Preparing for v4.5.0 release.

Author: github-actions[bot]

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "4.4.0",
+	"version": "4.5.0",
 	"author": "Salesforce Code Analyzer Team",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {

retire-js/RetireJsVulns.json

@@ -119,54 +119,6 @@
           "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
         ]
       },
-      {
-        "atOrAbove": "1.8.0",
-        "below": "1.12.0",
-        "cwe": [
-          "CWE-79"
-        ],
-        "severity": "medium",
-        "identifiers": {
-          "summary": "3rd party CORS request may execute",
-          "issue": "2432",
-          "CVE": [
-            "CVE-2015-9251"
-          ],
-          "githubID": "GHSA-rmxg-73gg-4p98"
-        },
-        "info": [
-          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
-          "http://research.insecurelabs.org/jquery/test/",
-          "https://bugs.jquery.com/ticket/11974",
-          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
-          "https://github.com/jquery/jquery/issues/2432",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
-        ]
-      },
-      {
-        "atOrAbove": "1.12.2",
-        "below": "2.2.0",
-        "cwe": [
-          "CWE-79"
-        ],
-        "severity": "medium",
-        "identifiers": {
-          "summary": "3rd party CORS request may execute",
-          "issue": "2432",
-          "CVE": [
-            "CVE-2015-9251"
-          ],
-          "githubID": "GHSA-rmxg-73gg-4p98"
-        },
-        "info": [
-          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
-          "http://research.insecurelabs.org/jquery/test/",
-          "https://bugs.jquery.com/ticket/11974",
-          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
-          "https://github.com/jquery/jquery/issues/2432",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
-        ]
-      },
       {
         "below": "2.999.999",
         "cwe": [
@@ -175,7 +127,8 @@
         "severity": "low",
         "identifiers": {
           "summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates",
-          "retid": "73"
+          "retid": "73",
+          "issue": "162"
         },
         "info": [
           "https://github.com/jquery/jquery.com/issues/162"
@@ -205,30 +158,6 @@
           "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
         ]
       },
-      {
-        "atOrAbove": "2.2.2",
-        "below": "3.0.0",
-        "cwe": [
-          "CWE-79"
-        ],
-        "severity": "medium",
-        "identifiers": {
-          "summary": "3rd party CORS request may execute",
-          "issue": "2432",
-          "CVE": [
-            "CVE-2015-9251"
-          ],
-          "githubID": "GHSA-rmxg-73gg-4p98"
-        },
-        "info": [
-          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
-          "http://research.insecurelabs.org/jquery/test/",
-          "https://bugs.jquery.com/ticket/11974",
-          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
-          "https://github.com/jquery/jquery/issues/2432",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
-        ]
-      },
       {
         "atOrAbove": "3.0.0-rc.1",
         "below": "3.0.0",
@@ -898,7 +827,7 @@
   "jquery-deparam": {
     "vulnerabilities": [
       {
-        "below": "999",
+        "below": "0.5.4",
         "severity": "high",
         "cwe": [
           "CWE-1321"
@@ -3227,21 +3156,7 @@
         ]
       },
       {
-        "below": "1.999",
-        "severity": "low",
-        "cwe": [
-          "CWE-1104"
-        ],
-        "identifiers": {
-          "summary": "End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021",
-          "retid": "54"
-        },
-        "info": [
-          "https://blog.angular.io/discontinued-long-term-support-for-angularjs-cc066b82e65a?gi=9d3103b5445c"
-        ]
-      },
-      {
-        "below": "999",
+        "below": "1.8.4",
         "severity": "medium",
         "cwe": [
           "CWE-1333"
@@ -3258,7 +3173,7 @@
         ]
       },
       {
-        "below": "999",
+        "below": "1.8.4",
         "severity": "medium",
         "cwe": [
           "CWE-1333"
@@ -3275,7 +3190,7 @@
         ]
       },
       {
-        "below": "999",
+        "below": "1.8.4",
         "severity": "medium",
         "cwe": [
           "CWE-79"
@@ -3292,7 +3207,7 @@
         ]
       },
       {
-        "below": "999",
+        "below": "1.8.4",
         "severity": "medium",
         "cwe": [
           "CWE-1333"
@@ -3310,7 +3225,7 @@
       },
       {
         "atOrAbove": "1.3.0",
-        "below": "999",
+        "below": "1.8.4",
         "cwe": [
           "CWE-1333"
         ],
@@ -3332,6 +3247,20 @@
           "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
         ]
       },
+      {
+        "below": "1.999",
+        "severity": "low",
+        "cwe": [
+          "CWE-1104"
+        ],
+        "identifiers": {
+          "summary": "End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021",
+          "retid": "54"
+        },
+        "info": [
+          "https://docs.angularjs.org/misc/version-support-status"
+        ]
+      },
       {
         "atOrAbove": "1.7.0",
         "below": "999",
@@ -5055,6 +4984,29 @@
           "https://github.com/twbs/bootstrap/issues/28236"
         ]
       },
+      {
+        "atOrAbove": "2.0.0",
+        "below": "3.4.2",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability",
+          "CVE": [
+            "CVE-2024-6484"
+          ],
+          "githubID": "GHSA-9mvj-f7w8-pvh2"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-9mvj-f7w8-pvh2",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-6484",
+          "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml",
+          "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml",
+          "https://github.com/twbs/bootstrap",
+          "https://www.herodevs.com/vulnerability-directory/cve-2024-6484"
+        ]
+      },
       {
         "below": "3.999.999",
         "severity": "low",
@@ -5164,6 +5116,28 @@
           "https://github.com/advisories/GHSA-9v3m-8fp8-mj99",
           "https://github.com/twbs/bootstrap/issues/28236"
         ]
+      },
+      {
+        "atOrAbove": "4.0.0",
+        "below": "4.6.3",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability",
+          "CVE": [
+            "CVE-2024-6531"
+          ],
+          "githubID": "GHSA-vc8w-jr9v-vj7f"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-vc8w-jr9v-vj7f",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-6531",
+          "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml",
+          "https://github.com/twbs/bootstrap",
+          "https://www.herodevs.com/vulnerability-directory/cve-2024-6531"
+        ]
       }
     ],
     "extractors": {
@@ -5887,6 +5861,33 @@
         "info": [
           "https://github.com/axios/axios/pull/6300"
         ]
+      },
+      {
+        "atOrAbove": "1.3.2",
+        "below": "1.7.4",
+        "cwe": [
+          "CWE-918"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Server-Side Request Forgery in axios",
+          "CVE": [
+            "CVE-2024-39338"
+          ],
+          "githubID": "GHSA-8hc4-vh64-cxmj"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-8hc4-vh64-cxmj",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
+          "https://github.com/axios/axios/issues/6463",
+          "https://github.com/axios/axios/pull/6539",
+          "https://github.com/axios/axios/pull/6543",
+          "https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a",
+          "https://github.com/axios/axios",
+          "https://github.com/axios/axios/releases",
+          "https://github.com/axios/axios/releases/tag/v1.7.4",
+          "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
+        ]
       }
     ],
     "extractors": {
@@ -6562,7 +6563,8 @@
     "extractors": {
       "filecontent": [
         "version=\"(§§version§§)\".{1,1500}document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent",
-        "document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent\\);window\\.__NEXT_DATA__=.;.\\.version=\"(§§version§§)\""
+        "document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent\\);window\\.__NEXT_DATA__=.;.\\.version=\"(§§version§§)\"",
+        "=\"(§§version§§)\"[\\s\\S]{10,100}Component[\\s\\S]{1,10}componentDidCatch[\\s\\S]{10,30}componentDidMount"
       ]
     }
   },
@@ -7403,7 +7405,7 @@
       },
       {
         "atOrAbove": "0",
-        "below": "999",
+        "below": "2.7.10",
         "cwe": [
           "CWE-1333"
         ],