gridsome-source-sanity
gridsome-source-sanity copied to clipboard
sanity-io
[Snyk] Fix for 9 vulnerabilities
Snyk has created this PR to fix 9 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.json
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Improper Input Validation SNYK-JS-URLPARSE-2407770 |
726 |
|
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137 |
686 |
 |
Information Exposure SNYK-JS-EVENTSOURCE-2823375 |
646 |
|
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610 |
646 |
|
Access Restriction Bypass SNYK-JS-URLPARSE-2401205 |
641 |
|
Authorization Bypass SNYK-JS-URLPARSE-2407759 |
641 |
|
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697 |
631 |
|
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181 |
586 |
|
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346 |
514 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@sanity/client","from":"2.19.0","to":"6.15.5"},{"name":"axios","from":"0.22.0","to":"1.6.8"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-EVENTSOURCE-2823375","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-2332181","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FOLLOWREDIRECTS-2396346","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-2332181","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FOLLOWREDIRECTS-2396346","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2401205","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access Restriction Bypass"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2407759","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Authorization Bypass"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2407770","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2412697","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Authorization Bypass Through User-Controlled Key"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2401205","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access Restriction Bypass"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2407759","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Authorization Bypass"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2407770","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-URLPARSE-2412697","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Authorization Bypass Through User-Controlled Key"}],"prId":"f7680572-4367-455f-ba71-2bad37f81638","prPublicId":"f7680572-4367-455f-ba71-2bad37f81638","packageManager":"npm","priorityScoreList":[646,586,514,686,646,641,641,726,631],"projectPublicId":"2c200d58-9b77-4bf6-9aba-dca0512830e9","projectUrl":"https://app.snyk.io/org/frontend-6c4/project/2c200d58-9b77-4bf6-9aba-dca0512830e9?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-EVENTSOURCE-2823375","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-URLPARSE-2401205","SNYK-JS-URLPARSE-2407759","SNYK-JS-URLPARSE-2407770","SNYK-JS-URLPARSE-2412697"],"vulns":["SNYK-JS-EVENTSOURCE-2823375","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-URLPARSE-2401205","SNYK-JS-URLPARSE-2407759","SNYK-JS-URLPARSE-2407770","SNYK-JS-URLPARSE-2412697"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@sanity/[email protected] | None | 0 |
1.93 MB | sanity-io |
| npm/@sanity/[email protected] | None | 0 |
6.96 kB | sanity-io |
| npm/@types/[email protected] | None | 0 |
5.2 kB | types |
| npm/@types/[email protected] | None | 0 |
8.14 kB | types |
| npm/@types/[email protected] | None | 0 |
8.29 kB | types |
| npm/@types/[email protected] | None | 0 |
6.73 kB | types |
| npm/@vercel/[email protected] | None | 0 |
25.4 kB | vercel-release-bot |
| npm/[email protected] | network | 0 |
1.84 MB | jasonsaayman |
| npm/[email protected] | None | 0 |
5.68 kB | sindresorhus |
| npm/[email protected] | network | 0 |
58.1 kB | yaffle |
| npm/[email protected] | None | 0 |
30 kB | olalonde, rubenverborgh |
| npm/[email protected] | filesystem, network | 0 |
43.4 kB | niftylettuce |
| npm/[email protected] | None | 0 |
705 kB | armandocerna, ash, atombender, ...53 more |
| npm/[email protected] | None | 0 |
4.42 kB | sindresorhus |
| npm/[email protected] | environment | 0 |
29.5 kB | rob-w |
| npm/[email protected] | None | 0 |
4.5 MB | blesh |
| npm/[email protected] | None | 0 |
86.2 kB | typescript-bot |
🚮 Removed packages: npm/@rexxars/[email protected]), npm/@sanity/[email protected]), npm/@sanity/[email protected]), npm/@sanity/[email protected]), npm/@sanity/[email protected]), npm/@sanity/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected])
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}