Skip to content

[Snyk] Upgrade @sectester/scan from 0.16.5 to 0.50.0#357

Open
TheRedHatter wants to merge 1 commit into
snyk-fix-93a3b41216b029e9cbcb9ec2fb0bdd3bfrom
snyk-upgrade-3f3792752c9e960c1217b9e24df2b529
Open

[Snyk] Upgrade @sectester/scan from 0.16.5 to 0.50.0#357
TheRedHatter wants to merge 1 commit into
snyk-fix-93a3b41216b029e9cbcb9ec2fb0bdd3bfrom
snyk-upgrade-3f3792752c9e960c1217b9e24df2b529

Conversation

@TheRedHatter
Copy link
Copy Markdown
Owner

@TheRedHatter TheRedHatter commented Apr 27, 2026

snyk-top-banner

Snyk has created this PR to upgrade @sectester/scan from 0.16.5 to 0.50.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 57 versions ahead of your current version.

  • The recommended version was released a month ago.

Release notes
Package name: @sectester/scan
  • 0.50.0 - 2026-03-17

    0.50.0 (2026-03-17)

    Features

    • reporter: introduce bitbucket reporter (#289) (03e58e1)
  • 0.49.0 - 2026-01-22

    0.49.0 (2026-01-22)

    Features

  • 0.48.1 - 2026-01-22

    0.48.1 (2026-01-22)

    Bug Fixes

    • repeater: update timeout error handling to include ETIMEDOUT code (#277) (4ccf972)
  • 0.48.0 - 2026-01-21

    0.48.0 (2026-01-21)

    Features

    • scan: add ability to run broken access control test with required options (#270) (a2876c9)
  • 0.47.0 - 2025-09-15

    0.47.0 (2025-09-15)

    Features

    • reporter: add support for GitLab JUnit test report (#265) (159c743)
  • 0.46.0 - 2025-09-10

    0.46.0 (2025-09-10)

    Features

  • 0.45.0 - 2025-07-09

    0.45.0 (2025-07-09)

    Features

  • 0.44.0 - 2025-07-02

    0.44.0 (2025-07-02)

    Features

    • runner: allow configuring fail-fast behavior (#258) (427749a)
  • 0.43.2 - 2025-05-31

    0.43.2 (2025-05-31)

    Bug Fixes

    • repeater: ensure repeater is deployed on connect (#257) (aaf4cfa)
  • 0.43.1 - 2025-05-31

    0.43.1 (2025-05-31)

    Bug Fixes

  • 0.41.1 - 2025-04-17
  • 0.41.0 - 2025-04-16
  • 0.40.2 - 2025-04-10
  • 0.40.1 - 2025-03-24
  • 0.40.0 - 2025-03-24
  • 0.39.0 - 2025-03-05
  • 0.38.0 - 2025-03-02
  • 0.37.2 - 2025-03-02
  • 0.37.1 - 2025-03-02
  • 0.37.0 - 2025-03-01
  • 0.36.2 - 2025-02-28
  • 0.36.1 - 2025-02-28
  • 0.36.0 - 2025-02-18
  • 0.35.3 - 2025-02-17
  • 0.35.2 - 2025-02-17
  • 0.35.1 - 2025-02-15
  • 0.35.0 - 2025-01-24
  • 0.34.0 - 2025-01-23
  • 0.33.3 - 2024-10-21
  • 0.33.1 - 2024-07-13
  • 0.33.0 - 2024-07-12
  • 0.32.0 - 2024-07-12
  • 0.31.0 - 2024-07-09
  • 0.30.0 - 2024-07-05
  • 0.29.1 - 2024-06-22
  • 0.29.0 - 2024-06-20
  • 0.28.0 - 2024-06-19
  • 0.27.0 - 2023-08-03
  • 0.26.0 - 2023-07-31
  • 0.25.0 - 2023-07-28
  • 0.24.1 - 2023-07-20
  • 0.24.0 - 2023-07-20
  • 0.23.2 - 2023-06-27
  • 0.23.1 - 2023-06-19
  • 0.23.0 - 2023-06-18
  • 0.22.0 - 2023-06-17
  • 0.21.0 - 2023-06-17
  • 0.20.2 - 2023-06-16
  • 0.20.1 - 2023-06-12
  • 0.20.0 - 2023-06-05
  • 0.19.3 - 2023-06-05
  • 0.19.2 - 2023-06-05
  • 0.19.1 - 2023-05-24
  • 0.19.0 - 2023-05-23
  • 0.18.1 - 2023-05-02
  • 0.18.0 - 2023-03-16
  • 0.17.0 - 2023-02-09
  • 0.16.5 - 2022-10-28
from @sectester/scan GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @sectester/scan from 0.16.5 to 0.50.0
2472ebf 
Snyk has created this PR to upgrade @sectester/scan from 0.16.5 to 0.50.0.

See this package in npm:
@sectester/scan

See this project in Snyk:
https://app.snyk.io/org/armorcode-partner/project/1406647d-1c82-44a8-bb07-37145bb5924c?utm_source=github&utm_medium=referral&page=upgrade-pr
@TheRedHatter
Copy link
Copy Markdown
Owner Author

TheRedHatter commented Apr 27, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@TheRedHatter
Copy link
Copy Markdown
Owner Author

TheRedHatter commented Apr 27, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 27, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​nestjs/​schematics@​7.3.110010084940
Added@​mikro-orm/​core@​4.5.10772510096100
Addedlibxmljs@​0.19.79325878370
Added@​types/​axios@​0.14.0991003850100
Added@​types/​raw-body@​2.3.0731003850100
Addedfastify-multipart@​5.4.0971005250100
Addedsupertest@​6.3.39910010050100
Updatedrimraf@​2.7.1 ⏵ 3.0.2100 +1100100 +150100
Added@​types/​jwt-simple@​0.5.33961006380100
Addedjest@​26.6.31001006892100
Added@​sectester/​runner@​0.16.5701009990100
Added@​types/​libxmljs@​0.18.8801007076100
Added@​sectester/​reporter@​0.16.5721009490100
Added@​sectester/​bus@​0.16.5731009979100
Added@​types/​jsonwebtoken@​8.5.91001007381100
Added@​sectester/​repeater@​0.16.5741009990100
Added@​mikro-orm/​postgresql@​4.5.107410010096100
Added@​sectester/​core@​0.16.5741009990100
Updated@​types/​estree@​0.0.50 ⏵ 1.0.010010075 +181100
Updatedaxios@​1.6.0 ⏵ 0.21.499 +175 +1510095100
Added@​mikro-orm/​sql-highlighter@​1.0.1981008675100
Addeddot@​1.1.310010010075100
Addedjwt-simple@​0.5.61001008675100
Addednode-jwk@​0.1.0831009975100
Added@​types/​dot@​1.1.5981008376100
Added@​sectester/​scan@​0.50.0771009994100
Updated@​types/​jest@​27.0.3 ⏵ 26.0.24100 +110077 +181100
Added@​nestjs/​platform-fastify@​9.3.9997810094100
Added@​types/​jwk-to-pem@​2.0.11001008579100
Addedstream-buffers@​3.0.210010010080100
Addedreflect-metadata@​0.1.131001001008080
Addedjwk-to-pem@​2.0.51001009180100
Added@​types/​stream-buffers@​3.0.41001008480100
See 38 more rows in the dashboard

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 27, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: npm @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

CVE: GHSA-72c6-fx6q-fr5w @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes (CRITICAL)

Affected versions: < 9.3.2

Patched version: 9.3.2

From: package-lock.jsonnpm/@nestjs/platform-fastify@9.3.9npm/@fastify/middie@8.1.0

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@fastify/middie@8.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Critical
Critical CVE: MikroORM is vulnerable to SQL Injection via specially crafted object in npm @mikro-orm/core

CVE: GHSA-gwhv-j974-6fxm MikroORM is vulnerable to SQL Injection via specially crafted object (CRITICAL)

Affected versions: < 6.6.10; >= 7.0.0-dev.0 < 7.0.6

Patched version: 6.6.10

From: package-lock.jsonnpm/@mikro-orm/core@4.5.10

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@mikro-orm/core@4.5.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Critical
Critical CVE: npm libxmljs vulnerable to type confusion when parsing specially crafted XML

CVE: GHSA-6433-x5p4-8jc7 libxmljs vulnerable to type confusion when parsing specially crafted XML (CRITICAL)

Affected versions: <= 1.0.11

Patched version: No patched versions

From: package-lock.jsonnpm/libxmljs@0.19.7

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/libxmljs@0.19.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Critical
Critical CVE: npm libxmljs vulnerable to type confusion when parsing specially crafted XML

CVE: GHSA-mg49-jqgw-gcj6 libxmljs vulnerable to type confusion when parsing specially crafted XML (CRITICAL)

Affected versions: <= 1.0.11

Patched version: No patched versions

From: package-lock.jsonnpm/libxmljs@0.19.7

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/libxmljs@0.19.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Critical
Critical CVE: Cross-realm object access in Webpack 5

CVE: GHSA-hc6q-2mpp-qw7j Cross-realm object access in Webpack 5 (CRITICAL)

Affected versions: >= 5.0.0 < 5.76.0

Patched version: 5.76.0

From: public/package-lock.jsonnpm/@nestjs/cli@7.6.0npm/ts-loader@8.4.0npm/webpack@5.28.0

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.28.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TheRedHatter @snyk-bot