design-system
design-system copied to clipboard
Published
20 hours ago •
salesforce-ux
salesforce-ux
[Snyk] Fix for 4 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992 |
Yes | No Known Exploit |
 |
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LOADERUTILS-3043105 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943 |
Yes | No Known Exploit |
|
798/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3177391 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @mdx-js/loader
The new version differs by 78 commits.- bf7deab v2.0.0-next.5
- 5c15a00 fix(remark-mdx): move remark-stringify to deps (#1190)
- f59b174 Make type test run in their own action, closes #1172 (#1179)
- 9ac9755 docs(typescript): document how to use mdx 2 with typescript (#1181)
- 42077e4 ci(github): update github actions to latest versions (#1180)
- cc95646 ci(github): update github actions and dtslint to latest (#1178)
- 6098d94 Remove deprecated plugin options, fixes #718 (#1174)
- 0da2fcf Specify pre-dist-tag
- e1b45e3 v2.0.0-next.4
- 649dbd8 Implement inline link serialization that doesn't wrap them in angle (#1171)
- d08c5b6 Make testing matrix simpler (#1173)
- d0059c8 v2.0.0-next.3
- fa091d2 v2.0.0-next.2
- 7829b88 Move publish to its own action
- afd60c2 Break out linting into its own action
- 3ca8e0a Fix linting (#1161)
- 577d48f Fix some linting
- db93304 Improve export name extraction for shortcode generation (#1160)
- ea9970a Bump deps, fix core-js version in babel configs
- 166fd9d v2.0.0-next.1
- 569f82f Make preid next to match dist tag
- a3d8f08 types: add types to test utils (#1083)
- e2eb4ee types: add typescript typings for remark-mdx, remark-mdx-remove-exports, remark-mdx-remove-imports, @ mdx-js/util (#1082)
- 65af47c Break three main tests into their own scripts
Package name: @storybook/addon-docs
The new version differs by 250 commits.- 05070ca v6.5.0
- 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
- ca93284 6.5.0 changelog
- ff28cd9 6.5.0-rc.1 next.json version file
- 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
- 3f09d4e v6.5.0-rc.1
- 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
- 4b50e28 6.5.0-rc.1 changelog
- 0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
- 95a5c80 move nextjs detection up
- 152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
- 2948cae ArgsTable: Gracefully handle conditional args failures
- f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
- 73cf6ba adds MDX 2 docs and gotchas
- 64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
- fef1a32 Fixes broken links
- 82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
- ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
- 9583cea remove repeated test
- 1b396fd 6.5.0-rc.0 next.json version file
- 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
- c27fd9e v6.5.0-rc.0
- b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
- 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]
Package name: simple-git
The new version differs by 250 commits.- d716d32 Merge pull request #877 from steveukx/changeset-release/main
- 1a12952 Version Packages
- 12b8fc3 Merge pull request #864 from steveukx/dependabot/npm_and_yarn/minimatch-3.0.5
- ec97a39 Block unsafe pack (push --exec) (#882)
- 0a623e5 Feat/unsafe pack (#881)
- b45d08b Merge pull request #876 from steveukx/feat/support-checkout-B
- 97fde2c Add support for using the `-B` modifier instead of the default `-b` when using `checkoutBranch` / `checkoutLocalBranch`.
- edfd459 Update readme.md
- 459ec92 Merge pull request #868 from steveukx/changeset-release/main
- c9fc61f Version Packages
- de570ac Fix/non strings (#867)
- 7efdcbc chore(deps): bump minimatch from 3.0.4 to 3.0.5
- e1d66b6 Merge pull request #863 from steveukx/changeset-release/main
- d4764bf Version Packages
- 7746480 Chore: bump lerna, jest and create prettier workflow (#862)
- 47030d5 Merge pull request #861 from steveukx/security/protocols
- 6b3c631 Create the `unsafe` plugin to configure how `simple-git` treats known potentially unsafe operations.
- 3324eed Merge pull request #855 from steveukx/changeset-release/main
- e459622 Version Packages
- 2ea0231 Merge pull request #854 from steveukx/chore/update-lerna
- 5a2e7e4 Add version parsing support for non-numeric patches (to include built… (#853)
- 88fee05 Chore: bump lerna to latest `5.5.1`
- 0f964ba Merge pull request #849 from steveukx/changeset-release/main
- 6460a1f Version Packages
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn
