Elemento
Elemento copied to clipboard
Published
20 hours ago •
AasthaMehtaTech
AasthaMehtaTech
[Snyk] Fix for 27 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- client/package.json
- client/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-IMMER-1019369 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-IMMER-1540542 |
Yes | Proof of Concept |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088 |
Yes | No Known Exploit |
|
713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4 |
Prototype Pollution SNYK-JS-JSON5-3182856 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LOADERUTILS-3043105 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept |
|
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-OBJECTPATH-1017036 |
No | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-OBJECTPATH-1569453 |
No | Proof of Concept |
|
590/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-OBJECTPATH-1585658 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Command Injection SNYK-JS-REACTDEVUTILS-1083268 |
Yes | Proof of Concept |
|
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062 |
No | Proof of Concept |
|
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Improper Privilege Management SNYK-JS-SHELLJS-2332187 |
No | Proof of Concept |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JS-SOCKJS-575261 |
No | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366 |
Yes | No Known Exploit |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-YARGSPARSER-560381 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jshint
The new version differs by 59 commits.- 61c868c v2.13.4
- eb4609a [[FIX]] Remove shelljs
- b23e125 [[CHORE]] Remove shelljs from internal tooling
- 56d4a47 [[CHORE]] Use consistent interface for fs ops
- 33cfc87 [[CHORE]] Migrate from TravisCI to CircleCI
- a53cc95 [[CHORE]] Update version of package manifest (#3602)
- 2a842ac v2.13.3
- 06accfa [[CHORE]] Correct annotation for globals
- b1426f1 [[FIX]] Recognize ES2020 globals
- be94b1d [[DOCS]] Remove david-dm badges (#3596)
- 5608b03 v2.13.2
- 043f98a [[CHORE]] Add package-lock.json
- cc1adf6 [[FIX]] Add missing well-known globals (#3582)
- 057b1c6 [[FIX]] Tolerate keyword in object shorthand
- ecae54a [[FIX]] Tolerate unterminated nullish coalescing
- ca06e6a [[FIX]] add URL for node in src/vars.js (#3570)
- 75e48b7 [[FIX]] change escape-sequence handler for double quotes (\") (#3566)
- 4a681b9 [[FIX]] Limit "Too many Errors" (E043) to errors only (#3562)
- fddcd02 v2.13.1
- 11dc0a6 [[FIX]] Allow optional chaining call as satement
- 7c890aa [[FIX]] Tolerate dangling NewExpression
- 71ec395 [[FIX]] Allow invoking result of optional chaining
- 7bae44b v2.13.0
- 7c36c81 Merge pull request #3486 from jshint/v2.12.0
Package name: react-scripts
The new version differs by 238 commits.- 221e511 Publish
- 6a3315b Update CONTRIBUTING.md
- 5614c87 Add support for Tailwind (#11717)
- 657739f chore(test): make all tests install with `npm ci` (#11723)
- 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
- 69321b0 Remove cached lockfile (#11706)
- 3afbbc0 Update all dependencies (#11624)
- f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
- e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
- c7627ce Update webpack and dev server (#11646)
- f85b064 The default port used by `serve` has changed (#11619)
- 544befe Update package.json (#11597)
- 9d0369b Fix ESLint Babel preset resolution (#11547)
- d7b23c8 test(create-react-app): assert for exit code (#10973)
- 1465357 Prepare 5.0.0 alpha release
- 3880ba6 Remove dependency pinning (#11474)
- 8b9fbee Update CODEOWNERS
- cacf590 Bump template dependency version (#11415)
- 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
- 50ea5ad allow CORS on webpack-dev-server (#11325)
- 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
- 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
- 134cd3c Resolve dependency issues in v5 alpha (#11294)
- b45ae3c Update CONTRIBUTING.md
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn
