[Snyk] Fix for 8 vulnerabilities #83

sirinartk · 2023-11-28T05:28:08Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/react-scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-jest

The new version differs by 250 commits.

be16e47 v27.0.0
63102ec chore: update changelog for release
564694a docs(blog): Jest 27 blog post (Vulnerability issue of css-what and normalize-url facebook/create-react-app#11131)
b68d91b feat(pretty-print): add option `printBasicPrototype` (unrecognized error facebook/create-react-app#11441)
2226742 chore: minor simplify format results error (CRA is not downloading the latest version of webpack facebook/create-react-app#11432)
78eb25d chore: remove needless assign (Flow Enums support facebook/create-react-app#11433)
696c455 chore: update lockfile after publish
e2eb9ae v27.0.0-next.11
3b253f8 Wait for closed resources to actually close before detecting open handles (I keep having to rm node_modules/.cache/.eslintcache facebook/create-react-app#11429)
27bee72 fix: run GC before collecting open handles (Create React App 5 Alpha facebook/create-react-app#11278)
50451df feat: use fallback if prettier not found (Delete package.json facebook/create-react-app#11400)
150dbd8 chore: update lockfile after publish
6f44529 v27.0.0-next.10
cbcec7d Upgrade fsevents in jest-haste-map (npx creat-react-app project creates lots of error in cmd facebook/create-react-app#11428)
9633a26 feat: support reporters written in ESM (Allow configuring jest's cacheDirectory facebook/create-react-app#11427)
59f42d8 fix: do not cache modules that throw during evaluation (Support for changing the cache location facebook/create-react-app#11263)
57e32e9 Detect open handles with done callbacks (Delete .gitignore facebook/create-react-app#11382)
a397607 Document and test dontThrow for custom inline snapshot matchers (Create React App (CommonJS, ESNext) + Path Alias + Module (Import/Export) + NodeJS + TSConfig.json facebook/create-react-app#10995)
4fa3a0b feat: custom haste (import-plugin-helpers facebook/create-react-app#11107)
2047a36 chore: bump deps (Error Overlay appears on TS compilation errors when TSC_COMPILE_ON_ERROR=true facebook/create-react-app#11419)
a4358d6 chore: run prettier on changelog
bdd6282 Move all default values into `jest-config` (Showing blank page when the site is idle facebook/create-react-app#9924)
db643a1 Link to Jest config (#11106)
b16082c Fix locale issue Use "paths" in tsconfig.json and jsconfig.json facebook/create-react-app#10014 (Bug: when i run react locally the on network ip address is not correct facebook/create-react-app#11412)

See the full diff

Package name: html-webpack-plugin

The new version differs by 50 commits.

eb73905 chore(release): 4.0.0
42a6d4a Add typing for getHooks
a1a37cf Release html-webpack-plugin 4.0.0-beta.14
97f9fb9 fix: load script files before style files files in defer script loading mode
e97ce17 Release html-webpack-plugin 4.0.0-beta.13
e448b5d Release html-webpack-plugin 4.0.0-beta.12
de315eb feat: Add defer script loading
7df269f feat: Provide a verbose error message if html minification failed
1d66e53 feat: merge templateParameters with default template parameters
dfb98e7 Fix typo in template option docts
096a760 Fix broken links in examples
a195c34 docs: Update template-option documentation
40b410e docs: Update example for template parameters
bf017f3 chore: Release 4.0.0-beta.11
2549557 test: Don't use minification for speed measurement
de22fc2 test: Adjust measurment for node 6 on travis
24bf1b5 fix: Update references to html-minifier
f4eafdc chore: Release 4.0.0-beta.10
a2ad30a refactor: Use getAssetPath instead of calling the hook directly
2595a79 chore: Release 4.0.0-beta.9
c66766c feat: Add support for minifying inline ES6 inside html templates
655cbcd Fix README typo
6de319b update lodash dependency for prototype polution vulnerability
35a1541 Properly encode file names emitted as part of URLs.