Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 19 vulnerabilities #64

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 19 vulnerabilities #64

wants to merge 1 commit into from

Conversation

kopax
Copy link
Contributor

@kopax kopax commented Nov 25, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/demo/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
critical severity 679/1000
Why? Has a fix available, CVSS 9.3		 Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962463		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTMLMINIFIER-3091181		 Yes Proof of Concept
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088		 Yes No Known Exploit
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4		 Prototype Pollution
SNYK-JS-JSON5-3182856		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASHTEMPLATE-1088054		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-MERGE-1040469		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-MERGE-1042987		 Yes Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Input Validation
SNYK-JS-POSTCSS-5926692		 Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:braces:20180219		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ra-data-simple-rest The new version differs by 250 commits.
  • 89ac783 v3.0.0
  • 5f107ba Prepare changelog for 3.0.0
  • 3137772 Merge branch 'master' into next
  • c29055d Merge pull request #4007 from m4theushw/ie11
  • bd2b57a Merge pull request #4000 from marmelab/fix-filter-resets-pagination
  • 2b8bbf8 Merge pull request #4004 from WiXSL/patch-anchors-inputs
  • 779ccb1 Upgrade react-final-form again
  • fbb36c1 Docs anchors not workings.
  • 0e29b53 Fix support to IE11
  • 338dcdb Fix types after react-final-form update
  • 2d1da89 Merge pull request #3995 from WiXSL/patch-demo-app-component
  • a17110e Fix setting filter resets pagination
  • 4aed24e Reverted loading indicator.
  • 990f8b5 Merge pull request #3998 from marmelab/better-input-doc
  • bf8337e Merge branch 'next' into better-input-doc
  • 2e797bd Improve Inputs doc to make props more obvious
  • 8cd9489 Change UserMenu component to function component.
  • 125f204 Change demo App component to function component.
  • 05f1082 Merge pull request #3988 from marmelab/fix-adornerdEnd-class-on-select-standard
  • 8916552 Merge pull request #3989 from marmelab/Fix-useGetMany-hook-accumulatedIds-filter-function
  • f031897 Fix useGetMany hook accumulatedIds filter function
  • aac6d9a Merge pull request #3963 from WiXSL/patch-docs-style-next
  • 8634bdd Fix SelctInput variant="standard" shows warning for unkown class
  • 4112dcd Merge pull request #3986 from marmelab/custom-classes-login-component

See the full diff

Package name: react-admin The new version differs by 250 commits.
  • 89ac783 v3.0.0
  • 5f107ba Prepare changelog for 3.0.0
  • 3137772 Merge branch 'master' into next
  • c29055d Merge pull request #4007 from m4theushw/ie11
  • bd2b57a Merge pull request #4000 from marmelab/fix-filter-resets-pagination
  • 2b8bbf8 Merge pull request #4004 from WiXSL/patch-anchors-inputs
  • 779ccb1 Upgrade react-final-form again
  • fbb36c1 Docs anchors not workings.
  • 0e29b53 Fix support to IE11
  • 338dcdb Fix types after react-final-form update
  • 2d1da89 Merge pull request #3995 from WiXSL/patch-demo-app-component
  • a17110e Fix setting filter resets pagination
  • 4aed24e Reverted loading indicator.
  • 990f8b5 Merge pull request #3998 from marmelab/better-input-doc
  • bf8337e Merge branch 'next' into better-input-doc
  • 2e797bd Improve Inputs doc to make props more obvious
  • 8cd9489 Change UserMenu component to function component.
  • 125f204 Change demo App component to function component.
  • 05f1082 Merge pull request #3988 from marmelab/fix-adornerdEnd-class-on-select-standard
  • 8916552 Merge pull request #3989 from marmelab/Fix-useGetMany-hook-accumulatedIds-filter-function
  • f031897 Fix useGetMany hook accumulatedIds filter function
  • aac6d9a Merge pull request #3963 from WiXSL/patch-docs-style-next
  • 8634bdd Fix SelctInput variant="standard" shows warning for unkown class
  • 4112dcd Merge pull request #3986 from marmelab/custom-classes-login-component

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Regular Expression Denial of Service (ReDoS)
馃 Prototype Pollution
馃 Improper Input Validation
馃 More lessons are available in Snyk Learn

@snyk-bot
fix: examples/demo/package.json to reduce vulnerabilities
b0ca4b6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962463
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
- https://snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054
- https://snyk.io/vuln/SNYK-JS-MERGE-1040469
- https://snyk.io/vuln/SNYK-JS-MERGE-1042987
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
@kopax kopax mentioned this pull request Mar 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kopax @snyk-bot