Skip to content
This repository was archived by the owner on Jun 16, 2025. It is now read-only.

[Snyk] Security upgrade aws-amplify from 5.3.3 to 5.3.4 #45

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade aws-amplify from 5.3.3 to 5.3.4 #45

wants to merge 1 commit into from

Conversation

@amz-x
Copy link
Owner

@amz-x amz-x commented Oct 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • webapp/package.json
    • webapp/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: aws-amplify The new version differs by 43 commits.
  • 02bbebe chore(release): Publish [ci skip]
  • b7264d8 release(required): Amplify JS release (#11622)
  • 7d58055 chore: Added custom AnalyticsProvider test (#11618)
  • 28bc873 fix(storage): not pass the input to SSE-C serializer output (#11607)
  • a567fd8 chore: Added missing license headers (#11589)
  • ee19046 fix(storage): custom client base64 encoded SSE-C headers (#11567)
  • 523c941 chore: Added license header script (#11590)
  • ec57e85 chore(storage): merge custom client implementation (#11572)
  • 5630f21 chore(storage): remove workflow for publishing test packages
  • 857e5d8 chore(storage): add missing license header
  • 6753b7a fix(storage): vault uploads with public level with multipart upload (#11584)
  • 416d797 fix(storage): vault uploads with public level with multipart upload
  • 5193e71 chore: Update custom client branch from main (#11569)
  • 0de3729 chore: Tweaked API & Auth size limits.
  • 1aa50ed chore: Tweaked analyics bundle size limit.
  • da8368e Merge branch 'main' into v5/custom-clients-main-merge
  • 237fc80 fix(storage): fail to avoid double signing for presigned URL (#11561)
  • cf51899 fix(storage): fail to avoid double signing for presigned URL
  • 0dab406 fix(core): add @ types/node-fetch to runtime dependency (#11560)
  • 4085319 fix(storage): missing Size in listParts output (#11559)
  • 679d78a fix(storage): missing Size in listParts output
  • 0175d3d fix(storage): multipart upload cannot complete
  • fe05494 feat(storage): integrate custom s3 client (#11542)
  • c58d1e6 chore: Storage & Analytics provider interface annotations (#11557)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amz-x @snyk-bot