Skip to content

chore(deps-dev): bump jest and @types/jest #9111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore(deps-dev): bump jest and @types/jest #9111

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 29, 2025
edited
Loading

Bumps jest and @types/jest. These dependencies needed to be updated together.
Updates jest from 29.7.0 to 30.2.0

Release notes

Sourced from jest's releases.

30.2.0

Chore & Maintenance

  • [*] Update example repo for testing React Native projects (#15832)
  • [*] Update jest-watch-typeahead to v3 (#15830)

Features

  • [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

  • [babel-jest] Export the TransformerConfig interface (#15820)
  • [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

  • Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

  • [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

  • [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)

30.1.0

Features

  • [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
  • [jest-runtime] Reduce redundant ReferenceError messages
  • [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

  • `[jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
  • [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
  • [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
  • [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

Chore

  • [expect] Update docblock for toContain() to display info on substring check (#15789)

30.0.2

What's Changed

... (truncated)

Changelog

Sourced from jest's changelog.

30.2.0

Chore & Maintenance

  • [*] Update example repo for testing React Native projects (#15832)
  • [*] Update jest-watch-typeahead to v3 (#15830)

Features

  • [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

  • [babel-jest] Export the TransformerConfig interface (#15820)
  • [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

  • Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

  • [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

  • [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)
  • [jest-snapshot-utils] Improve messaging about goo.gl snapshot link change (#15821)

30.1.0

Features

  • [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
  • [jest-runtime] Reduce redundant ReferenceError messages
  • [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

  • [jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
  • [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
  • [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
  • [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

... (truncated)

Commits

Updates @types/jest from 29.5.14 to 30.0.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies javascript Pull requests that update Javascript code labels Sep 29, 2025
@dependabot dependabot bot mentioned this pull request Sep 29, 2025
Closed
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from f8bb9e9 to afb83e3 Compare September 29, 2025 17:34
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from afb83e3 to 0858fdf Compare September 29, 2025 17:39
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 0858fdf to 729f9b9 Compare September 29, 2025 17:43
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 729f9b9 to de8b610 Compare September 30, 2025 03:24
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from de8b610 to 76a2c35 Compare October 1, 2025 03:08
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 76a2c35 to e366c2b Compare October 1, 2025 03:13
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from e366c2b to 67e696c Compare October 1, 2025 03:18
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 67e696c to 1695098 Compare October 1, 2025 12:29
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 1695098 to de378c0 Compare October 2, 2025 10:40
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from de378c0 to 66f4813 Compare October 6, 2025 03:07
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 66f4813 to cb1d180 Compare October 8, 2025 03:08
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from cb1d180 to 92b7e11 Compare October 8, 2025 03:13
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 92b7e11 to f4f6019 Compare October 10, 2025 03:08
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from f4f6019 to 96cc18c Compare October 10, 2025 03:12
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 96cc18c to 9009470 Compare October 14, 2025 03:09
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 9009470 to 81a62bc Compare October 16, 2025 03:08
@dependabot
chore(deps-dev): bump jest and @types/jest
affecb5 
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) and [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest). These dependencies needed to be updated together.

Updates `jest` from 29.7.0 to 30.2.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.2.0/packages/jest)

Updates `@types/jest` from 29.5.14 to 30.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: jest
  dependency-version: 30.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-a28ee524ce branch from 81a62bc to affecb5 Compare October 16, 2025 13:22
@github-actions GitHub Actions
Copy link
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@types/jest ^30.0.0 🟢 6.9
Details
CheckScoreReason
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/jest 30.2.0 UnknownUnknown
npm/@jest/console 30.2.0 UnknownUnknown
npm/@jest/core 30.2.0 UnknownUnknown
npm/@jest/diff-sequences 30.0.1 UnknownUnknown
npm/@jest/environment 30.2.0 UnknownUnknown
npm/@jest/expect 30.2.0 UnknownUnknown
npm/@jest/expect-utils 30.2.0 UnknownUnknown
npm/@jest/fake-timers 30.2.0 UnknownUnknown
npm/@jest/get-type 30.1.0 UnknownUnknown
npm/@jest/globals 30.2.0 UnknownUnknown
npm/@jest/pattern 30.0.1 UnknownUnknown
npm/@jest/reporters 30.2.0 UnknownUnknown
npm/@jest/schemas 30.0.5 UnknownUnknown
npm/@jest/snapshot-utils 30.2.0 UnknownUnknown
npm/@jest/source-map 30.0.1 UnknownUnknown
npm/@jest/test-result 30.2.0 UnknownUnknown
npm/@jest/test-sequencer 30.2.0 UnknownUnknown
npm/@jest/transform 30.2.0 UnknownUnknown
npm/@jest/types 30.2.0 UnknownUnknown
npm/@sinclair/typebox 0.34.41 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@sinonjs/fake-timers 13.0.5 🟢 5.7
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 2Found 7/28 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 45 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@types/jest 30.0.0 🟢 6.9
Details
CheckScoreReason
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/babel-jest 30.2.0 UnknownUnknown
npm/babel-plugin-istanbul 7.0.1 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 4Found 10/23 approved changesets -- score normalized to 4
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1011 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/babel-plugin-jest-hoist 30.2.0 UnknownUnknown
npm/babel-preset-jest 30.2.0 UnknownUnknown
npm/ci-info 4.3.1 🟢 4.2
Details
CheckScoreReason
Maintained🟢 67 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/cjs-module-lexer 2.1.0 UnknownUnknown
npm/collect-v8-coverage 1.0.3 🟢 4.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 1014 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/exit-x 0.2.2 UnknownUnknown
npm/expect 30.2.0 UnknownUnknown
npm/istanbul-lib-source-maps 5.0.6 🟢 5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Code-Review🟢 5Found 11/20 approved changesets -- score normalized to 5
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License⚠️ 0license file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/jest 30.2.0 UnknownUnknown
npm/jest-changed-files 30.2.0 UnknownUnknown
npm/jest-circus 30.2.0 UnknownUnknown
npm/jest-cli 30.2.0 UnknownUnknown
npm/jest-config 30.2.0 UnknownUnknown
npm/jest-diff 30.2.0 UnknownUnknown
npm/jest-docblock 30.2.0 UnknownUnknown
npm/jest-each 30.2.0 UnknownUnknown
npm/jest-environment-node 30.2.0 UnknownUnknown
npm/jest-haste-map 30.2.0 UnknownUnknown
npm/jest-leak-detector 30.2.0 UnknownUnknown
npm/jest-matcher-utils 30.2.0 UnknownUnknown
npm/jest-message-util 30.2.0 UnknownUnknown
npm/jest-mock 30.2.0 UnknownUnknown
npm/jest-regex-util 30.0.1 UnknownUnknown
npm/jest-resolve 30.2.0 UnknownUnknown
npm/jest-resolve-dependencies 30.2.0 UnknownUnknown
npm/jest-runner 30.2.0 UnknownUnknown
npm/jest-runtime 30.2.0 UnknownUnknown
npm/jest-snapshot 30.2.0 UnknownUnknown
npm/jest-util 30.2.0 UnknownUnknown
npm/jest-validate 30.2.0 UnknownUnknown
npm/jest-watcher 30.2.0 UnknownUnknown
npm/jest-worker 30.2.0 UnknownUnknown
npm/pretty-format 30.2.0 UnknownUnknown
npm/pure-rand 7.0.1 🟢 4.8
Details
CheckScoreReason
Maintained🟢 911 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 55 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/write-file-atomic 5.0.1 🟢 6
Details
CheckScoreReason
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 7SAST tool detected but not run on all commits

Scanned Files

  • package.json
  • yarn.lock

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions GitHub Actions
Copy link
Contributor

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity Count
🔴 Critical 0
🟠 High 3
🟡 Moderate 5
🟢 Low 4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report 
├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
├─ tmp: �[38;5;37m0.1.0�[39m
│  ├─ ID: �[38;5;220m1106849�[39m
│  ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
│  ├─ Severity: low
│  ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
│  ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
│  ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
│  └─ Recommendation: Upgrade to version 0.2.4 or later
│
└─ validator: �[38;5;37m13.15.15�[39m
   ├─ ID: �[38;5;220m1108959�[39m
   ├─ Issue: validator.js has a URL validation bypass vulnerability in its isURL function
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-9965-vmph-33xx�[39m
   ├─ Severity: moderate
   ├─ Vulnerable Versions: �[38;5;37m<=13.15.15�[39m
   ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
   ├─ Via: validator
   └─ Recommendation: None

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@otto-the-bot otto-the-bot otto-the-bot approved these changes

Assignees

No one assigned

Labels

dependencies javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@otto-the-bot