[Snyk] Security upgrade simple-git from 3.5.0 to 3.15.0

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3112221	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: simple-git

The new version differs by 96 commits.

• e1d66b6 Merge pull request Register mce plugin scripts WordPress/gutenberg#863 from steveukx/changeset-release/main
• d4764bf Version Packages
• 7746480 Chore: bump lerna, jest and create prettier workflow (Chrome: Adding the trash post link to the sidebar WordPress/gutenberg#862)
• 47030d5 Merge pull request Show UI on text selection WordPress/gutenberg#861 from steveukx/security/protocols
• 6b3c631 Create the `unsafe` plugin to configure how `simple-git` treats known potentially unsafe operations.
• 3324eed Merge pull request Sidebar: Add Featured Image panel WordPress/gutenberg#855 from steveukx/changeset-release/main
• e459622 Version Packages
• 2ea0231 Merge pull request Sidebar: Categories & Tags panel WordPress/gutenberg#854 from steveukx/chore/update-lerna
• 5a2e7e4 Add version parsing support for non-numeric patches (to include built… (Sidebar: Link to latest revision WordPress/gutenberg#853)
• 88fee05 Chore: bump lerna to latest `5.5.1`
• 0f964ba Merge pull request Add full-content tests for parsing + blocks list + serialization WordPress/gutenberg#849 from steveukx/changeset-release/main
• 6460a1f Version Packages
• 4259b26 Create interface for retrieving git version information (Add/147 table block (alternate vision) WordPress/gutenberg#850)
• 19029fc Abort plugin (Fix a few issues with saving post titles, dirty handling, etc. WordPress/gutenberg#848)
• 1cd0dac Merge pull request Docs and API: clarify naming around block registration WordPress/gutenberg#842 from steveukx/changeset-release/main
• ee801ae Version Packages
• d0dceda Allow using just one of `from` and `to` in the `git.log` options. (Add accessibleFocus utility. WordPress/gutenberg#846)
• 6b3e05c Share test utilities (Quote: add citation placeholder. WordPress/gutenberg#843)
• a975980 Merge pull request Chrome: Adding the post date picker to schedule posts WordPress/gutenberg#841 from steveukx/feat/remove-legacy-promise
• 87b0d75 Changeset
• 670d854 Remove `/promise` type definitions, allow JavaScript to `require('simple-git/promise')` with deprecation notice written to `console.error`
• bf97246 Revert "Remove ability to import `/promise` types and throw when required."
• 1631776 Remove legacy promise integration test
• 2ac1d3f Remove ability to import `/promise` types and throw when required.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Apr 23, 2024 7:17pm
gutenberg-wd9x	❌ Failed (Inspect)			Apr 23, 2024 7:17pm

