[Snyk] Fix for 3 vulnerabilities

Open nawazdhandala opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- data-browser-ui/package.json
- data-browser-ui/package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 97 commits.

43179a8 chore(release): 1.0.0
3d53968 Merge remote-tracking branch 'origin/master'
240db53 version 1.0 (#742)
1b7acf7 Merge remote-tracking branch 'origin/master'
1703721 docs(README): add more context to `localIdentName` (#711)
1c51265 docs(README): fix malformed emoji (#701)
50f8ec0 Merge remote-tracking branch 'origin/master'
07444ad tests: css custom variables (#709)
3de8aa7 tests: css custom variables (#709)
df497db chore(release): 0.28.11
c788450 fix(lib/processCss): don't check `mode` for `url` handling (`options.modules`) (#698)
c35d8bd chore(release): 0.28.10
9f876d2 fix(getLocalIdent): add `rootContext` support (`webpack >= v4.0.0`) (#681)
0452f26 test: hashes inside `@ font-face` url (#678)
630579d chore(release): 0.28.9
604bd4b chore(package): update dependencies
d1d8221 fix: ignore invalid URLs (`url()`) (#663)
0fc46c7 chore(release): 0.28.8
333a2ce chore(package): update `dependencies`
39773aa ci(travis): use `npm`
8897d44 fix: proper URL escaping and wrapping (`url()`) (#627)
0dccfa9 fix(loader): correctly check if source map is `undefined` (#641)
d999f4a docs: Update importLoaders documentation (#646)
05c36db test: removed redundant `modules` argument (#599)

Package name: webpack

The new version differs by 250 commits.

4be093d 2.2.0
2278469 2.2.0-rc.8
b946eb4 Merge pull request #3988 from malstoun/bug/2664
260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
0ec7de9 Fix regression with watch cli opt, add tests for this case
72226db add missing disable line
4d30675 build fresh yarn.lock file to remove buffer polyfill
91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
0b47602 2.2.0-rc.7
db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
82a5b03 Merge pull request #3977 from malstoun/bug/2664
fc1a43b Merge pull request #3976 from timse/rely-on-defaults
a44694a hoist exports declarations too
682bde8 Fix lint
c6d7d90 Add tests
af8d49e remove defaults values to shave a few bytes
9796696 2.2.0-rc.6
e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
bd45bdc add test case for global in harmony modules
bfccb20 fix PR
5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
437dce4 2.2.0-rc.5
91cb1df Merge pull request #3970 from webpack/ci/appveyor
9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Dec 19 '23 14:12 nawazdhandala