Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade react-scripts from 2.1.1 to 2.1.8 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade react-scripts from 2.1.1 to 2.1.8 #3

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade react-scripts from 2.1.1 to 2.1.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released a year ago, on 2019-03-07.

The recommended version fixes:

Severity Issue Exploit Maturity
Information Exposure
SNYK-JS-WEBPACKDEVSERVER-72405		 No Known Exploit
Improper Input Validation
SNYK-JS-URLPARSE-543307		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213		 Proof of Concept
Prototype Pollution
SNYK-JS-MIXINDEEP-450212		 Proof of Concept
Arbitrary Code Execution
SNYK-JS-JSYAML-174129		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-534988		 No Known Exploit
Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-469063		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-174183		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-173692		 No Known Exploit
Arbitrary Code Execution
SNYK-JS-ESLINTUTILS-460220		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 No Known Exploit
Denial of Service (DoS)
npm:mem:20180117		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-JSYAML-173999		 No Known Exploit
Timing Attack
SNYK-JS-ELLIPTIC-511941		 No Known Exploit
Prototype Pollution
SNYK-JS-DOTPROP-543489		 Proof of Concept
Information Disclosure
SNYK-JS-KINDOF-537849		 Proof of Concept
Release notes
Package name: react-scripts
  • 2.1.8 - 2019-03-07
  • 2.1.7 - 2019-03-07
  • 2.1.6 - 2019-03-06
  • 2.1.5 - 2019-02-11
  • 2.1.4 - 2019-02-10
  • 2.1.3 - 2019-01-04
  • 2.1.3-next.6a95aae9 - 2019-01-04
  • 2.1.2 - 2018-12-23
  • 2.1.1 - 2018-11-01
from react-scripts GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"react-scripts","from":"2.1.1","to":"2.1.8"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/gutz068/project/91c22b1d-7c07-433b-a755-4aa0033cc2c9?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"91c22b1d-7c07-433b-a755-4aa0033cc2c9","env":"prod","prType":"upgrade","vulns":["SNYK-JS-WEBPACKDEVSERVER-72405","SNYK-JS-URLPARSE-543307","SNYK-JS-SETVALUE-450213","SNYK-JS-SETVALUE-450213","SNYK-JS-MIXINDEEP-450212","SNYK-JS-JSYAML-174129","SNYK-JS-HANDLEBARS-534988","SNYK-JS-HANDLEBARS-534478","SNYK-JS-HANDLEBARS-480388","SNYK-JS-HANDLEBARS-469063","SNYK-JS-HANDLEBARS-174183","SNYK-JS-HANDLEBARS-173692","SNYK-JS-ESLINTUTILS-460220","SNYK-JS-ACORN-559469","SNYK-JS-ACORN-559469","npm:mem:20180117","SNYK-JS-JSYAML-173999","SNYK-JS-ELLIPTIC-511941","SNYK-JS-DOTPROP-543489","SNYK-JS-KINDOF-537849"],"issuesToFix":[{"issueId":"SNYK-JS-WEBPACKDEVSERVER-72405","severity":"high","title":"Information Exposure","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-URLPARSE-543307","severity":"high","title":"Improper Input Validation","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-SETVALUE-450213","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-SETVALUE-450213","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-MIXINDEEP-450212","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-JSYAML-174129","severity":"high","title":"Arbitrary Code Execution","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-HANDLEBARS-534988","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-HANDLEBARS-534478","severity":"high","title":"Arbitrary Code Execution","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-HANDLEBARS-480388","severity":"high","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-HANDLEBARS-469063","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-HANDLEBARS-174183","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-HANDLEBARS-173692","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-ESLINTUTILS-460220","severity":"high","title":"Arbitrary Code Execution","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-ACORN-559469","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-ACORN-559469","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit"},{"issueId":"npm:mem:20180117","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-JSYAML-173999","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-ELLIPTIC-511941","severity":"medium","title":"Timing Attack","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-DOTPROP-543489","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-KINDOF-537849","severity":"low","title":"Information Disclosure","exploitMaturity":"proof-of-concept"}],"upgrade":["SNYK-JS-WEBPACKDEVSERVER-72405","SNYK-JS-URLPARSE-543307","SNYK-JS-SETVALUE-450213","SNYK-JS-SETVALUE-450213","SNYK-JS-MIXINDEEP-450212","SNYK-JS-JSYAML-174129","SNYK-JS-HANDLEBARS-534988","SNYK-JS-HANDLEBARS-534478","SNYK-JS-HANDLEBARS-480388","SNYK-JS-HANDLEBARS-469063","SNYK-JS-HANDLEBARS-174183","SNYK-JS-HANDLEBARS-173692","SNYK-JS-ESLINTUTILS-460220","SNYK-JS-ACORN-559469","SNYK-JS-ACORN-559469","npm:mem:20180117","SNYK-JS-JSYAML-173999","SNYK-JS-ELLIPTIC-511941","SNYK-JS-DOTPROP-543489","SNYK-JS-KINDOF-537849"],"upgradeInfo":{"versionsDiff":8,"publishedDate":"2019-03-07T00:53:37.511Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot