Skip to content

Commit

Permalink
Merge pull request #1312 from forcedotcom/d/W-14750116
Browse files Browse the repository at this point in the history 
CHANGE (CodeAnalyzer): @W-14750116@: Release prep for v3.20.0.
  • Loading branch information
@jfeingold35
jfeingold35 authored Jan 8, 2024
2 parents 306b901 + c5e9b5c commit 177e7f8
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 4 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "3.19.0",
"version": "3.20.0",
"author": "ISV SWAT",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down
134 changes: 131 additions & 3 deletions retire-js/RetireJsVulns.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1374,7 +1374,10 @@
"identifiers": {
"summary": "security issue where URLs in attributes weren’t correctly sanitized. security issue in the codesample plugin",
"retid": "67",
"githubID": "GHSA-w7jx-j77m-wp65"
"githubID": "GHSA-w7jx-j77m-wp65",
"CVE": [
"CVE-2024-21911"
]
},
"info": [
"https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
Expand Down Expand Up @@ -1404,7 +1407,10 @@
"identifiers": {
"summary": "Inserting certain HTML content into the editor could result in invalid HTML once parsed. This caused a medium severity Cross Site Scripting (XSS) vulnerability",
"retid": "69",
"githubID": "GHSA-5h9g-x5rv-25wg"
"githubID": "GHSA-5h9g-x5rv-25wg",
"CVE": [
"CVE-2024-21908"
]
},
"info": [
"https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes"
Expand All @@ -1420,7 +1426,10 @@
"identifiers": {
"summary": "URLs not cleaned correctly in some cases in the link and image plugins",
"retid": "70",
"githubID": "GHSA-r8hm-w5f7-wj39"
"githubID": "GHSA-r8hm-w5f7-wj39",
"CVE": [
"CVE-2024-21910"
]
},
"info": [
"https://www.tiny.cloud/docs/release-notes/release-notes510/#securityfixes"
Expand Down Expand Up @@ -3087,6 +3096,89 @@
"hashes": {}
}
},
"@angular/core": {
"vulnerabilities": [
{
"atOrAbove": "0",
"below": "10.2.5",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Cross site scripting in Angular",
"CVE": [
"CVE-2021-4231"
],
"githubID": "GHSA-c75v-2vq8-878f"
},
"info": [
"https://github.com/advisories/GHSA-c75v-2vq8-878f",
"https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
"https://github.com/angular/angular/issues/40136",
"https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
"https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
"https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
"https://github.com/angular/angular",
"https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
"https://vuldb.com/?id.181356"
]
},
{
"atOrAbove": "11.0.0",
"below": "11.0.5",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Cross site scripting in Angular",
"CVE": [
"CVE-2021-4231"
],
"githubID": "GHSA-c75v-2vq8-878f"
},
"info": [
"https://github.com/advisories/GHSA-c75v-2vq8-878f",
"https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
"https://github.com/angular/angular/issues/40136",
"https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
"https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
"https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
"https://github.com/angular/angular",
"https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
"https://vuldb.com/?id.181356"
]
},
{
"atOrAbove": "11.1.0-next.0",
"below": "11.1.0-next.3",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Cross site scripting in Angular",
"CVE": [
"CVE-2021-4231"
],
"githubID": "GHSA-c75v-2vq8-878f"
},
"info": [
"https://github.com/advisories/GHSA-c75v-2vq8-878f",
"https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
"https://github.com/angular/angular/issues/40136",
"https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
"https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
"https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
"https://github.com/angular/angular",
"https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
"https://vuldb.com/?id.181356"
]
}
],
"extractors": {}
},
"backbone.js": {
"bowername": [
"backbonejs",
Expand Down Expand Up @@ -6300,6 +6392,42 @@
]
}
},
"select2": {
"vulnerabilities": [
{
"atOrAbove": "0",
"below": "4.0.6",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Improper Neutralization of Input During Web Page Generation in Select2",
"CVE": [
"CVE-2016-10744"
],
"githubID": "GHSA-rf66-hmqf-q3fc"
},
"info": [
"https://github.com/advisories/GHSA-rf66-hmqf-q3fc",
"https://nvd.nist.gov/vuln/detail/CVE-2016-10744",
"https://github.com/select2/select2/issues/4587",
"https://github.com/snipe/snipe-it/pull/6831",
"https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
"https://github.com/select2/select2"
]
}
],
"extractors": {
"filecontent": [
"/\\*!(?:[\\s]+\\*)? Select2 (§§version§§)",
"/\\*[\\s]+Copyright 20[0-9]{2} [I]gor V[a]ynberg[\\s]+Version: (§§version§§)[\\s\\S]{1,4000}(\\.attr\\(\"class\",\"select2-sizer\"|\\.data\\(document,\"select2-lastpos\"|document\\)\\.data\\(\"select2-lastpos\")"
],
"uri": [
"(§§version§§)/(js/)?select2(.min)?\\.js"
]
}
},
"dont check": {
"vulnerabilities": [],
"extractors": {
Expand Down

0 comments on commit 177e7f8

Please sign in to comment.