New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 13 vulnerabilities #447

Open

joshje wants to merge 1 commit into master from snyk-fix-bf9741bb564355926099e6fe39cc749f

Owner

joshje commented Apr 20, 2022

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/article-main-standard/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:plist:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @times-components/article-lead-asset

The new version differs by 250 commits.

e4ffcea chore: Publish 68c1980 [ci skip]
68c1980 task(TDP-528): Remove native/android/ios files (task(TDP-528): Remove native/android/ios files newsuk/times-components#2810)
075d28e chore: Publish 747323b [ci skip]
747323b feat(GEA-255): Add swgProductId to structured data (feat(GEA-255): Add swgProductId to structured data newsuk/times-components#2817)
3b41e75 chore: Publish c0a4bca [ci skip]
c0a4bca feat(TDP-478): Fix LIVE flag alignment (feat(TDP-478): Fix LIVE flag alignment newsuk/times-components#2819)
eef35c1 chore: Publish ef8a7e3 [ci skip]
ef8a7e3 feat(TDP-478): Centre bullet in LIVE article flag (feat(TDP-478): Centre bullet in LIVE article flag newsuk/times-components#2816)
cb378f1 chore: Publish 9bb430a [ci skip]
9bb430a feat(TDP-478): Article LIVE flag (feat(TDP-478): Article LIVE flag newsuk/times-components#2814)
0e90a0d chore: Publish 55e3f7a [ci skip]
55e3f7a feat(GEA-246): add article_locked_status value to article tracking (feat(GEA-246): add article_locked_status value to article tracking newsuk/times-components#2809)
e3daf3d chore: Publish 6a22ca9 [ci skip]
6a22ca9 fix(SCB-1480): Add more ad clearfix (fix(SCB-1480): Add more ad clearfix newsuk/times-components#2808)
3c8cfb7 chore: Publish 0f93fb9 [ci skip]
0f93fb9 fix(SCB-1480): Ad Slot content overlap (fix(SCB-1480): Ad Slot content overlap newsuk/times-components#2807)
2a085ef chore: Publish 87c64ee [ci skip]
87c64ee chore(TDP-000): remove unused features from latest version (chore(TDP-000): remove unused features from latest version newsuk/times-components#2805)
1a2265d chore: Publish 749e386 [ci skip]
749e386 feat: commenting login hander (feat: commenting login hander newsuk/times-components#2804)
9aa22f0 chore: Publish 0a58a6c [ci skip]
0a58a6c feat: add section name to page metadata (feat: add section name to page metadata newsuk/times-components#2802)
091c2db chore: Publish 27ba347 [ci skip]
27ba347 fix(TDP-399): Added max-video-preview meta tag (fix(TDP-399): Added max-video-preview meta tag newsuk/times-components#2800)

See the full diff

Package name: @times-components/article-skeleton

The new version differs by 250 commits.

a1ed39f chore: Publish 647388c [ci skip]
647388c feat(TDP-1716): remove react native from utils (feat(TDP-1716): remove react native from utils newsuk/times-components#2915)
68a439d chore: Publish 5c4f49a [ci skip]
5c4f49a fix(TDP-1777): Make analytics article_flag data lower case (fix(TDP-1777): Make analytics article_flag data lower case newsuk/times-components#2916)
a382c72 chore: Publish 30553bc [ci skip]
30553bc Feat(tdp-1717): remove react native from video (Feat(tdp-1717): remove react native from video newsuk/times-components#2913)
bc73c83 chore: Publish b52a4c6 [ci skip]
b52a4c6 feat(TDP-1742): Add article-template-name to article tracking (feat(TDP-1742): Add article-template-name to article tracking newsuk/times-components#2914)
06ff4b8 chore: Publish 2da77a2 [ci skip]
2da77a2 feat(TDP-1579) inline image and interactive anchors (feat(TDP-1579) inline image and interactive anchors newsuk/times-components#2912)
6d78847 chore: Publish 125e2e3 [ci skip]
125e2e3 feat(TDP-1423): Remove React Native from Video Label (feat(TDP-1423): Remove React Native from Video Label newsuk/times-components#2910)
676b642 chore: Publish 82774c5 [ci skip]
82774c5 feat(TDP-1577): key moments links (feat(TDP-1577): key moments links newsuk/times-components#2911)
ebd0314 chore: Publish 6437462 [ci skip]
6437462 feat(TDP-1705): remove react native from link (feat(TDP-1705): remove react native from link newsuk/times-components#2909)
980746a chore: Publish 2717c6f [ci skip]
2717c6f feat(TDP-1703): removed react-native use of its own <Image/> component (feat(TDP-1703): removed react-native use of its own <Image/> component newsuk/times-components#2906)
b2b7b1c chore: Publish 761a1c5 [ci skip]
761a1c5 feat(TDP-1577): key moments anchor links (feat(TDP-1577): key moments anchor links newsuk/times-components#2904)
431366a chore: Publish 39099ab [ci skip]
39099ab feat(TDP-1639): live flag analytics param renaming (feat(TDP-1639): live flag analytics param renaming newsuk/times-components#2900)
ee3e1a4 chore: Publish fa8c45c [ci skip]
fa8c45c feat(TDP-1577): key moments anchor points (feat(TDP-1577): key moments anchor points newsuk/times-components#2902)

