Preparing for v4.7.0 release.

forcedotcom · Oct 25, 2024 · 50ba465 · 50ba465
1 parent 48fcd94
commit 50ba465
Show file tree

Hide file tree

Showing 3 changed files with 1,083 additions and 992 deletions.
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "4.6.0",
+	"version": "4.7.0",
 	"author": "Salesforce Code Analyzer Team",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {

diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json
@@ -78,6 +78,7 @@
         ]
       },
       {
+        "atOrAbove": "1.2.1",
         "below": "1.9.0",
         "cwe": [
           "CWE-79"
@@ -92,7 +93,8 @@
         },
         "info": [
           "https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
-          "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
+          "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
+          "https://research.insecurelabs.org/jquery/test/"
         ]
       },
       {
@@ -4363,6 +4365,30 @@
           "https://github.com/cure53/DOMPurify/releases"
         ]
       },
+      {
+        "atOrAbove": "0",
+        "below": "2.5.0",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "0",
         "below": "2.5.4",
@@ -4387,6 +4413,30 @@
           "https://github.com/cure53/DOMPurify"
         ]
       },
+      {
+        "atOrAbove": "3.0.0",
+        "below": "3.1.3",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "DOMpurify has a nesting-based mXSS",
+          "CVE": [
+            "CVE-2024-47875"
+          ],
+          "githubID": "GHSA-gx9m-whjm-85jf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
+          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
+          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
+          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
+        ]
+      },
       {
         "atOrAbove": "3.0.0",
         "below": "3.1.3",
@@ -5613,6 +5663,28 @@
           "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
           "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
         ]
+      },
+      {
+        "atOrAbove": "40.0.0",
+        "below": "43.1.1",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Cross-site scripting (XSS) in the clipboard package",
+          "CVE": [
+            "CVE-2024-45613"
+          ],
+          "githubID": "GHSA-rgg8-g5x8-wr9v"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
+          "https://github.com/ckeditor/ckeditor5",
+          "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
+        ]
       }
     ],
     "extractors": {
@@ -6697,6 +6769,28 @@
           "https://github.com/vercel/next.js"
         ]
       },
+      {
+        "atOrAbove": "10.0.0",
+        "below": "14.2.7",
+        "cwe": [
+          "CWE-674"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Denial of Service condition in Next.js image optimization",
+          "CVE": [
+            "CVE-2024-47831"
+          ],
+          "githubID": "GHSA-g77x-44xx-532m"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-g77x-44xx-532m",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-47831",
+          "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
+          "https://github.com/vercel/next.js"
+        ]
+      },
       {
         "atOrAbove": "14.0.0",
         "below": "14.2.10",