ac-react-reddit icon indicating copy to clipboard operation
ac-react-reddit copied to clipboard

Published 20 hours ago verified publisher icon abdullahceylan

[Snyk] Fix for 11 vulnerabilities

Open abdullahceylan opened this issue 3 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
medium severity 449/1000
Why? Has a fix available, CVSS 4.7		 Open Redirect
SNYK-JS-NEXT-1540422		 Yes No Known Exploit
medium severity 434/1000
Why? Has a fix available, CVSS 4.4		 Path Traversal
SNYK-JS-NEXT-561584		 Yes No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840		 Yes No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIM-1017038		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: next The new version differs by 250 commits.
  • ce4adfc v11.1.0
  • 092a476 v11.0.2-canary.31
  • ebb6a30 Revert "Add warning during `next build` when sharp is missing (#27933)"
  • 52486ce v11.0.2-canary.30
  • 8ac3254 Revert "Next swc publish flow (#27932)"
  • 6014b6e v11.0.2-canary.29
  • 4cd45aa Add rootDir setting to eslint-plugin-next (#27918)
  • e61ea6f Add manifest check step and add missing items (#27934)
  • 94fc6f0 Next swc publish flow (#27932)
  • 51a2a02 Add warning during `next build` when sharp is missing (#27933)
  • 459b391 Add experimental `concurrentFeatures` config (#27768)
  • 3c837ed test(next): add tests for Node-like hashbang support (#27906)
  • 12eb812 Add data-nimg attribute to image component (#27899)
  • b4be678 Remove duplicate type for StaticImageData (#27931)
  • 83b3ceb Update release stats job name (#27923)
  • 681d298 update to webpack 5.50.0 (#27929)
  • b881d65 Adding a missing a period (#27928)
  • 43393d5 Fix `next/script` unhandled promise rejection (#27903)
  • eb871d3 Replace `placeholder` with `blurDataURL` in global `StaticImageData` type (#27916)
  • 0cc4a98 Little typo (#27911)
  • 8cbaa40 v11.0.2-canary.28
  • 97174ac Add with-cypress example (#27900)
  • 6a32d85 Update with-jest example (#27894)
  • 9d3e895 Upgrade styled-jsx to v4 (#27890)

See the full diff

Package name: react-markdown The new version differs by 18 commits.
  • 45b9977 5.0.0
  • eeea3c2 Update `changelog.md`
  • 5d6c9f1 Refactor scripts
  • d29478f Add type tests
  • 4f5dbe2 Add note
  • 7a5e3a1 Add `allowDangerousHtml`, preferred over `escapeHtml`
  • 2675ae2 Remove docs on `source`
  • 34b0883 Change default branch to `main`
  • 22a5e49 Refactor and test for 100% coverage
  • b3aa6e0 Rewrite readme for unified, more examples
  • a9f163d Move demo to `website` branch
  • 4f1a407 Change to clean project, update, refactor scripts
  • ebebf51 Upgrade remark to version 8, unified to version 9
  • e400f6f Upgrade to remark-parse@6
  • 3260f57 Run tests on node 12
  • 6eff8d1 Pass AST node to all non-tag/non-fragment renderers as prop
  • ca25be1 Fix link to demo in readme
  • 9b4eb84 Updated remark-parse github link (#447)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn

abdullahceylan avatar Oct 06 '22 01:10 abdullahceylan