See the full diff

Package name: @times-components/utils

The new version differs by 250 commits.

a1ed39f chore: Publish 647388c [ci skip]
647388c feat(TDP-1716): remove react native from utils (feat(TDP-1716): remove react native from utils newsuk/times-components#2915)
68a439d chore: Publish 5c4f49a [ci skip]
5c4f49a fix(TDP-1777): Make analytics article_flag data lower case (fix(TDP-1777): Make analytics article_flag data lower case newsuk/times-components#2916)
a382c72 chore: Publish 30553bc [ci skip]
30553bc Feat(tdp-1717): remove react native from video (Feat(tdp-1717): remove react native from video newsuk/times-components#2913)
bc73c83 chore: Publish b52a4c6 [ci skip]
b52a4c6 feat(TDP-1742): Add article-template-name to article tracking (feat(TDP-1742): Add article-template-name to article tracking newsuk/times-components#2914)
06ff4b8 chore: Publish 2da77a2 [ci skip]
2da77a2 feat(TDP-1579) inline image and interactive anchors (feat(TDP-1579) inline image and interactive anchors newsuk/times-components#2912)
6d78847 chore: Publish 125e2e3 [ci skip]
125e2e3 feat(TDP-1423): Remove React Native from Video Label (feat(TDP-1423): Remove React Native from Video Label newsuk/times-components#2910)
676b642 chore: Publish 82774c5 [ci skip]
82774c5 feat(TDP-1577): key moments links (feat(TDP-1577): key moments links newsuk/times-components#2911)
ebd0314 chore: Publish 6437462 [ci skip]
6437462 feat(TDP-1705): remove react native from link (feat(TDP-1705): remove react native from link newsuk/times-components#2909)
980746a chore: Publish 2717c6f [ci skip]
2717c6f feat(TDP-1703): removed react-native use of its own <Image/> component (feat(TDP-1703): removed react-native use of its own <Image/> component newsuk/times-components#2906)
b2b7b1c chore: Publish 761a1c5 [ci skip]
761a1c5 feat(TDP-1577): key moments anchor links (feat(TDP-1577): key moments anchor links newsuk/times-components#2904)
431366a chore: Publish 39099ab [ci skip]
39099ab feat(TDP-1639): live flag analytics param renaming (feat(TDP-1639): live flag analytics param renaming newsuk/times-components#2900)
ee3e1a4 chore: Publish fa8c45c [ci skip]
fa8c45c feat(TDP-1577): key moments anchor points (feat(TDP-1577): key moments anchor points newsuk/times-components#2902)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Remote Code Execution (RCE)


          fix: packages/article-main-standard/package.json to reduce vulnerabil…

b4f3cdf

…ities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-MERGE-1040469
- https://snyk.io/vuln/SNYK-JS-MERGE-1042987
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-PLIST-2405644
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:mem:20180117
- https://snyk.io/vuln/npm:plist:20180219

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment