cloudboost icon indicating copy to clipboard operation
cloudboost copied to clipboard
verified publisher icon CloudBoost

[Snyk] Fix for 8 vulnerabilities

Open nawazdhandala opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • dashboard-ui/package.json
    • dashboard-ui/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Input Validation
SNYK-JS-POSTCSS-5926692		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 168 commits.
  • 634ab49 chore(release): 2.0.0
  • 6ade2d0 refactor: remove unused file (#860)
  • e7525c9 test: nested url (#859)
  • 7259faa test: css hacks (#858)
  • 5e6034c feat: allow to filter import at-rules (#857)
  • 5e702e7 feat: allow filtering urls (#856)
  • 9642aa5 test: css stuff (#855)
  • 3338656 fix: reduce number of require for url (#854)
  • 533abbe test: issue 636 (#853)
  • 08c551c refactor: better warning on invalid url resolution (#852)
  • b0aa159 test: issue #589 (#851)
  • f599c70 fix: broken unucode characters (#850)
  • 1e551f3 test: issue 286 (#849)
  • 419d27b docs: improve readme (#848)
  • d94a698 refactor: webpack-default (#847)
  • b97d997 feat: schema options
  • 453248f fix: support module resolution in composes (#845)
  • 8a6ea10 refactor: postcss plugins (#844)
  • fdcf687 fix: url resolving logic (#843)
  • 889dc7f feat: allow to disable css modules and disable their by default (#842)
  • ee2d253 test: importLoaders option (#841)
  • 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
  • fe94ebc test: icss reserved keywords (#839)
  • 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: react-ace The new version differs by 84 commits.
  • 31ea6c5 Merge pull request #277 from securingsincity/fix-build-5.2.2
  • 369da31 5.2.2 - fix broken build because of open collective
  • cefc2d8 Merge pull request #274 from securingsincity/greenkeeper/eslint-4.8.0
  • 4ea52cb chore(package): update eslint to version 4.8.0
  • 3de8fb1 Merge pull request #273 from securingsincity/greenkeeper/coveralls-3.0.0
  • 8ff970a chore(package): update coveralls to version 3.0.0
  • d4be95a Merge pull request #270 from securingsincity/greenkeeper/react-test-renderer-16.0.0
  • 6647624 Merge pull request #272 from securingsincity/greenkeeper/webpack-dev-server-2.9.1
  • 25faeda chore(package): update webpack-dev-server to version 2.9.1
  • d2093d1 Merge pull request #271 from securingsincity/greenkeeper/webpack-dev-server-2.9.0
  • b8cd6d0 chore(package): update webpack-dev-server to version 2.9.0
  • 6b3c321 chore(package): update react-test-renderer to version 16.0.0
  • a5a6658 Merge pull request #266 from securingsincity/greenkeeper/enzyme-3.0.0
  • 0ef6c18 Upgrade to enzyme 3
  • 4f10b81 chore(package): update enzyme to version 3.0.0
  • 907fdc7 Merge pull request #267 from securingsincity/greenkeeper/sinon-4.0.0
  • a536e58 chore(package): update sinon to version 4.0.0
  • f66c44a 5.2.1
  • 28a847e Upgrade dependencies that were blocked and remove opencollective post install
  • aad7c5d Merge pull request #264 from securingsincity/greenkeeper/chai-4.1.2
  • bef52ae Merge pull request #259 from securingsincity/greenkeeper/babel-eslint-8.0.0
  • c57bc8a Merge pull request #262 from gdi2290/patch-1
  • b6e7f08 Fix build and tests
  • 0414aca chore(package.json): use prepublishOnly

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 Improper Input Validation

nawazdhandala avatar Nov 28 '23 15:11 nawazdhandala