pr#6
Conversation
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| const result = {}; | ||
| for (const item of list) { | ||
| if (!item.pull) continue; | ||
| result[item.user] ||= []; |
There was a problem hiding this comment.
E030: Expected an identifier and instead saw '='.
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| const result = {}; | ||
| for (const item of list) { | ||
| if (!item.pull) continue; | ||
| result[item.user] ||= []; |
There was a problem hiding this comment.
E030: Expected an identifier and instead saw ']'.
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| const result = {}; | ||
| for (const item of list) { | ||
| if (!item.pull) continue; | ||
| result[item.user] ||= []; |
There was a problem hiding this comment.
E033: Expected an operator and instead saw '['.
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| const result = {}; | ||
| for (const item of list) { | ||
| if (!item.pull) continue; | ||
| result[item.user] ||= []; |
There was a problem hiding this comment.
E058: Missing semicolon.
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| @@ -48,35 +49,36 @@ | |||
| "@babel/preset-typescript": "^7.16.0", | |||
| "@changesets/changelog-github": "^0.4.1", | |||
| "@changesets/cli": "^2.18.0", | |||
| "@jest/test-sequencer": "^27.3.1", | |||
| "@jest/test-sequencer": "^28.0.0", | |||
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40jest/[email protected]
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improper Link Resolution Before File Access ('Link Following')
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVSS Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "@manypkg/cli": "^0.19.1", | ||
| "@preconstruct/cli": "2.1.5", | ||
| "@preconstruct/cli": "2.2.1", |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40preconstruct/[email protected]
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| @@ -48,35 +49,36 @@ | |||
| "@babel/preset-typescript": "^7.16.0", | |||
| "@changesets/changelog-github": "^0.4.1", | |||
| "@changesets/cli": "^2.18.0", | |||
| "@jest/test-sequencer": "^27.3.1", | |||
| "@jest/test-sequencer": "^28.0.0", | |||
| "@manypkg/cli": "^0.19.1", | |||
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40manypkg/[email protected]
2 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 3 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Score: 9.4
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE: CWE-1321
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
pkg:npm/[email protected]
SEVERE Vulnerabilities (1)
URL Redirection to Untrusted Site ('Open Redirect')
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
CVSS Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-601
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "eslint-plugin-jest": "^26.0.0", | ||
| "eslint-plugin-react": "^7.27.0", | ||
| "eslint-plugin-react-hooks": "^4.3.0", | ||
| "is-ci": "^3.0.1", | ||
| "jest": "^27.3.1", | ||
| "jest": "^28.1.3", |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/[email protected]
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improper Link Resolution Before File Access ('Link Following')
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVSS Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "react": "^17.0.2", | ||
| "react-dom": "^17.0.2", | ||
| "react": "^18.1.0", | ||
| "react-dom": "^18.1.0", | ||
| "remark-cli": "^6.0.1", |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/[email protected]
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 3 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Score: 9.4
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE: CWE-1321
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| version "27.3.1" | ||
| resolved "https://registry.yarnpkg.com/@jest/test-sequencer/-/test-sequencer-27.3.1.tgz#4b3bde2dbb05ee74afdae608cf0768e3354683b1" | ||
| integrity sha512-siySLo07IMEdSjA4fqEnxfIX8lB/lWYsBPwNFtkOvsFQvmBrL3yj3k3uFNZv/JDyApTakRpxbKLJ3CT8UGVCrA== | ||
| "@jest/test-sequencer@^28.0.0", "@jest/test-sequencer@^28.1.3": |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40jest/[email protected]
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improper Link Resolution Before File Access ('Link Following')
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVSS Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| version "2.1.5" | ||
| resolved "https://registry.yarnpkg.com/@preconstruct/cli/-/cli-2.1.5.tgz#f7f6d06809f382521589af15f67b87009b240c58" | ||
| integrity sha512-bMnGTkaotxq+xoOkXoUOfTFvxBX/ZUxukcacf3mx3G7Iz5m/T4ZGzSOU12pxl64e+rVWGTKlUsgaDSgyFkup0A== | ||
| "@preconstruct/[email protected]": |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40preconstruct/[email protected]
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "@prisma/get-platform" "3.12.0-37.22b822189f46ef0dc5c5b503368d1bee01213980" | ||
| ts-pattern "^4.0.1" | ||
|
|
||
| "@prisma/[email protected]": |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40prisma/[email protected]
2 Critical, 3 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (2)
CVE-2022-35948
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
undici is an HTTP/1.1 client, written from scratch for Node.js.
=< [email protected]users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside thecontent-typeheader. Example:import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, })The above snippet will perform two requests in a singlerequestAPI call: 1)http://localhost:3000/2)http://localhost:3000/foo2This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround.CVSS Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
CVE-2022-35949
Server-Side Request Forgery (SSRF)
undici is an HTTP/1.1 client, written from scratch for Node.js.
undiciis vulnerable to SSRF (Server-side Request Forgery) when an application takes in user input into thepath/pathnameoption ofundici.request. If a user specifies a URL such ashttp://127.0.0.1or//127.0.0.1js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"})Instead of processing the request ashttp://example.org//127.0.0.1(orhttp://example.org/http://127.0.0.1whenhttp://127.0.0.1 is used), it actually processes the request ashttp://127.0.0.1/and sends it tohttp://127.0.0.1. If a developer passes in user input intopathparameter ofundici.request, it can result in an SSRF as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in[email protected]. The best workaround is to validate user input before passing it to theundici.requestcall.CVSS Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
SEVERE Vulnerabilities (3)
CVE-2022-31150
Improper Neutralization of CRLF Sequences ('CRLF Injection')
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate
\r\nis a workaround for this issue.CVSS Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-93
CVE-2022-31151
Origin Validation Error
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e.
maxRedirections: 0(the default).CVSS Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-346
CVE-2022-32210
Improper Certificate Validation
Undici.ProxyAgentnever verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.CVSS Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-295
pkg:npm/[email protected]
MODERATE Vulnerabilities (1)
Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-200
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "@js-joda/core@^5.2.0": | ||
| version "5.2.0" | ||
| resolved "https://registry.yarnpkg.com/@js-joda/core/-/core-5.2.0.tgz#fcebb14cffbf25adaaeec20d4579530e896ecd4a" | ||
| integrity sha512-0OriPYIaMLB3XiLQMe0BXKVIqeriTn3H7JMOzTsHEtt7Zqq+TetCu97KnAhU3ckiQZKBxfZshft+H1OC4D1lXw== | ||
|
|
||
| "@manypkg/cli@^0.19.1": |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40manypkg/[email protected]
2 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 3 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Score: 9.4
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE: CWE-1321
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
pkg:npm/[email protected]
SEVERE Vulnerabilities (1)
URL Redirection to Untrusted Site ('Open Redirect')
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
CVSS Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-601
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| version "3.5.0" | ||
| resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-3.5.0.tgz#09d05554e6aed9fed296d7bff99e2b8ca31f49eb" | ||
| integrity sha512-c3wEnPSnzvWvYvRJq1B+yIpa+vBvm0kq0tvD4j/IOw/F1s3sadu43Xr4FiLw++UfeLyh3aS5Wk68hjvrW1ceiQ== | ||
| apollo-server-core@^3.10.0, apollo-server-core@^3.5.0: |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/[email protected]
1 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
pkg:npm/[email protected]
MODERATE Vulnerabilities (1)
Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-200
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| version "27.3.1" | ||
| resolved "https://registry.yarnpkg.com/jest/-/jest-27.3.1.tgz#b5bab64e8f56b6f7e275ba1836898b0d9f1e5c8a" | ||
| integrity sha512-U2AX0AgQGd5EzMsiZpYt8HyZ+nSVIh5ujQ9CPp9EQZJMjXIiSZpJNweZl0swatKRoqHWgGKM3zaSwm4Zaz87ng== | ||
| jest@^28.1.3: |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/[email protected]
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improper Link Resolution Before File Access ('Link Following')
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVSS Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| @@ -11162,18 +12061,18 @@ remark-hint@^1.0.10: | |||
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/[email protected]
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 3 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Score: 9.4
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE: CWE-1321
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Uncontrolled Resource Consumption
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| apollo-server-errors@^3.3.0, apollo-server-errors@^3.3.1: | ||
| version "3.3.1" | ||
| resolved "https://registry.yarnpkg.com/apollo-server-errors/-/apollo-server-errors-3.3.1.tgz#ba5c00cdaa33d4cbd09779f8cb6f47475d1cd655" | ||
| integrity sha512-xnZJ5QWs6FixHICXHxUfm+ZWqqxrNuPlQ+kj5m6RtEgIpekOPssH/SD9gf2B4HuWV0QozorrygwZnux8POvyPA== | ||
|
|
||
| apollo-server-express@^3.5.0: |
There was a problem hiding this comment.