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@actions/[email protected]	environment, filesystem Transitive: network	+2	260 kB	thboop
npm/@actions/[email protected]	environment, filesystem Transitive: network	+13	4.49 MB	thboop
npm/@ariakit/[email protected]	None	+5	3.57 MB	ariakit-bot
npm/@ariakit/[email protected]	None	+1	1.46 MB	ariakit-bot
npm/@axe-core/[email protected]	None	0	44.4 kB	npmdeque
npm/@babel/[email protected]	environment, filesystem, unsafe	+32	8.06 MB	nicolo-ribaudo
npm/@babel/[email protected]	unsafe	+1	127 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	+2	18.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	+1	14.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	unsafe Transitive: environment	+5	2.57 MB	nicolo-ribaudo
npm/@babel/[email protected]	None	0	216 kB	nicolo-ribaudo
npm/@babel/[email protected]	Transitive: environment	+18	5.56 MB	nicolo-ribaudo
npm/@emotion/[email protected]	environment	+7	2.78 MB	emotion-release-bot
npm/@emotion/[email protected]	environment	+3	151 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+10	3.2 MB	emotion-release-bot
npm/@emotion/[email protected]	environment	+2	144 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+3	212 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+2	587 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+1	65.6 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+1	227 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	0	18.3 kB	emotion-release-bot
npm/@geometricpanda/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+48	10.1 MB	geometricpandadev
npm/@octokit/[email protected]	None	0	21.9 kB	octokitbot
npm/@octokit/[email protected]	Transitive: network	+6	2.81 MB	octokitbot
npm/@octokit/[email protected]	None	+1	1.76 MB	octokitbot
npm/@octokit/[email protected]	None	0	162 kB	octokitbot
npm/@octokit/[email protected]	None	0	210 kB	octokitbot
npm/@playwright/[email protected]	None	0	25.3 kB	aslushnikov
npm/@pmmmwh/[email protected]	environment, filesystem Transitive: network	+2	441 kB	pmmmwh
npm/@react-native-clipboard/[email protected]	None	0	176 kB	naturalclar
npm/@react-native-community/[email protected]	None	0	300 kB	titozzz
npm/@react-native-masked-view/[email protected]	None	0	58.2 kB	naturalclar
npm/@react-native/[email protected]	None	0	155 kB	react-native-bot
npm/@react-navigation/[email protected]	environment	0	971 kB	satya164
npm/@react-navigation/[email protected]	environment	+3	1.49 MB	satya164
npm/@react-navigation/[email protected]	None	0	237 kB	satya164
npm/@react-navigation/[email protected]	Transitive: environment	+1	1.14 MB	satya164
npm/@react-spring/[email protected]	environment	+5	448 kB	tdfka_rick
npm/@storybook/[email protected]	Transitive: environment, eval, network	+42	8.7 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, network	+39	8.51 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+48	10 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+79	23.5 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, network	+39	8.49 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, network	+39	8.5 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	+122	21.3 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, filesystem, network, unsafe	+16	3.94 MB	shilman
npm/@storybook/[email protected]	filesystem	+3	351 kB	shilman

🚮 Removed packages: npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@mdx-js/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: PUPPETEER_CHROMIUM_REVISION Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: PUPPETEER_EXECUTABLE_PATH Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: npm_config_puppeteer_executable_path Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: npm_package_config_puppeteer_executable_path Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: npm_package_config_puppeteer_product Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: npm_config_puppeteer_product Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: PUPPETEER_PRODUCT Location: Package overview	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: https Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: https-proxy-agent Location: Package overview	orphan: npm/[email protected]
New author	npm/[email protected]	New Author: hanselfmu Previous Author: mathias	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: Location: Package overview	orphan: npm/[email protected]
Shell access	npm/[email protected]	Module: child_process Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: http Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: globalThis["fetch"] Location: Package overview	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Debug access	npm/[email protected]	Module: module Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
High entropy strings	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
High entropy strings	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: TERM Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: NODE_DEBUG Location: Package overview	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 11/10/2018, 2:38:01 AM	package-lock.json package.json
New author	npm/[email protected]	New Author: phated Previous Author: thlorenz	package-lock.json package.json
Environment variable access	npm/[email protected]	Env Vars: comspec Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	package-lock.json package.json
New author	npm/[email protected]	New Author: chrisdickinson Previous Author: zkat	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: http Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: net Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: https Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: tls Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: WS_NO_UTF_8_VALIDATE Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: WS_NO_BUFFER_UTIL Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/@kwsites/[email protected]	Module: fs Location: Package overview	orphan: npm/@kwsites/[email protected]
Environment variable access	npm/[email protected]	Env Vars: Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: key Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Minified code	npm/[email protected]	Confidence: 1.00 Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: t Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: YARGS_MIN_NODE_VERSION Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: YARGS_MIN_NODE_VERSION Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: globalThis["fetch"] Location: Package overview	package-lock.json package.json packages/scripts/package.json
New author	npm/[email protected]	New Author: eemeli Previous Author: loganfsmyth	package-lock.json package.json packages/scripts/package.json
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	package-lock.json package.json packages/scripts/package.json
Environment variable access	npm/[email protected]	Env Vars: WATCHPACK_WATCHER_LIMIT Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: WATCHPACK_RECURSIVE_WATCHER_LOGGING Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: WATCHPACK_POLLING Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Shell access	npm/@aw-web-design/[email protected]	Module: child_process Location: Package overview	orphan: npm/@aw-web-design/[email protected]
Deprecated	npm/@babel/[email protected]	Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.	package-lock.json package.json
Environment variable access

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
Critical	pkg:npm/[email protected] (t) upgrade to: 3.16.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.