[Snyk] Upgrade aws-amplify from 4.3.41 to 4.3.46

[ciaran-finnegan]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade aws-amplify from 4.3.41 to 4.3.46.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2023-02-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3112221	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3177391	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Directory Traversal SNYK-JS-ADMZIP-1065796	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Directory Traversal SNYK-JS-MOMENT-2440688	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Command Injection SNYK-JS-SIMPLEGIT-2421199	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') SNYK-JS-SIMPLEGIT-2434306	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: aws-amplify

• 4.3.46 - 2023-02-09
• 4.3.45 - 2022-12-27
• 4.3.44 - 2022-12-14
• 4.3.44-unstable.4 - 2022-11-08
• 4.3.44-unstable.2 - 2022-11-08
• 4.3.43 - 2022-11-04
• 4.3.43-unstable.4 - 2022-11-03
• 4.3.42 - 2022-10-27
• 4.3.42-unstable.6 - 2022-10-27
• 4.3.42-unstable.5 - 2022-10-27
• 4.3.41 - 2022-10-26

from aws-amplify GitHub release notes

Commit messages

Package name: aws-amplify

• 4b15edd chore(release): Publish [ci skip]
• 598503d chore(core): manually updated version.ts (#10943)
• 4fa33a1 fix(datastore): optional hasOne (v4) (#10689)
• 66b579d chore(release): Publish [ci skip]
• 39db1d2 chore(core): manually updated version.ts (#10817)
• eef9f98 fix(amazon-cognito-identity-js): sets no-store header for cognito user pools (#10804) (#10811)
• 4656bc9 chore: Add amplify-js-admins for v4 release protection (#10792) [ci-skip
• eaa4317 chore(release): Publish [ci skip]
• 7f470fb fix: Add v4-stable release process (#10767)
• b540335 fix(core): add cache-control header to cognito identity client (#10769)
• 36406cb fix(datastore): disconnected has one (v4) (#10618)
• ab0e924 chore(release): update version.ts [ci skip]
• f2a588e chore(release): Publish [ci skip]
• 5827ce2 chore: Release from main (#10605)
• 903a640 fix: Empty commit to fix deploy (#10609)
• 8fdd742 chore: Flip all deprecated UI packages back to private to resolve deployment issues. (#10602)
• ec59a62 chore: use --ignore-engines option in CI (#10590)
• 704fc33 chore: use --ignore-engines option in CI
• dabf01a fix: Missing `cache` exports in React Native (#10577)
• f854272 chore(release): update version.ts [ci skip]
• 745cf54 chore(release): Publish [ci skip]
• 1865394 chore: preparing release (#10554)
• cc35ad1 2 of 2: Make supplanted legacy UI packages private again ahead of next release (#10427)
• d054266 chore: fix build on main, resolve babel deps (#10548)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs