freesoccer
freesoccer copied to clipboard
andrelmlins
[Snyk] Fix for 14 vulnerabilities
Snyk has created this PR to fix 14 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
package.jsonyarn.lock
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462 |
786 |
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238 |
696 |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
696 |
|
Denial of Service (DoS) SNYK-JS-WS-7266574 |
696 |
|
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137 |
686 |
 |
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610 |
646 |
|
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
646 |
|
Directory Traversal SNYK-JS-MOMENT-2440688 |
589 |
|
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181 |
586 |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737 |
586 |
|
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516 |
524 |
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973 |
506 |
|
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088 |
429 |
|
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346 |
344 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Input Validation 🦉 Directory Traversal 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"axios","from":"0.21.2","to":"1.6.8"},{"name":"jest","from":"27.0.6","to":"29.7.0"},{"name":"node-cron","from":"3.0.0","to":"3.0.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-2332181","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FOLLOWREDIRECTS-2396346","priority_score":344,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ISTANBULREPORTS-2328088","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Reverse Tabnabbing"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MOMENT-2440688","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MOMENT-2944238","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-NWSAPI-2841516","priority_score":524,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PROMPTS-1729737","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TOUGHCOOKIE-5672873","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WORDWRAP-3149973","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WS-7266574","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"}],"prId":"3229b894-c409-41d7-bba4-10df81f27605","prPublicId":"3229b894-c409-41d7-bba4-10df81f27605","packageManager":"yarn","priorityScoreList":[786,586,344,686,646,429,589,696,524,586,696,646,506,696],"projectPublicId":"95ff42b6-9522-447c-8f72-a16e1dfaf0cb","projectUrl":"https://app.snyk.io/org/andrelmlins/project/95ff42b6-9522-447c-8f72-a16e1dfaf0cb?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-MOMENT-2440688","SNYK-JS-MOMENT-2944238","SNYK-JS-NWSAPI-2841516","SNYK-JS-PROMPTS-1729737","SNYK-JS-SEMVER-3247795","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-WORDWRAP-3149973","SNYK-JS-WS-7266574"],"vulns":["SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-MOMENT-2440688","SNYK-JS-MOMENT-2944238","SNYK-JS-NWSAPI-2841516","SNYK-JS-PROMPTS-1729737","SNYK-JS-SEMVER-3247795","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-WORDWRAP-3149973","SNYK-JS-WS-7266574"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
