Merge pull request #1734 from forcedotcom/m2d/v4.9.0

stephen-carter-at-sf · web-flow · commit 43e46972d27a · 2025-01-28T11:52:57.000-05:00
Main2Dev @W-17615470@ Merging main-4 to dev-4 after v4.9.0
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "4.8.0",
+	"version": "4.9.0",
 	"author": "Salesforce Code Analyzer Team",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {
@@ -143,13 +143,13 @@
 		"prepack": "rm -rf lib && tsc -b && oclif manifest && oclif readme && oclif lock && npm shrinkwrap",
 		"postpack": "rm -f oclif.manifest.json oclif.lock npm-shrinkwrap.json",
 		"lint-typescript": "eslint ./src --ext .ts --max-warnings 0",
-		"test": "./gradlew test jacocoTestCoverageVerification && nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
-		"test-quiet": "cross-env SFGE_LOGGING=false ./gradlew test jacocoTestCoverageVerification && nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
+		"test": "./gradlew test jacocoTestCoverageVerification && cross-env NODE_OPTIONS=--no-experimental-strip-types nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
+		"test-quiet": "cross-env SFGE_LOGGING=false ./gradlew test jacocoTestCoverageVerification && cross-env NODE_OPTIONS=--no-experimental-strip-types nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
 		"test-cli-messaging": "./gradlew cli-messaging:test cli-messaging:jacocoTestCoverageVerification",
 		"test-pmd-cataloger": "./gradlew pmd-cataloger:test pmd-cataloger:jacocoTestCoverageVerification",
 		"test-sfge": "./gradlew sfge:test sfge:jacocoTestCoverageVerification",
 		"test-sfge-quiet": "cross-env SFGE_LOGGING=false ./gradlew sfge:test sfge:jacocoTestCoverageVerification",
-		"test-typescript": "tsc -b && nyc mocha --timeout 60000 \"./test/**/*.test.ts\"",
+		"test-typescript": "tsc -b && cross-env NODE_OPTIONS=--no-experimental-strip-types nyc mocha --timeout 60000 \"./test/**/*.test.ts\"",
 		"version": "oclif readme && git add README.md"
 	}
 }
diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json
@@ -4957,8 +4957,7 @@
         "identifiers": {
           "summary": "Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4",
           "CVE": [
-            "CVE-2022-31129",
-            "CVE-2023-22467"
+            "CVE-2022-31129"
           ],
           "githubID": "GHSA-wc69-rhjr-hc9g"
         },
@@ -6815,6 +6814,27 @@
           "https://github.com/vercel/next.js"
         ]
       },
+      {
+        "atOrAbove": "13.0.0",
+        "below": "13.5.8",
+        "cwe": [
+          "CWE-770"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
+          "CVE": [
+            "CVE-2024-56332"
+          ],
+          "githubID": "GHSA-7m27-7ghc-44w9"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
+          "https://github.com/vercel/next.js"
+        ]
+      },
       {
         "atOrAbove": "13.4.0",
         "below": "14.1.1",
@@ -6906,6 +6926,48 @@
           "https://github.com/vercel/next.js",
           "https://github.com/vercel/next.js/releases/tag/v14.2.15"
         ]
+      },
+      {
+        "atOrAbove": "14.0.0",
+        "below": "14.2.21",
+        "cwe": [
+          "CWE-770"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
+          "CVE": [
+            "CVE-2024-56332"
+          ],
+          "githubID": "GHSA-7m27-7ghc-44w9"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
+          "https://github.com/vercel/next.js"
+        ]
+      },
+      {
+        "atOrAbove": "15.0.0",
+        "below": "15.1.2",
+        "cwe": [
+          "CWE-770"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
+          "CVE": [
+            "CVE-2024-56332"
+          ],
+          "githubID": "GHSA-7m27-7ghc-44w9"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
+          "https://github.com/vercel/next.js"
+        ]
       }
     ],
     "extractors": {
@@ -7867,7 +7929,6 @@
         "identifiers": {
           "summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
           "CVE": [
-            "CVE-2024-34342",
             "CVE-2024-4367"
           ],
           "githubID": "GHSA-wgrm-67xf-hhpq"
