Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #179

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #179

wants to merge 1 commit into from

Conversation

kopax
Copy link

@kopax kopax commented Mar 22, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 Yes Proof of Concept
high severity 763/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4		 Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-dev-utils The new version differs by 170 commits.
  • d7c6842 Publish
  • a7b8732 Prepare 3.3.1 release
  • 4da41b4 docs: Add troubleshooting documentation on ENOSPC (#8380)
  • 03018d7 Update docs according to lint-staged v10 (#8394)
  • 6ee4e91 Add helpful message to the footer (#6548)
  • ed162a3 Add "Disallow:" to robots.txt (#8255)
  • e530598 Fix sass importLoaders (#8281)
  • dd0df73 Remove outdated docs regarding vscode eslint extension and type… (#8307)
  • ca9c61e Update setting-up-your-editor.md (#8247)
  • cafd602 Update custom template docs with instructions for testing custom template locally (#8092)
  • 720d90b Sync dependencies babel config (#8120)
  • ddcb7d5 Add titleProp to SVGR ReactComponent type definition (#8099)
  • b855da5 Remove outdated babel plugins (#8353)
  • 4bf14fa Downgrade open from 7.0.0 to 6.4.0 (#8364)
  • dada035 Remove React.FC from Typescript template (#8177)
  • a608c5a Update Dependencies (#8324)
  • f875bb0 Minor grammatical edit (#8293)
  • 94932be Allow additional package keys and add blacklist (#8082) (#8219)
  • fa85f03 Support shorthand scoped templates (#8298)
  • c03bb36 Replace favicon in templates (#8194)
  • 3f2037b Little typo (#8212)
  • 88a5435 Bump babel-plugin-tester and fix breaking changes (#8171)
  • 18e56da fix: proactively append to .gitignore during init (#8028)
  • 30eaab4 Minor refactors in create-react-app (#8178)

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.
  • c9271b9 chore(release): 4.0.0
  • 18bf369 test: fix stability (#3676)
  • cdcabb2 fix: respect protocol from browser for manual setup (#3675)
  • 1768d6b fix: initial reloading for lazy compilation (#3662)
  • 4f5bab1 docs: improve examples (#3672)
  • f2d87fb fix: improve https CLI output (#3673)
  • 0277c5e chore: remove redundant console statements (#3671)
  • 16fcdbc docs: add `ipc` example (#3667)
  • 8915fb8 test: add e2e tests for built in routes (#3669)
  • 4d1cbe1 docs: ask `version` information in issue template (#3668)
  • b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
  • ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
  • f1fdaa7 chore(release): 4.0.0-rc.1
  • c4678bc fix: legacy API (#3660)
  • d8bdd03 test: fix stability (#3661)
  • 22b1414 refactor: remove `killable` (#3657)
  • 75bafbf test: add e2e tests for module federation (#3658)
  • 493ccbd chore(deps): update `ws` (#3652)
  • ae8c523 test: add e2e test for universal compiler (#3656)
  • f94b84f chore(deps): update (#3655)
  • 1923132 test: fix cli
  • 2adfd01 test: fix todo (#3653)
  • 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
  • c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')
🦉 Path Traversal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@kopax @snyk-bot