Merge pull request #989 from forcedotcom/rm/3.10ReleaseUpdates

rmohan20 · web-flow · commit 5edd99c7da2f · 2023-02-27T11:28:00.000-08:00
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "3.9.0",
+	"version": "3.10.0",
 	"author": "ISV SWAT",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {
diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json
@@ -2834,7 +2834,7 @@
       {
         "below": "1.12.1",
         "atOrAbove": "1.3.2",
-        "severity": "High",
+        "severity": "high",
         "identifiers": {
           "summary": " vulnerable to Arbitrary Code Injection via the template function",
           "CVE": [
@@ -3836,6 +3836,34 @@
       ]
     }
   },
+  "chart.js": {
+    "vulnerabilities": [
+      {
+        "below": "2.9.4",
+        "severity": "high",
+        "identifiers": {
+          "summary": "Prototype pollution in chart.js",
+          "CVE": [
+            "CVE-2020-7746"
+          ]
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-h68q-55jf-x68w"
+        ]
+      }
+    ],
+    "extractors": {
+      "uri": [
+        "/Chart.js/(§§version§§)/chart(\\.min)?\\.js",
+        "/Chart.js/(§§version§§)/Chart.bundle(\\.min)?\\.js"
+      ],
+      "filecontent": [
+        "var version=\"(§§version§§)\";const KNOWN_POSITIONS=\\[\"top\",\"bottom\",\"left\",\"right\",\"chartArea\"\\]",
+        "/\\*![\\s]+\\* Chart.js v(§§version§§)",
+        "/\\*![\\s]+\\* Chart.js[\\s]+\\* http://chartjs.org/[\\s]+\\* Version: (§§version§§)"
+      ]
+    }
+  },
   "dont check": {
     "extractors": {
       "uri": [
diff --git a/sfge/src/main/java/com/salesforce/rules/Violation.java b/sfge/src/main/java/com/salesforce/rules/Violation.java
@@ -323,7 +323,7 @@ public LimitReachedViolation(String message, SFVertex vertex) {
             this.category = INTERNAL_ERROR_CATEGORY;
             this.description = "";
             this.severity = AbstractRule.SEVERITY.LOW.code;
-            this.url = "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/working-with-sfge/";
+            this.url = "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/working-with-sfge/#understand-outofmemory-errors";
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@salesforce/sfdx-scanner",`
`3`	`3`	`"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",`
`4`		`- "version": "3.9.0",`
	`4`	`+ "version": "3.10.0",`
`5`	`5`	`"author": "ISV SWAT",`
`6`	`6`	`"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",`
`7`	`7`	`"dependencies": {`
Original file line number	Diff line number	Diff line change
`@@ -323,7 +323,7 @@ public LimitReachedViolation(String message, SFVertex vertex) {`
`323`	`323`	`this.category = INTERNAL_ERROR_CATEGORY;`
`324`	`324`	`this.description = "";`
`325`	`325`	`this.severity = AbstractRule.SEVERITY.LOW.code;`
`326`		`- this.url = "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/working-with-sfge/";`
	`326`	`+ this.url = "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/working-with-sfge/#understand-outofmemory-errors";`
`327`	`327`	`}`
`328`	`328`	`}`
`329`	`329`