Moderate Vulnerability:
pkg:npm/[email protected]
0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
MODERATE Vulnerabilities (1)
Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-200
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| version "3.12.0" | ||
| resolved "https://registry.yarnpkg.com/@prisma/migrate/-/migrate-3.12.0.tgz#13376d95bc54038a28d7c0c721be6bfc7657ae94" | ||
| integrity sha512-w5zORx3azWP9MpymD1VPnXSGRBtK60CULkqFvsQ9Poc/lULPR4bOrDzQFMNkRhMnrN6SgYgTBniawsiyLUdbuw== | ||
| "@prisma/[email protected]": |
There was a problem hiding this comment.
Moderate Vulnerability:
pkg:npm/%40prisma/[email protected]
0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
MODERATE Vulnerabilities (1)
Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-200
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| version "3.4.0" | ||
| resolved "https://registry.yarnpkg.com/apollo-server-types/-/apollo-server-types-3.4.0.tgz#9af0322c79e95b698526646220f34534cba3cb11" | ||
| integrity sha512-iFNRENtxDoFWoY+KxpGP+TYyRnqUPqUTubMJVgiXPDvOPFL8dzqGGmqq1g/VCeWFHRJTPBLWhOfQU7ktwDEjnQ== | ||
| apollo-server-types@^3.4.0, apollo-server-types@^3.6.2: |
There was a problem hiding this comment.
Moderate Vulnerability:
pkg:npm/[email protected]
0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
MODERATE Vulnerabilities (1)
Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-200
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| @@ -33,7 +32,7 @@ export const access = { | |||
|
|
|||
| const randomNumber = () => Math.round(Math.random() * 10); | |||
There was a problem hiding this comment.
opt.semgrep.node_insecure_random_generator: crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator.
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| @@ -0,0 +1,13 @@ | |||
| docker run -d -p 9000:9000 --name minio \ | |||
There was a problem hiding this comment.
SC2148: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| const result = {}; | ||
| for (const item of list) { | ||
| if (!item.pull) continue; | ||
| result[item.user] ||= []; |
There was a problem hiding this comment.
💬 3 similar findings have been found in this PR
JSC_PARSE_ERROR: Parse error. primary expression expected
Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| examples/basic/admin/pages/report.js | 5 |
| examples/embedded-nextjs/pages/index.js | 8 |
Visit the Lift Web Console to find more details in your report.
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "@timsuchanek/copy" "1.4.5" | ||
| archiver "5.3.0" | ||
| arg "5.0.1" | ||
| "@prisma/[email protected]": |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40prisma/[email protected]
2 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:npm/[email protected]
CRITICAL Vulnerabilities (2)
CVE-2022-35948
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
undici is an HTTP/1.1 client, written from scratch for Node.js.
=< [email protected]users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside thecontent-typeheader. Example:import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, })The above snippet will perform two requests in a singlerequestAPI call: 1)http://localhost:3000/2)http://localhost:3000/foo2This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround.CVSS Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
CVE-2022-35949
Server-Side Request Forgery (SSRF)
undici is an HTTP/1.1 client, written from scratch for Node.js.
undiciis vulnerable to SSRF (Server-side Request Forgery) when an application takes in user input into thepath/pathnameoption ofundici.request. If a user specifies a URL such ashttp://127.0.0.1or//127.0.0.1js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"})Instead of processing the request ashttp://example.org//127.0.0.1(orhttp://example.org/http://127.0.0.1whenhttp://127.0.0.1 is used), it actually processes the request ashttp://127.0.0.1/and sends it tohttp://127.0.0.1. If a developer passes in user input intopathparameter ofundici.request, it can result in an SSRF as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in[email protected]. The best workaround is to validate user input before passing it to theundici.requestcall.CVSS Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
pkg:npm/[email protected]
MODERATE Vulnerabilities (1)
Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-200
Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.
When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "@timsuchanek/copy" "1.4.5" | ||
| archiver "5.3.0" | ||
| arg "5.0.1" | ||
| "@prisma/[email protected]": |
There was a problem hiding this comment.
Moderate Vulnerability:
pkg:npm/%40prisma/[email protected]
0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/[email protected]
MODERATE Vulnerabilities (1)
Exposure of Sensitive Information to an Unauthorized Actor
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-200
ℹ️ Learn about @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| resolved "https://registry.yarnpkg.com/@trysound/sax/-/sax-0.2.0.tgz#cccaab758af56761eb7bf37af6f03f326dd798ad" | ||
| integrity sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA== | ||
|
|
||
| "@ts-gql/compiler@^0.15.3": |
There was a problem hiding this comment.
Critical Vulnerability:
pkg:npm/%40ts-gql/[email protected]
1 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:npm/[email protected]
SEVERE Vulnerabilities (1)
Incorrect Regular Expression
CVSS Score: 5.9
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-185
pkg:npm/[email protected]
CRITICAL Vulnerabilities (1)
Improper Link Resolution Before File Access ('Link Following')
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVSS Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
ℹ️ Learn about @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| "prettier": "^2.5.0", | ||
| "react": "^17.0.2", | ||
| "react-dom": "^17.0.2", | ||
| "react": "^18.1.0", |
There was a problem hiding this comment.
Medium Vulnerability:
pkg:npm/[email protected]
0 Critical, 0 High, 1 Medium, 0 Low, 0 None vulnerabilities have been found across 1 dependencies
To see more details about this component, go to the Sonatype Lift console
ℹ️ Learn about @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| const posts = data?.author?.posts; | ||
| if (posts && posts.length > 0) { | ||
| return context.db.Post.findOne({ where: { id: posts[0].id } }); | ||
| } |
There was a problem hiding this comment.
opt.semgrep.node_nosqli_injection: Untrusted user input in findOne() function can result in NoSQL Injection.
ℹ️ Learn about @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| }); | ||
| const posts = data?.author?.posts; | ||
| if (posts && posts.length > 0) { | ||
| return context.db.Post.findOne({ where: { id: posts[0].id } }); |
There was a problem hiding this comment.
opt.semgrep.node_nosqli_injection: Untrusted user input in findOne() function can result in NoSQL Injection.
ℹ️ Learn about @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
Co-authored-by: Daniel Cousens <[email protected]> Co-authored-by: Emma Hamilton <[email protected]>
The cursor parameter in findMany accepted uniqueWhere inputs without validating them against isFilterable access controls. This allowed users to bypass dynamic isFilterable functions by using cursor instead of where to probe for records by protected field values. Add checkFilterOrderAccess validation for cursor fields, matching the existing validation for where fields. Add tests for cursor-based filtering with both allowed and denied isFilterable configurations. --------- Co-authored-by: velocityx034-spec <[email protected]> Co-authored-by: Emma Hamilton <[email protected]>
…`) (#9793) Co-authored-by: Daniel Cousens <[email protected]>
Co-authored-by: Copilot <[email protected]> Co-authored-by: dcousens <[email protected]> Co-authored-by: Daniel Cousens <[email protected]>
Co-authored-by: Daniel Cousens <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Bojun Chai <[email protected]>
Signed-off-by: andoan16 <[email protected]> Co-authored-by: Daniel Cousens <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Daniel Cousens <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Cousens <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
15 participants
No description provided.