)
  • d815f8b chore(release): update version.ts [ci skip]
  • 5e679c5 chore(release): Publish [ci skip]
  • f5d0ffb chore: preparing release
  • 0febaac fix(@ aws-amplify/datastore): only stringify nested AWSJSON in mutation event (#8844)
  • 32c0c39 chore(release): update version.ts [ci skip]
  • 5f595ae chore(release): Publish [ci skip]
  • 680a265 chore: preparing release
  • 6521a57 fix(@ aws-amplify/datastore): patch immer vuln (#8841)
  • 46ee5dd feat(@ aws-amplify/datastore): add SQLite storage adapter option for RN apps (#8809)
  • 48b76e1 fix(@ aws-amplify/datastore): remove conditional require (#8828)
  • 6efc50a chore(gh action): reduce cron sched to once per day (#8721)
  • e8200ca chore(release): update version.ts [ci skip]
  • 56ee0a1 chore(release): Publish [ci skip]
  • bc89d97 chore: preparing release
  • f1dc4a2 feat(@ aws-amplify/api-graphql): Add support for string 'authmode' values in TypeScript based apps (#8799)
  • b278875 fix(@ aws-amplify/datastore): check read-only at instance level (#8794)
  • 3075dc9 chore(issue templates): update template picker for ui repo (#8556)
  • 7afdcea Updates to the README (#8782)
  • 6de9a1d refactor: change LogLevel of getCurrentUserInfo error (#8434)
  • da8ef23 GH-4468: Transfer Acceleration can now be passed as a parameter to Storage.put() (#8750)
  • 8c9bedd chore(release): update version.ts [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant