[Snyk] Upgrade admin-lte from 2.4.2 to 2.4.18 #2

snyk-bot · 2021-10-14T18:47:05Z

Snyk has created this PR to upgrade admin-lte from 2.4.2 to 2.4.18.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 14 versions ahead of your current version.
The recommended version was released 2 years ago, on 2019-08-29.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
Prototype Pollution SNYK-JS-DATATABLESNET-1016402	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Prototype Pollution SNYK-JS-CACHEDPATHRELATIVE-72573	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-SELECT2-456562	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
Prototype Pollution SNYK-JS-JQUERY-174006	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
Timing Attack SNYK-JS-ELLIPTIC-511941	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Prototype Pollution SNYK-JS-DATATABLESNET-598806	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-CKEDITOR-72618	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cross-site Scripting (XSS) npm:bootstrap:20180529	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cross-site Scripting (XSS) npm:bootstrap:20160627	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-72890	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-72889	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-173700	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:moment:20170905	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-DATATABLESNET-1540544	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: admin-lte

2.4.18 - 2019-08-29
Release Notes
- updated jquery-ui to 1.12.1
- removed position absoulte from box-tools to avoid overlapping with box-title
- enhanced tree collapse/expand to avoid flood slide animation on multiple clicks on one item
For the complete changelog look here.
2.4.17 - 2019-08-14
Release Notes
- updated bower components
  - removed bootstrap-timepicker from bower.json (due it doesn't deliver dist files via bower/npm)
  - updated fullcalendar to 3.10.1
  - updated raphael to 2.3.0
- removed bootstrap-timepicker from package.json
For the complete changelog look here.
2.4.16 - 2019-08-13
Release Notes
- preparation for build on Travis CI
- trust semver constraints at package.json and bower.json
- remove changelog.md link from README.md
  - updated bower components
  - updated bootstrap-datepicker to 1.9.0
  - updated chart.js to 1.1.1
  - updated ckeditor to 4.12.1
  - updated jquery to 3.4.1
  - updated raphael to 2.2.7
  - updated select2 to 4.0.8
  - updated jquery to 3.4.1
  - updated bootstrap-slider to 10.6.2 (according to docs & package.json)
- fixed control-sidebar slide option
For the complete changelog look here.

Thanks to @ phansys & @ philip for your contributions.
2.4.15 - 2019-07-16
Release Notes
- fixed bower install error ENOTFOUND Package @ dev not found
2.4.12 - 2019-06-11
Release Notes
- Fixed npm audit error
- Fixed strange navigation menu behavior + dark space on reloads
- Added height auto to .login-page & .register-page
2.4.11 - 2019-06-11
Release Notes
- Added setTimeout on treeview expand #2067
- Fixed layout skin-black-light height inconsistence #2091
- Changed min-height to calc in .content-wrapper (css)
- Changed hr border color to @ gray instead of @ gray-lighter
- Fixed ionicons path in docs
- Fixed missing time in "Date and time range" picker
- Fixed drag and drop breaking AdminLTE's design
- Fixed sidebar menu tree dropdown always open
2.4.10 - 2019-03-11
2.4.9 - 2019-02-18
2.4.8 - 2018-07-15
2.4.7 - 2018-07-15
2.4.6 - 2018-07-15
2.4.5 - 2018-07-14
2.4.4 - 2018-07-14
2.4.3 - 2018-03-17
2.4.2 - 2017-10-09

from admin-lte GitHub release notes

Commit messages

Package name: admin-lte

e7ffa67 prep version
3dbe149 Update README.md
92d1bf6 prep pre-version
d204bc1 enhanced tree collapse/expand to avoid flood slide animation on multiple clicks on one item
78f4a43 removed position absoulte from box-tools to avoid overlapping with box-title
d9871bf updated jquery-ui to 1.12.1
e0670bb prep version
1ccb77f removed bootstrap-timepicker from package.json
0261303 updated bower components
b041622 prep version
7b6e000 fixed control-sidebar slide option
d3a213a updated bootstrap-slider to 10.6.2 (according to docs & package.json)
3e4b0cd prep version to v2.4.16-pre
a3b070f updated npm devDependencies to reduce audit's
d38b8fe updated bower.json
785cd51 updated bower components
239be16 Merge pull request #2192 from philip/patch-1
643d3e5 Merge pull request #2175 from phansys/semver
76251eb Remove changelog.md link
054c1f6 Trust semver constraints at `package.json` and `bower.json`
94aeea7 Merge pull request #2174 from phansys/travis
72d1433 Build on Travis CI
78d0c11 bump version
7a2364e a simple try to fix `ENOTFOUND Package @ dev not found` error