[Snyk] Upgrade msw from 0.24.4 to 0.49.3

[nejidevelops]

Snyk has created this PR to upgrade msw from 0.24.4 to 0.49.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 70 versions ahead of your current version.

• The recommended version was released 2 years ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Information Exposure SNYK-JS-NODEFETCH-2342118	539	No Known Exploit

Release notes

Package name: msw

• 0.49.3 - 2023-01-19
  

  v0.49.3 (2023-01-19)

  Bug Fixes

  • use EventTarget-based event emitter (#1522) (6a94b8c) @ chrisguttandin
• 0.49.2 - 2022-12-13
  

  v0.49.2 (2022-12-13)

  Bug Fixes

  • use globalThis.fetch in ctx.fetch utility (#1490) (42cdbc7) @ Toxiapo @ kettanaito
• 0.49.1 - 2022-11-28
  

  v0.49.1 (2022-11-28)

  Bug Fixes

  • setupWorker: resolve the TS4094 error (#1477) (c268796) @ gduliscouet-ubitransport
• 0.49.0 - 2022-11-19
  

  v0.49.0 (2022-11-19)

  Features

  • support TypeScript 4.9, drop support for TypeScript 4.2, 4.3 (#1467) (af0277d) @ wtchnm
• 0.48.3 - 2022-11-15
  

  v0.48.3 (2022-11-15)

  Bug Fixes

  • SetupApi: validate given request handlers (#1460) (a06a944) @ kettanaito
  • inline statuses dependency during the build (#1458) (99d49f9) @ mattcosta7 @ kettanaito
• 0.48.2 - 2022-11-13
  

  v0.48.2 (2022-11-13)

  Bug Fixes

  • resolve absolute worker url against the current path (#1456) (f8d15b4) @ kettanaito
• 0.48.1 - 2022-11-10
  

  v0.48.1 (2022-11-10)

  Bug Fixes

  • bufferUtils import path (#1453) (91b2902) @ cksal0805
• 0.48.0 - 2022-11-08
• 0.47.4 - 2022-10-04
• 0.47.3 - 2022-09-15
• 0.47.2 - 2022-09-13
• 0.47.1 - 2022-09-10
• 0.47.0 - 2022-09-04
• 0.46.1 - 2022-09-01
• 0.46.0 - 2022-08-31
• 0.45.0 - 2022-08-22
• 0.44.2 - 2022-07-19
• 0.44.1 - 2022-07-14
• 0.44.0 - 2022-07-13
• 0.43.1 - 2022-07-07
• 0.43.0 - 2022-07-04
• 0.42.3 - 2022-06-22
• 0.42.2 - 2022-06-22
• 0.42.1 - 2022-06-07
• 0.42.0 - 2022-05-30
• 0.41.1 - 2022-05-27
• 0.41.0 - 2022-05-22
• 0.40.2 - 2022-05-20
• 0.40.1 - 2022-05-19
• 0.40.0 - 2022-05-17
• 0.39.2 - 2022-03-15
• 0.39.1 - 2022-03-08
• 0.39.0 - 2022-03-07
• 0.38.2 - 2022-03-02
• 0.38.1 - 2022-02-19
• 0.38.0 - 2022-02-19
• 0.36.8 - 2022-01-30
• 0.36.7 - 2022-01-24
• 0.36.5 - 2022-01-19
• 0.36.4 - 2022-01-11
• 0.36.3 - 2021-12-09
• 0.36.2 - 2021-12-08
• 0.36.1 - 2021-12-07
• 0.36.0 - 2021-12-04
• 0.35.0 - 2021-08-21
• 0.34.0 - 2021-08-06
• 0.33.3 - 2021-08-04
• 0.33.2 - 2021-07-31
• 0.33.1 - 2021-07-29
• 0.33.0 - 2021-07-23
• 0.32.3 - 2021-07-23
• 0.32.2 - 2021-07-21
• 0.32.1 - 2021-07-20
• 0.32.0 - 2021-07-13
• 0.31.0 - 2021-07-09
• 0.31.0-beta.0 - 2021-07-02
• 0.30.1 - 2021-07-01
• 0.30.0 - 2021-06-24
• 0.29.0 - 2021-05-23
• 0.28.2 - 2021-04-21
• 0.28.1 - 2021-04-01
• 0.28.0 - 2021-03-25
• 0.27.2 - 2021-03-23
• 0.27.1 - 2021-03-08
• 0.27.0 - 2021-02-25
• 0.27.0-beta - 2021-02-21
• 0.26.2 - 2021-02-08
• 0.26.1 - 2021-02-02
• 0.26.0 - 2021-01-26
• 0.25.0 - 2021-01-04
• 0.24.4 - 2020-12-30

