Skip to content

Commit

Permalink
FIX (DevOps) @W-16039195@ Manually incrementing version and upgrading…
Browse files Browse the repository at this point in the history
… dependencies. (#1515)
  • Loading branch information
jfeingold35 authored Jun 21, 2024
1 parent 9fd8f00 commit 762d652
Show file tree
Hide file tree
Showing 3 changed files with 1,340 additions and 1,119 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "4.2.0",
"version": "4.3.0",
"author": "Salesforce Code Analyzer Team",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down
126 changes: 126 additions & 0 deletions retire-js/RetireJsVulns.json
Original file line number Diff line number Diff line change
Expand Up @@ -7255,6 +7255,132 @@
]
}
},
"pdf.js": {
"bowername": [
"pdfjs-dist"
],
"npmname": "pdfjs-dist",
"vulnerabilities": [
{
"atOrAbove": "0",
"below": "1.10.100",
"cwe": [
"CWE-94"
],
"severity": "high",
"identifiers": {
"summary": "Malicious PDF can inject JavaScript into PDF Viewer",
"CVE": [
"CVE-2018-5158"
],
"githubID": "GHSA-7jg2-jgv3-fmr4"
},
"info": [
"https://github.com/advisories/GHSA-7jg2-jgv3-fmr4",
"https://nvd.nist.gov/vuln/detail/CVE-2018-5158",
"https://github.com/mozilla/pdf.js/pull/9659",
"https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97",
"https://access.redhat.com/errata/RHSA-2018:1414",
"https://access.redhat.com/errata/RHSA-2018:1415",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1452075",
"https://github.com/mozilla/pdf.js",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html",
"https://security.gentoo.org/glsa/201810-01",
"https://usn.ubuntu.com/3645-1",
"https://www.debian.org/security/2018/dsa-4199",
"https://www.mozilla.org/security/advisories/mfsa2018-11",
"https://www.mozilla.org/security/advisories/mfsa2018-12",
"http://www.securityfocus.com/bid/104136",
"http://www.securitytracker.com/id/1040896"
]
},
{
"atOrAbove": "2.0.0",
"below": "2.0.550",
"cwe": [
"CWE-94"
],
"severity": "high",
"identifiers": {
"summary": "Malicious PDF can inject JavaScript into PDF Viewer",
"CVE": [
"CVE-2018-5158"
],
"githubID": "GHSA-7jg2-jgv3-fmr4"
},
"info": [
"https://github.com/advisories/GHSA-7jg2-jgv3-fmr4",
"https://nvd.nist.gov/vuln/detail/CVE-2018-5158",
"https://github.com/mozilla/pdf.js/pull/9659",
"https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97",
"https://access.redhat.com/errata/RHSA-2018:1414",
"https://access.redhat.com/errata/RHSA-2018:1415",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1452075",
"https://github.com/mozilla/pdf.js",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html",
"https://security.gentoo.org/glsa/201810-01",
"https://usn.ubuntu.com/3645-1",
"https://www.debian.org/security/2018/dsa-4199",
"https://www.mozilla.org/security/advisories/mfsa2018-11",
"https://www.mozilla.org/security/advisories/mfsa2018-12",
"http://www.securityfocus.com/bid/104136",
"http://www.securitytracker.com/id/1040896"
]
},
{
"atOrAbove": "0",
"below": "4.2.67",
"cwe": [
"CWE-79"
],
"severity": "high",
"identifiers": {
"summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
"CVE": [
"CVE-2024-34342",
"CVE-2024-4367"
],
"githubID": "GHSA-wgrm-67xf-hhpq"
},
"info": [
"https://github.com/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/pull/18015",
"https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1893645",
"https://github.com/mozilla/pdf.js"
]
}
],
"extractors": {
"uri": [
"/pdf\\.js/(§§version§§)/",
"/pdfjs-dist@(§§version§§)/"
],
"filecontent": [
" pdfjs-dist@(§§version§§) ",
"(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
"PDFJS.version ?= ?['\"](§§version§§)['\"]",
"apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
"messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
]
}
},
"pdfobject": {
"vulnerabilities": [],
"extractors": {
"uri": [
"/pdfobject@(§§version§§)/",
"/pdfobject/(§§version§§)/pdfobject(\\.min)?\\.js"
],
"filecontent": [
"\\* +PDFObject v(§§version§§)",
"/*[\\s]+PDFObject v(§§version§§)",
"let pdfobjectversion = \"(§§version§§)\";",
"pdfobjectversion:\"(§§version§§)\""
]
}
},
"dont check": {
"vulnerabilities": [],
"extractors": {
Expand Down
Loading

0 comments on commit 762d652

Please sign in to comment.