Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 11 vulnerabilities #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

GTVolk
Copy link
Owner

@GTVolk GTVolk commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • client/package.json
    • client/package-lock.json
    • client/.snyk

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
medium severity 561/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.8
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTMLPARSESTRINGIFY2-1079307
No Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
Information Exposure
SNYK-JS-NODEFETCH-2342118
No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9
Denial of Service
SNYK-JS-NODEFETCH-674311
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Open Redirect
SNYK-JS-NODEFORGE-2330875
Yes Proof of Concept
medium severity 529/1000
Why? Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-NODEFORGE-2331908
Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337
Yes No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339
Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nivo/line The new version differs by 250 commits.

See the full diff

Package name: html-webpack-plugin The new version differs by 119 commits.
  • 873d75b chore(release): 5.5.0
  • ddeb774 chore: update examples
  • 1e42625 feat: Support type=module via scriptLoading option
  • 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
  • 79be779 [chore] changes actions to run on pull_requests
  • b7e5859 [chore] fixes CI to avoid race conditions
  • 48131d3 chore(release): 5.4.0
  • 16a841a [chore] rebuild examples
  • 3bb7c17 Update index.js
  • e38ac97 Update index.js
  • f08bd02 [chore] updates fixtures
  • d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
  • 2f5de7a Remove archived plugin
  • 8f8f7c5 chore(release): 5.3.2
  • 053c6e6 chore: update snapshot tests for webpack 5.4.0
  • 9c7fba0 Fix security vulnerabilities
  • b98fbeb Fix security vulnerabilities
  • 25cdfc7 Added inject-body-webpack-plugin to readme
  • 0e4c1fb Update README to document actual behavior
  • 0a6568d chore(release): 5.3.1
  • 82d0ee8 fix: remove loader-utils from plugin core
  • 6f39192 chore(release): 5.3.0
  • d654f5b feat: allow to modify the interpolation options in webpack config
  • 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: jest The new version differs by 250 commits.
  • be16e47 v27.0.0
  • 63102ec chore: update changelog for release
  • 564694a docs(blog): Jest 27 blog post (#11131)
  • b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
  • 2226742 chore: minor simplify format results error (#11432)
  • 78eb25d chore: remove needless assign (#11433)
  • 696c455 chore: update lockfile after publish
  • e2eb9ae v27.0.0-next.11
  • 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
  • 27bee72 fix: run GC before collecting open handles (#11278)
  • 50451df feat: use fallback if prettier not found (#11400)
  • 150dbd8 chore: update lockfile after publish
  • 6f44529 v27.0.0-next.10
  • cbcec7d Upgrade fsevents in jest-haste-map (#11428)
  • 9633a26 feat: support reporters written in ESM (#11427)
  • 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
  • 57e32e9 Detect open handles with done callbacks (#11382)
  • a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
  • 4fa3a0b feat: custom haste (#11107)
  • 2047a36 chore: bump deps (#11419)
  • a4358d6 chore: run prettier on changelog
  • bdd6282 Move all default values into `jest-config` (#9924)
  • db643a1 Link to Jest config (#11106)
  • b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: react-i18next The new version differs by 173 commits.

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 610f368 5.0.0
  • 5ce65c1 update examples
  • bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
  • 75ecff2 5.0.0-rc.6
  • bfc35d6 Merge pull request #11603 from MayaWolf/master
  • 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
  • 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
  • 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
  • 9130d10 fix called variables with ProvidePlugin
  • 3e42105 Merge pull request #11620 from webpack/bugfix/11617
  • 4709719 skip connections copied to concatenated module
  • 57b493f 5.0.0-rc.5
  • 1658e2f Merge pull request #11618 from webpack/bugfix/11615
  • a8fb45d fixes crash in SideEffectsFlagPlugin
  • 84b196d emit error instead of crashing when unexpected problem occurs
  • 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
  • 9b5cce9 Merge pull request #11609 from snitin315/export-types
  • 37c495c export type RuleSetUseItem
  • 39faf34 export type RuleSetUse
  • e5fd246 export type RuleSetConditionAbsolute
  • 660baad export RuleSetCondition types
  • 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
  • 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
  • 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-cli The new version differs by 250 commits.

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.

See the full diff

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2
Prototype Pollution
SNYK-JS-LODASH-567746
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Open Redirect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants