Skip to content

Commit

Permalink
CHANGE (CodeAnalyzer): @W-15295547@: Prep for v4.0.0 release. (#1419)
Browse files Browse the repository at this point in the history
  • Loading branch information
jfeingold35 authored Mar 25, 2024
1 parent 63a13a4 commit e4c1d5b
Show file tree
Hide file tree
Showing 2 changed files with 122 additions and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "3.22.0",
"version": "4.0.0",
"author": "Salesforce Code Analyzer Team",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down
121 changes: 121 additions & 0 deletions retire-js/RetireJsVulns.json
Original file line number Diff line number Diff line change
Expand Up @@ -438,6 +438,20 @@
"https://github.com/advisories/GHSA-ffmh-x56j-9rc3",
"https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd"
]
},
{
"below": "1.20.0",
"severity": "medium",
"cwe": [
"CWE-79"
],
"identifiers": {
"summary": "Potential XSS via showLabel",
"PR": "2462"
},
"info": [
"https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1200--2023-10-10"
]
}
],
"extractors": {
Expand Down Expand Up @@ -5654,6 +5668,20 @@
"https://github.com/axios/axios/releases/tag/v1.6.0",
"https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
]
},
{
"below": "1.6.8",
"severity": "medium",
"cwe": [
"CWE-200"
],
"identifiers": {
"summary": "Versions before 1.6.8 depends on follow-redirects before 1.15.6 which could leak the proxy authentication credentials",
"PR": "6300"
},
"info": [
"https://github.com/axios/axios/pull/6300"
]
}
],
"extractors": {
Expand Down Expand Up @@ -5755,6 +5783,21 @@
"https://nvd.nist.gov/vuln/detail/CVE-2022-21670",
"https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-2331914"
]
},
{
"below": "13.0.2",
"severity": "medium",
"cwe": [
"CWE-400"
],
"identifiers": {
"summary": "Fixed crash/infinite loop caused by linkify inline rule",
"issue": "957"
},
"info": [
"https://github.com/markdown-it/markdown-it/issues/957",
"https://github.com/markdown-it/markdown-it/compare/13.0.1...13.0.2"
]
}
],
"extractors": {
Expand Down Expand Up @@ -6379,6 +6422,25 @@
"info": [
"https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
]
},
{
"below": "4.1.4",
"atOrAbove": "4.0.1",
"severity": "medium",
"cwe": [
"CWE-79"
],
"identifiers": {
"summary": "Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.",
"CVE": [
"CVE-2023-41592"
],
"githubID": "GHSA-hvpq-7vcc-5hj5"
},
"info": [
"https://froala.com/wysiwyg-editor/changelog/#4.1.4",
"https://github.com/advisories/GHSA-hvpq-7vcc-5hj5"
]
}
],
"extractors": {
Expand Down Expand Up @@ -7037,6 +7099,65 @@
]
}
},
"mathjax": {
"vulnerabilities": [
{
"atOrAbove": "0",
"below": "2.7.4",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Macro in MathJax running untrusted Javascript within a web browser",
"CVE": [
"CVE-2018-1999024"
],
"githubID": "GHSA-3c48-6pcv-88rm"
},
"info": [
"https://github.com/advisories/GHSA-3c48-6pcv-88rm",
"https://nvd.nist.gov/vuln/detail/CVE-2018-1999024",
"https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1",
"https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html",
"https://github.com/advisories/GHSA-3c48-6pcv-88rm",
"https://github.com/mathjax/MathJax"
]
},
{
"atOrAbove": "0",
"below": "999",
"cwe": [
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "MathJax Regular expression Denial of Service (ReDoS)",
"CVE": [
"CVE-2023-39663"
],
"githubID": "GHSA-v638-q856-grg8"
},
"info": [
"https://github.com/advisories/GHSA-v638-q856-grg8",
"https://nvd.nist.gov/vuln/detail/CVE-2023-39663",
"https://github.com/mathjax/MathJax/issues/3074"
]
}
],
"extractors": {
"uri": [
"/mathjax@(§§version§§)/",
"/mathjax/(§§version§§)/"
],
"filecontent": [
"\\.MathJax\\.config\\.startup;{10,100}.\\.VERSION=\"(§§version§§)\"",
"\\.MathJax=\\{version:\"(§§version§§)\"",
"MathJax.{0,100}.\\.VERSION=void 0,.\\.VERSION=\"(§§version§§)\"",
"MathJax\\.version=\"(§§version§§)\";"
]
}
},
"dont check": {
"vulnerabilities": [],
"extractors": {
Expand Down

0 comments on commit e4c1d5b

Please sign in to comment.