Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 80 vulnerabilities #100

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 80 vulnerabilities #100

wants to merge 1 commit into from

Conversation

ovlb
Copy link
Member

@ovlb ovlb commented Dec 19, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Remote Memory Exposure
SNYK-JS-BL-608877		 No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-DEEPOBJECTDIFF-3104594		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-DOTPROP-543489		 Yes Proof of Concept
medium severity 554/1000
Why? Has a fix available, CVSS 6.8		 Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-EVENTSOURCE-2823375		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 Yes Proof of Concept
high severity 671/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7		 Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-HANDLEBARS-1279029		 Yes Proof of Concept
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-HANDLEBARS-469063		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388		 Yes No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478		 Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-HANDLEBARS-534988		 Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-HANDLEBARS-567742		 Yes Proof of Concept
medium severity 475/1000
Why? Has a fix available, CVSS 5		 Prototype Pollution
SNYK-JS-HAPIHOEK-548452		 Yes No Known Exploit
medium severity 504/1000
Why? Has a fix available, CVSS 5.8		 Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 Yes Proof of Concept
medium severity 626/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.1		 Man-in-the-Middle (MitM)
SNYK-JS-HTTPSPROXYAGENT-469131		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-INI-1048974		 Yes Proof of Concept
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4		 Prototype Pollution
SNYK-JS-JSON5-3182856		 Yes Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 Yes Proof of Concept
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2		 Prototype Pollution
SNYK-JS-LODASH-567746		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		 Yes Proof of Concept
medium severity 591/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-JS-PARSEURL-2935944		 Yes Proof of Concept
medium severity 561/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.8		 Information Exposure
SNYK-JS-PARSEURL-2935947		 Yes Proof of Concept
critical severity 791/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.4		 Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-2936249		 Yes Proof of Concept
medium severity 591/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-JS-PARSEURL-2942134		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 Yes Proof of Concept
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POLISHED-1298071		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 Yes Proof of Concept
high severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1076581		 Yes Proof of Concept
high severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1314893		 Yes No Known Exploit
high severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1585202		 Yes Proof of Concept
medium severity /1000
Why?		 Cross-site Scripting (XSS)
SNYK-JS-PRISMJS-2404333		 Yes No Known Exploit
high severity /1000
Why?		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept
medium severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 Yes No Known Exploit
high severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
high severity /1000
Why?		 Improper Privilege Management
SNYK-JS-SHELLJS-2332187		 Yes Proof of Concept
high severity /1000
Why?		 Information Exposure
SNYK-JS-SIMPLEGET-2361683		 No Proof of Concept
high severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 Yes Proof of Concept
high severity /1000
Why?		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 Yes No Known Exploit
high severity /1000
Why?		 Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 Yes No Known Exploit
low severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 Yes No Known Exploit
high severity /1000
Why?		 Arbitrary File Write
SNYK-JS-TAR-1579147		 Yes No Known Exploit
high severity /1000
Why?		 Arbitrary File Write
SNYK-JS-TAR-1579152		 Yes No Known Exploit
high severity /1000
Why?		 Arbitrary File Write
SNYK-JS-TAR-1579155		 Yes No Known Exploit
medium severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 Yes No Known Exploit
high severity /1000
Why?		 Arbitrary Code Execution
SNYK-JS-THENIFY-571690		 Yes Proof of Concept
high severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TMPL-1583443		 Yes Proof of Concept
high severity /1000
Why?		 Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 Yes No Known Exploit
medium severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIMOFFNEWLINES-1296850		 Yes Proof of Concept
medium severity /1000
Why?		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 Yes No Known Exploit
medium severity /1000
Why?		 Improper Input Validation
SNYK-JS-URLPARSE-1078283		 Yes No Known Exploit
medium severity /1000
Why?		 Open Redirect
SNYK-JS-URLPARSE-1533425		 Yes Proof of Concept
medium severity /1000
Why?		 Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 Yes Proof of Concept
medium severity /1000
Why?		 Authorization Bypass
SNYK-JS-URLPARSE-2407759		 Yes Proof of Concept
high severity /1000
Why?		 Improper Input Validation
SNYK-JS-URLPARSE-2407770		 Yes Proof of Concept
medium severity /1000
Why?		 Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697		 Yes Proof of Concept
high severity /1000
Why?		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept
medium severity /1000
Why?		 Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cryptographic Issues
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json to reduce vulnerabilities
c50c8d7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BL-608877
- https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026
- https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
- https://snyk.io/vuln/SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960
- https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970
- https://snyk.io/vuln/SNYK-JS-DEEPOBJECTDIFF-3104594
- https://snyk.io/vuln/SNYK-JS-DOTPROP-543489
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
- https://snyk.io/vuln/SNYK-JS-EVENTSOURCE-2823375
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742
- https://snyk.io/vuln/SNYK-JS-HAPIHOEK-548452
- https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1045326
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2935944
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2935947
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2936249
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2942134
- https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
- https://snyk.io/vuln/SNYK-JS-POLISHED-1298071
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581
- https://snyk.io/vuln/SNYK-JS-PRISMJS-1314893
- https://snyk.io/vuln/SNYK-JS-PRISMJS-1585202
- https://snyk.io/vuln/SNYK-JS-PRISMJS-2404333
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-RAMDA-1582370
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
- https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683
- https://snyk.io/vuln/SNYK-JS-SSRI-1246392
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TERSER-2806366
- https://snyk.io/vuln/SNYK-JS-THENIFY-571690
- https://snyk.io/vuln/SNYK-JS-TMPL-1583443
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/SNYK-JS-URLPARSE-1078283
- https://snyk.io/vuln/SNYK-JS-URLPARSE-1533425
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:debug:20170905
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ovlb @snyk-bot