New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 10 vulnerabilities #243

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-f4db2120171f8eb84bc9c25de47ab50a

snyk-bot commented Apr 15, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- client/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	375/1000 Why? CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	Yes	No Known Exploit
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	375/1000 Why? CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

15ab3f8 chore(release): Publish
19eec6d chore(gatsby): bump socket.io (Updated link to 'how to set up locally' from english ver to rus freeCodeCamp/freeCodeCamp#37272) (fix(client): reduce height of the alert banner freeCodeCamp/freeCodeCamp#37497)
d88ed09 chore(release): Publish
d04b3b5 feat(gatsby-source-drupal): drupal langcode as notlangcode (chore: update monaco-editor, react-monaco-editor freeCodeCamp/freeCodeCamp#37445) (fix(client): Improve client validation accessibility freeCodeCamp/freeCodeCamp#37459)
19d3861 fix(gatsby-source-drupal): await async handleDeletedNode ( should reset progress undo honesty acceptance? freeCodeCamp/freeCodeCamp#37435) (Change test method from string.test(regex) to regex.test(string) freeCodeCamp/freeCodeCamp#37458)
b229e7b fix(gatsby): Use correct settings for yaml-loader (fix(learn): missing semi-colon on use arrow functions to write anonymous functions freeCodeCamp/freeCodeCamp#37454) (fix: update caching on resources freeCodeCamp/freeCodeCamp#37460)
7021834 fix(gatsby-source-contentful): maintain back reference map between runs (docs: update spelling on installation guide freeCodeCamp/freeCodeCamp#37442) (All challenge progress lost freeCodeCamp/freeCodeCamp#37456)
13bf518 chore(release): Publish
b30a43f chore(deps): Bump yaml-loader (docs(polish): create how to open pull request freeCodeCamp/freeCodeCamp#37401) (inactive link freeCodeCamp/freeCodeCamp#37407)
492a31a fix(gatsby): handle initializing multiple instances of gatsby-plugin-sharp (fix(redirects): update domain redirects freeCodeCamp/freeCodeCamp#37306) (Comma freeCodeCamp/freeCodeCamp#37329)
4dcca80 chore(release): Publish
59076c8 fix(gatsby-transformer-remark): Disallow JS frontmatter by default (Pull freeCodeCamp/freeCodeCamp#37244) (fix: enable search in dev mode freeCodeCamp/freeCodeCamp#37298)
48a3db4 fix(gatsby): [rendering engines] use results of exports removal if sourceMap was not generated alongside transformed code (fix: reword honesty policy and replace profile with portfolio in text freeCodeCamp/freeCodeCamp#37282) (More readable problem description freeCodeCamp/freeCodeCamp#37299)
ea42d7f fix(gatsby): don't output file-loader assets to .cache (Circle CI Integration freeCodeCamp/freeCodeCamp#37284) (Updated description to be more readable freeCodeCamp/freeCodeCamp#37300)
2cc9eaf chore(release): Publish
a729764 fix(gatsby-source-wordpress): Add back nodeType field that was removed in last version (submit button in React's Create a Controlled Form Challenge renders new window freeCodeCamp/freeCodeCamp#37212) (Added commas freeCodeCamp/freeCodeCamp#37218)
188d3e7 chore(release): Publish
947e11b chore(gatsby-source-wordpress): use wpgql 1.13 in itests ([Beta] Each time the n or p Hotkey is used, the editor refocuses on Windows freeCodeCamp/freeCodeCamp#37146) (fix:minor style changes freeCodeCamp/freeCodeCamp#37208)
5e72a5d chore(release): Publish
2dc715d chore: remove tracedSVG (converted nav log svg to functional component freeCodeCamp/freeCodeCamp#37093) (Update on index.md freeCodeCamp/freeCodeCamp#37127)
07c0478 chore(release): Publish
c698f13 fix(gatsby-source-wordpress): WPGraphQL 1.13.0 compatibility (fix: duplicated 'use' in set-up-passport.english.md freeCodeCamp/freeCodeCamp#37134) (Use the word "portfolio" instead of profile everywhere on projects app freeCodeCamp/freeCodeCamp#37183)
49cca44 chore(release): Publish
fac9fbc feat(gatsby-source-drupal): Provide proxyUrl in addition to baseUrl to allow using CDN, API gateway, etc. (Light/Dark toggle button on the nav freeCodeCamp/freeCodeCamp#36819) (converted nav log svg to functional component(after lint fixes) freeCodeCamp/freeCodeCamp#37084)

See the full diff

Package name: gatsby-cli

The new version differs by 188 commits.

