sendbird-javascript-samples
sendbird-javascript-samples copied to clipboard
Published
20 hours ago •
sendbird
sendbird
[Snyk] Fix for 25 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- react/react-app-composed/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-IMMER-1019369 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-IMMER-1540542 |
Yes | Proof of Concept |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Directory Traversal SNYK-JS-MOMENT-2440688 |
No | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Open Redirect SNYK-JS-NODEFORGE-2330875 |
Yes | Proof of Concept |
|
529/1000 Why? Has a fix available, CVSS 6.3 |
Prototype Pollution SNYK-JS-NODEFORGE-2331908 |
Yes | No Known Exploit |
|
494/1000 Why? Has a fix available, CVSS 5.6 |
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337 |
Yes | No Known Exploit |
|
579/1000 Why? Has a fix available, CVSS 7.3 |
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339 |
Yes | No Known Exploit |
|
494/1000 Why? Has a fix available, CVSS 5.6 |
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-OBJECTPATH-1017036 |
No | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-OBJECTPATH-1569453 |
No | Proof of Concept |
|
590/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-OBJECTPATH-1585658 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640 |
No | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Command Injection SNYK-JS-REACTDEVUTILS-1083268 |
Yes | Proof of Concept |
|
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062 |
No | Proof of Concept |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JS-SOCKJS-575261 |
No | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-YARGSPARSER-560381 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @svgr/webpack
The new version differs by 197 commits.- af9a6cb v6.0.0
- e9469c3 Merge pull request #629 from gregberge/rewriting-docs
- eb3282b docs: rewriting
- 6f832f0 Merge pull request #627 from gregberge/support-css-variables
- cbdb47f fix: support CSS variables
- 985444d chore: fix package-lock.json
- a5effba v6.0.0-alpha.4
- 3f071d6 Merge pull request #626 from gregberge/upgrade-deps
- daf6a08 chore(deps): upgrade
- 1c5f163 Merge pull request #625 from gregberge/icon-size
- 483560d chore: fix package-lock.json
- 3c0b779 feat: allow to specify icon size
- 6ba16a3 Merge pull request #624 from gregberge/various-things
- f61c8ba chore: fix ref following refactoring
- 261e1b5 v6.0.0-alpha.3
- fe5c117 Merge pull request #623 from gregberge/webpack
- 9a4cbce docs(examples): update examples
- 1a8cc98 fix(webpack): fix webpack 5 behaviour with url-loader
- a857bb1 feat: support mask-type property (#621)
- 5966714 fix(template): make it possible to use type in template (#619)
- 9ea5da4 refactor(core): use exportName transform (#616)
- 8a1b0aa docs(readme): Fixing CRA link (#618)
- 00a1d4b chore: fix package-lock.json
- f729efa v6.0.0-alpha.2
Package name: html-webpack-plugin
The new version differs by 166 commits.- 873d75b chore(release): 5.5.0
- ddeb774 chore: update examples
- 1e42625 feat: Support type=module via scriptLoading option
- 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
- 79be779 [chore] changes actions to run on pull_requests
- b7e5859 [chore] fixes CI to avoid race conditions
- 48131d3 chore(release): 5.4.0
- 16a841a [chore] rebuild examples
- 3bb7c17 Update index.js
- e38ac97 Update index.js
- f08bd02 [chore] updates fixtures
- d62a10f [chore] upgrades [email protected] -> 6.0.2
- 2f5de7a Remove archived plugin
- 8f8f7c5 chore(release): 5.3.2
- 053c6e6 chore: update snapshot tests for webpack 5.4.0
- 9c7fba0 Fix security vulnerabilities
- b98fbeb Fix security vulnerabilities
- 25cdfc7 Added inject-body-webpack-plugin to readme
- 0e4c1fb Update README to document actual behavior
- 0a6568d chore(release): 5.3.1
- 82d0ee8 fix: remove loader-utils from plugin core
- 6f39192 chore(release): 5.3.0
- d654f5b feat: allow to modify the interpolation options in webpack config
