Security patch 1 #46

wasertech · 2022-07-13T09:44:07Z

No description provided.

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 - https://snyk.io/vuln/SNYK-JS-IMMER-1540542 - https://snyk.io/vuln/SNYK-JS-PROMPTS-1729737 - https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088

…8d80b4c78' into security-patch-1

…ee9abcd57' into security-patch-1

…f4833a221' into security-patch-1

…dd8c220cb' into security-patch-1

…9b7a7570c' into security-patch-1

…d7a12f891' into security-patch-1

…b6ff8d0f6' into security-patch-1

…01c66b803' into security-patch-1

…8bc76730c' into security-patch-1

…7982213ef' into security-patch-1

…13322de28' into security-patch-1

CLAassistant · 2022-07-13T09:44:15Z

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ wasertech
❌ snyk-bot
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

wasertech · 2022-07-13T09:46:42Z

At least the lint passed 😅

wasertech · 2022-07-13T12:27:20Z

https://webpack.js.org/migrate/5/

wasertech · 2022-07-13T13:45:09Z

There is always something wrong! Grrrr...

It doesn't even tell me where it's using tapPromise 🙄

Is it related to compiler.hooks[...].tap? 🤔

wasertech · 2022-07-14T14:43:50Z

❯ make node_deps
yarn install
yarn install v1.22.19
info No lockfile found.
[1/4] Resolving packages...
warning @svgr/webpack > @svgr/plugin-svgo > svgo > stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
warning @testing-library/jest-dom > css > source-map-resolve@0.6.0: See https://github.com/lydell/source-map-resolve#deprecated
warning chai-http > superagent@3.8.3: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
warning chai-http > superagent > formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
warning create-react-app > tar-pack > tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > jest-haste-map > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > jest-haste-map > sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve > source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
warning jest-environment-jsdom-fourteen > jsdom > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning jest-environment-jsdom-fourteen > jsdom > request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
warning jest-environment-jsdom-fourteen > jsdom > request > har-validator@5.1.5: this library is no longer supported
warning jest-environment-jsdom-fourteen > jsdom > request > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning " > @testing-library/user-event@14.2.3" has unmet peer dependency "@testing-library/dom@>=7.21.4".
warning "@typescript-eslint/eslint-plugin > tsutils@3.21.0" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".
warning " > eslint-plugin-flowtype@8.0.3" has unmet peer dependency "@babel/plugin-syntax-flow@^7.14.5".
warning " > eslint-plugin-flowtype@8.0.3" has unmet peer dependency "@babel/plugin-transform-react-jsx@^7.14.9".
warning " > postcss-flexbugs-fixes@5.0.2" has unmet peer dependency "postcss@^8.1.4".
warning " > postcss-loader@7.0.1" has unmet peer dependency "postcss@^7.0.0 || ^8.0.1".
warning " > postcss-normalize@10.0.1" has unmet peer dependency "browserslist@>= 4".
warning " > postcss-normalize@10.0.1" has unmet peer dependency "postcss@>= 8".
warning "postcss-normalize > postcss-browser-comments@4.0.0" has unmet peer dependency "browserslist@>=4".
warning "postcss-normalize > postcss-browser-comments@4.0.0" has unmet peer dependency "postcss@>=8".
warning " > postcss-preset-env@7.7.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-cascade-layers@1.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-progressive-custom-properties@1.3.0" has unmet peer dependency "postcss@^8.3".
warning "postcss-preset-env > @csstools/postcss-color-function@1.1.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-ic-unit@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-trigonometric-functions@1.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-stepped-value-functions@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > css-blank-pseudo@3.0.3" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > autoprefixer@10.4.7" has unmet peer dependency "postcss@^8.1.0".
warning "postcss-preset-env > css-has-pseudo@3.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > css-prefers-color-scheme@6.0.3" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-attribute-case-insensitive@5.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-color-functional-notation@4.2.4" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-unset-value@1.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-color-hex-alpha@8.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > @csstools/postcss-font-format-keywords@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-color-rebeccapurple@7.1.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-hwb-function@1.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-custom-media@8.0.2" has unmet peer dependency "postcss@^8.3".
warning "postcss-preset-env > @csstools/postcss-is-pseudo-class@2.0.7" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-normalize-display-values@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-custom-properties@12.1.8" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-custom-selectors@6.0.3" has unmet peer dependency "postcss@^8.3".
warning "postcss-preset-env > postcss-dir-pseudo-class@6.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-double-position-gradients@3.1.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-focus-visible@6.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-focus-within@5.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-font-variant@5.0.0" has unmet peer dependency "postcss@^8.1.0".
warning "postcss-preset-env > postcss-env-function@4.0.6" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-gap-properties@3.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-image-set-function@4.0.7" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-initial@4.0.1" has unmet peer dependency "postcss@^8.0.0".
warning "postcss-preset-env > postcss-lab-function@4.2.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-media-minmax@5.0.0" has unmet peer dependency "postcss@^8.1.0".
warning "postcss-preset-env > postcss-logical@5.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-overflow-shorthand@3.0.4" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-page-break@3.0.4" has unmet peer dependency "postcss@^8".
warning "postcss-preset-env > postcss-nesting@10.1.10" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-replace-overflow-wrap@4.0.0" has unmet peer dependency "postcss@^8.0.3".
warning "postcss-preset-env > postcss-place@7.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-pseudo-class-any-link@7.1.6" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-selector-not@6.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-cascade-layers > @csstools/selector-specificity@2.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-oklab-function@1.1.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-clamp@4.1.0" has unmet peer dependency "postcss@^8.4.6".
warning " > postcss-safe-parser@6.0.0" has unmet peer dependency "postcss@^8.3.3".
warning "react-dev-utils > fork-ts-checker-webpack-plugin@6.5.2" has unmet peer dependency "typescript@>= 2.7".
[4/4] Building fresh packages...
success Saved lockfile.
Done in 64.57s.
❯ make package
yarn install
yarn install v1.22.19
[1/4] Resolving packages...
success Already up-to-date.
Done in 0.49s.
yarn build
yarn run v1.22.19
$ node scripts/build.js
Creating an optimized production build...
Failed to compile.

Cannot read properties of undefined (reading 'tapPromise')


error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
make: *** [Makefile:11 : react_build] Erreur 1

wasertech · 2022-07-14T16:19:18Z

Closed to #47

snyk-bot and others added 26 commits June 11, 2021 23:39

fix: package.json & yarn.lock to reduce vulnerabilities

e8948a7

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595

fix: package.json & yarn.lock to reduce vulnerabilities

cc7490b

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640

fix: package.json & yarn.lock to reduce vulnerabilities

bf032e6

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035

fix: package.json & yarn.lock to reduce vulnerabilities

021e2ad

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

fix: package.json & yarn.lock to reduce vulnerabilities

6b5d066

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

fix: package.json & yarn.lock to reduce vulnerabilities

ed3646e

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

fix: package.json & yarn.lock to reduce vulnerabilities

d8fda4e

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

fix: package.json & yarn.lock to reduce vulnerabilities

96a7742

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

fix: package.json to reduce vulnerabilities

cd0d8e8

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

fix: package.json & yarn.lock to reduce vulnerabilities

b69be0a

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088

Merge remote-tracking branch 'origin/snyk-fix-86f026cc3f80f055af92f41…

361d961

…8d80b4c78' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-bed64c4d9fa9890879b1c69…

4c65a39

…ee9abcd57' into security-patch-1

merge coqui-ai#14

013b74c

Merge remote-tracking branch 'origin/snyk-fix-b8bed5fa8f9b9ea669275e4…

de62017

…f4833a221' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-ddeb1670433a305a4920931…

bc0b4ad

…dd8c220cb' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-8d37fc681a4d943805b5d8a…

90ac824

…9b7a7570c' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-04251e2629484395f1cb5c8…

d72abcb

…d7a12f891' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-c19a53460d2ce173061c4e1…

2c2659e

…b6ff8d0f6' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-91d8b181549e4cd5cdfae1c…

d1a2a7e

…01c66b803' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-759ca666591134e212a29a4…

a108525

…8bc76730c' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-c4cb209927e38221f541daa…

9b84c00

…7982213ef' into security-patch-1

Merge remote-tracking branch 'origin/snyk-fix-de1d06d0e587d7d7d9c1fdb…

36c8a80

…13322de28' into security-patch-1

Fix package.json and locked yarn

c1d94a9

intermitent commit

161a6ad

wasertech added 2 commits July 13, 2022 11:52

fix chunkLoadingGlobal

44209fd

fix futureEmitAssets

622979b

wasertech added 4 commits July 13, 2022 12:46

Updated packages

8adcd9b

Next batch of updates

1e025f1

fix webpack config

389b793

more fix but configuration does not match the API schema

b5ff897

Cannot read properties of undefined (reading 'tapPromise')

b27df11

Removed pnp as built-in WebPack 5

aea4dfe

wasertech closed this Jul 14, 2022

wasertech deleted the security-patch-1 branch July 15, 2022 16:07

wasertech mentioned this pull request Jul 15, 2022

Update Webpack #49

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security patch 1 #46

Security patch 1 #46

wasertech commented Jul 13, 2022

CLAassistant commented Jul 13, 2022

wasertech commented Jul 13, 2022

wasertech commented Jul 13, 2022

wasertech commented Jul 13, 2022 •

edited

wasertech commented Jul 14, 2022

wasertech commented Jul 14, 2022 •

edited

Security patch 1 #46

Security patch 1 #46

Conversation

wasertech commented Jul 13, 2022

CLAassistant commented Jul 13, 2022

wasertech commented Jul 13, 2022

wasertech commented Jul 13, 2022

wasertech commented Jul 13, 2022 • edited

wasertech commented Jul 14, 2022

wasertech commented Jul 14, 2022 • edited

wasertech commented Jul 13, 2022 •

edited

wasertech commented Jul 14, 2022 •

edited