8d07242 chore(release): Publish
0790895 chore(gatsby): Update README (Agile/index.md - correct spelling of "Português" freeCodeCamp/freeCodeCamp#33615)
06760d7 chore(gatsby): Change comment format in actions/public (Full translation freeCodeCamp/freeCodeCamp#33592)
7d66a23 feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry (Production freeCodeCamp/freeCodeCamp#33337)
98a843c fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes (my change freeCodeCamp/freeCodeCamp#33554)
4d8e40b fix(gatsby-source-wordpress): Add steps for `refetch_ALL` (Added links to each CSS framework and updated index.md freeCodeCamp/freeCodeCamp#33264)
4761dc3 fix(gatsby): restore onPreBuild to being called right after bootstrap finishes (Add WebAIM Color Contrast Checker freeCodeCamp/freeCodeCamp#33591)
1cdbab6 fix(deps): update starters and examples gatsby packages to ^3.14.3 (UX reasons for dropdowns freeCodeCamp/freeCodeCamp#33553)
0f421db chore(release): Publish next
7d6a0aa fix(gatsby): fix page-tree in ink-cli (Update the full form of gcc freeCodeCamp/freeCodeCamp#33579)
3993819 chore(gatsby): Add `assetPrefix` to `IGatsbyConfig` (Improved readability freeCodeCamp/freeCodeCamp#33575)
6cc964a fix(gatsby-source-wordpress): restore PQR support (Corrected the order of words freeCodeCamp/freeCodeCamp#33590)
9eef270 specifying what actually changed (fixed spelling errors freeCodeCamp/freeCodeCamp#33452)
2975c4d feat(gatsby,gatsby-link): add queue to prefetch (Correcting grammatical errors freeCodeCamp/freeCodeCamp#33530)
68fe836 fix(gatsby): temporary workaround for stale jobs cache (Fixing inline code indentation CSS Coments freeCodeCamp/freeCodeCamp#33586)
a800d9d fix(gatsby): Update internal usage of .runQuery (Add Accessible Header Example freeCodeCamp/freeCodeCamp#33571)
677760c chore(docs): Clarify SEO component guide (Update index.md freeCodeCamp/freeCodeCamp#33451)
ccca4b3 fix(gatsby): only remove unused code when apis got removed (Added words "my changes" to the article freeCodeCamp/freeCodeCamp#33527)
8dbf550 fix(gatsby): assign correct parentSpans to PQR activities (Ant Colony Optimization freeCodeCamp/freeCodeCamp#33568)
31d5a5e fix(gatsby-dev-cli): resolve correct versions of packages with unpkg (Added CPU relationship diagram. freeCodeCamp/freeCodeCamp#33551)
5110074 fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates (order point included freeCodeCamp/freeCodeCamp#33548)
d2329df fix(gatsby): make sure 404 and 500 page inherit stateful status from original page (Update add-columns-with-grid-template-columns.english.md (Wording order) freeCodeCamp/freeCodeCamp#33544)
68e5b90 chore(docs): Update query var in part-7 tutorial (Improve Russian translation of Python pow guide freeCodeCamp/freeCodeCamp#33559)
a8cab55 chore(gatsby-plugin-react-helmet): Update Examples (Introduction to Design Patterns freeCodeCamp/freeCodeCamp#33552)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)


          fix: client/package.json to reduce vulnerabilities

b211c91

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-IMMER-1540542
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-PARSEPATH-2936439
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3023021
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3024398
- https://snyk.io/vuln/SNYK-JS-PROMPTS-1729737

github-actions bot added the platform: client label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

platform: client