cloudboost icon indicating copy to clipboard operation
cloudboost copied to clipboard
verified publisher icon CloudBoost

[Snyk] Fix for 1 vulnerabilities

Open nawazdhandala opened this issue 3 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • dashboard-ui/package.json
    • dashboard-ui/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4		 Prototype Pollution
SNYK-JS-JSON5-3182856		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 250 commits.
  • 7857d8f chore(release): 4.0.0
  • 5604205 feat: support `file:` protocol
  • 5303db2 chore(deps): update (#1131)
  • 9aa0549 chore(deps): update
  • a54c955 test: imports
  • 5b45d87 test: support in `@ import` at-rule
  • 83515fa refactor: code
  • 1c20b1e fix: parsing
  • 7f49a0a feat: `@ value` supports importing `url()` (#1126)
  • 791fff3 refactor: named export (#1125)
  • 01e8c76 refactor: change function arguments of the `import` option (#1124)
  • c153fe6 refactor: improve schema options (#1123)
  • 58b4b98 test: unresolved (#1122)
  • d2f6bd2 refactor: getLocalIdent function (#1121)
  • 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
  • fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
  • 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
  • 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
  • e1c55e4 refactor: rename the `onlyLocals` option (#1116)
  • ac5f413 refactor: code
  • a5c1b5f test: code coverange (#1114)
  • 908ecee refactor: `esModule` option is `true` by default (#1111)
  • 7cca035 test: coverange (#1112)
  • bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: style-loader The new version differs by 165 commits.
  • 171a747 chore(release): 1.1.4
  • af1b4a9 chore(deps): update
  • a003f05 docs: add links for the options table (#460)
  • 2756e03 chore(release): 1.1.3
  • 236b243 fix: injection algorithm (#456)
  • 36bd8f1 docs: fix typos (#453)
  • de38c39 chore(release): 1.1.2
  • 91ceaf2 fix: algorithm for importing modules (#449)
  • 1138ed7 fix: checking that the list of modules is an array (#448)
  • aa418dd chore(release): 1.1.1
  • 7ee8b04 fix: add empty default export for `linkTag` value
  • c69ea6c chore(release): 1.1.0
  • c7d6e3a fix: order of imported styles (#443)
  • a283b30 test: more manual test (#442)
  • 3415266 feat: `esModule` option (#441)
  • 907aed8 test: refactor (#440)
  • 28e1628 refactor: code (#438)
  • 5c51b90 refactor: cjs (#437)
  • 609263a test: refactor
  • 7768fce chore(release): 1.0.2
  • dcbfadb fix: support ES module syntax (#435)
  • d515edc chore(deps): update (#434)
  • 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (#432)
  • c6164d5 chore(release): 1.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

nawazdhandala avatar Dec 25 '22 21:12 nawazdhandala