from msw GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

Hello team, gemini-code-assist here to provide a summary of this pull request. This PR, automatically generated by Snyk, aims to upgrade the msw dependency from version 0.24.2 to 0.49.3. The primary motivation for this significant version jump is to address a medium-severity Information Exposure vulnerability (SNYK-JS-NODEFETCH-2342118) identified in the current version. Upgrading helps keep our dependencies secure and up-to-date, reducing potential risks.

Highlights

• Dependency Upgrade: The core change is upgrading the msw (Mock Service Worker) library from version 0.24.2 to 0.49.3. This is a major version jump, spanning 70 versions.
• Security Fix: This upgrade specifically addresses a medium-severity Information Exposure vulnerability (SNYK-JS-NODEFETCH-2342118) present in the older version of msw.
• Automated PR: This pull request was automatically created by Snyk to propose the dependency upgrade and fix the identified vulnerability.

Changelog

• package.json
  • Updated the msw dependency version from ^0.24.2 to ^0.49.3 in the devDependencies.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A dependency old,
A story untold,
A vuln it may hide,
With nowhere to confide.
Upgrade it quick, be bold!

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades the msw dependency from version 0.24.2 to 0.49.3. This is a significant version jump, addressing a medium severity vulnerability (SNYK-JS-NODEFETCH-2342118) as indicated by Snyk. While fixing vulnerabilities is crucial, such a large version difference (70 versions) across multiple minor and potentially major releases (within the 0.x range) often introduces breaking changes or requires updates to how the library is used. Although the automated check might not have flagged breaking changes, it's highly recommended to thoroughly test the application, especially the parts that utilize msw for mocking, and review the release notes/migration guides for the versions between 0.24 and 0.49 to ensure compatibility and update any deprecated API usage.

Summary of Findings

• Dependency Upgrade (msw): Upgraded msw from 0.24.2 to 0.49.3, which fixes a medium severity vulnerability (SNYK-JS-NODEFETCH-2342118).
• Potential for Breaking Changes: The large version jump in the msw dependency (70 versions) introduces a significant risk of breaking changes or requiring updates to the library's API usage, even if not automatically detected. Thorough testing and review of migration guides are necessary.

Merge Readiness

This pull request addresses a security vulnerability by upgrading a dependency. However, the upgrade involves a significant version jump, which carries a risk of introducing breaking changes or requiring code updates to maintain compatibility with the new library version. I recommend thoroughly testing the application, especially the mock service worker setup and related tests, and reviewing the MSW migration guide for versions between 0.24 and 0.49 before merging. Until these steps are completed and verified, I recommend against merging this PR. Please note that I am unable to directly approve this pull request; another reviewer will need to do so after the necessary checks are performed.

[gemini-code-assist]

This updates msw from ^0.24.2 to ^0.49.3. This is a substantial version jump (70 versions). While the PR description mentions a vulnerability fix, major version upgrades (or significant jumps in 0.x.x versions) often include breaking changes or require updates to API usage. It's important to thoroughly test the application, particularly the mock service worker setup and handlers, to ensure everything still functions as expected. Reviewing the MSW migration guide for versions between 0.24 and 0.49 is highly recommended to identify any necessary code updates.