- 41d7a50 feat: drop loader-utils dependency
Package name: jest
The new version differs by 22 commits.- ff9269b chore: bump most dated deps (#8850)
- 7594141 chore: upgrade to eslint@6 (#8855)
- b33ce0d chore: upgrade to micromatch v4 (#8852)
- d6ff72a chore: add node 12 to CI (#8411)
- 7e9b4ea chore: upgrade jsdom (#8851)
- 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
- ce47c6c Get rid of Node 6 support (#8455)
- bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (#8859)
- d523fa8 bug.md: highlights placeholder should be removed (#8836)
- 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (#8389)
- b09de2d chore: bump node-notifier for node v6 support
- 557a39f fix(linter): Fix linting failure introduced in #8847 😓 (#8849)
- 012472b fix(docs): Update broken links in docs. (#8847)
- ee2bea1 chore: sort member in imports (#8846)
- 9ba4594 add Chinese Jest work with AngularJS tutorial (#8828)
- 0e5b363 chore: reduce reliance on esModuleInterop (#8842)
- d69f8d3 getTimerCount will not include cancelled immediates (#8764)
- b4bd77b Fix grammar: "your jest's config"->"your Jest..." (#8843)
- 54b3dcf Fix grammar: "a known issues"->"a known issue" (#8844)
- e76c7da docs: update matchMedia methods (#8835)
- 23b9860 chore: roll new version of docs
- 3cdbd55 Release 24.9.0
Package name: optimize-css-assets-webpack-plugin
The new version differs by 5 commits.Package name: react-dev-utils
The new version differs by 238 commits.- 221e511 Publish
- 6a3315b Update CONTRIBUTING.md
- 5614c87 Add support for Tailwind (#11717)
- 657739f chore(test): make all tests install with `npm ci` (#11723)
- 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
- 69321b0 Remove cached lockfile (#11706)
- 3afbbc0 Update all dependencies (#11624)
- f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
- e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
- c7627ce Update webpack and dev server (#11646)
- f85b064 The default port used by `serve` has changed (#11619)
- 544befe Update package.json (#11597)
- 9d0369b Fix ESLint Babel preset resolution (#11547)
- d7b23c8 test(create-react-app): assert for exit code (#10973)
- 1465357 Prepare 5.0.0 alpha release
- 3880ba6 Remove dependency pinning (#11474)
- 8b9fbee Update CODEOWNERS
- cacf590 Bump template dependency version (#11415)
- 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
- 50ea5ad allow CORS on webpack-dev-server (#11325)
- 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
- 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
- 134cd3c Resolve dependency issues in v5 alpha (#11294)
- b45ae3c Update CONTRIBUTING.md
Package name: terser-webpack-plugin
The new version differs by 3 commits.Package name: webpack-dev-server
The new version differs by 250 commits.- 5280ee7 docs: fix typo
- d834582 chore(release): 4.7.3
- 7b8c85b chore(deps): update `selfsigned` (#4170)
- d598325 chore: fix lint
- c1907f1 refactor: remove redundant `if` statements (#4158)
- e535f25 ci: debug (#4144)
- 75999bb chore(release): 4.7.2
- 90a96f7 ci: fix (#4143)
- f6bc644 fix: compatible with `onAfterSetupMiddleware`
- 317e4b9 docs: fix testing instructions (#4133)
- ff4550e test: remove redundant test cases related to 3rd party code (#4131)
- 0dd1ee6 test: add e2e tests for `setupExitSignals` option (#4130)
- afe4975 chore(release): 4.1.7
- 4e5d8ea fix: droped `url` package (#4132)
- b0c98f0 chore(release): 4.7.0
- 3138213 chore(deps): update (#4127)
- 8f02c3f feat: added types
- f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (#4126)
- 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (#4125)
- f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (#4121)
- c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (#4124)
- 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (#4122)
- f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (#4120)
- c13aa56 feat: added the `setupMiddlewares` option (#4068)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn
