cf-workers-typescript-template icon indicating copy to clipboard operation
cf-workers-typescript-template copied to clipboard

Published 20 hours ago verified publisher icon GregBrimble

[Snyk] Fix for 8 vulnerabilities

Open GregBrimble opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/client/package.json
    • packages/client/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 786/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.3		 Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TMPL-1583443		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @testing-library/jest-dom The new version differs by 44 commits.
  • 948d90f fix: migrate ccs v3 to @ adobe/css-tools v4 (#470)
  • af18453 fix: Support unenclosed inner text for details elements in to be visible (#396)
  • 6988a67 fix: clarify toHaveFocus message when using `.not` (#447)
  • 4d0ceeb docs: add ashleyryan as a contributor for code, ideas (#434)
  • 1f389f8 docs: add astorije as a contributor for code, ideas (#433)
  • 8162115 fix: add custom element support to `toBeDisabled` (#368)
  • 3094eb1 docs: add cbroeren as a contributor for doc (#432)
  • 43a420a docs: Fix wrong toHaveValue example (#431)
  • a9beb47 fix: Improve `toHaveClass` error message format (#405)
  • 6f69437 docs: add IanVS as a contributor for code (#423)
  • de26c7a feat: Update aria-query to 5.0.0 (#414)
  • dfcefa2 fix: wrong deprecate error message (#422)
  • 4cb606c feat: import parse directly from css (#415)
  • 35ab97d docs: add yannbf as a contributor for code (#416)
  • 8876038 docs: add MatanBobi as a contributor for platform (#410)
  • d085039 chore: set protocol for npm to `https` (#409)
  • d24b6be docs: add tu4mo as a contributor for doc (#386)
  • 51ea536 chore: upgrade to Jest 27 (#384)
  • 60832f6 Fix typo (#385)
  • 0e34a35 docs: add icecream17 as a contributor for doc (#381)
  • eccbfcf fix grammar (#380)
  • fc9ce6d fix: Updates deprecated matchers info (#378)
  • 87ffd2a feat: toHaveAccessibleName and toHaveAccessibleDescription (#377)
  • 317e319 docs: Update the documentation of toBeDisabled (#375)

See the full diff

Package name: react-scripts The new version differs by 97 commits.
  • 221e511 Publish
  • 6a3315b Update CONTRIBUTING.md
  • 5614c87 Add support for Tailwind (#11717)
  • 657739f chore(test): make all tests install with `npm ci` (#11723)
  • 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
  • 69321b0 Remove cached lockfile (#11706)
  • 3afbbc0 Update all dependencies (#11624)
  • f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
  • e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
  • c7627ce Update webpack and dev server (#11646)
  • f85b064 The default port used by `serve` has changed (#11619)
  • 544befe Update package.json (#11597)
  • 9d0369b Fix ESLint Babel preset resolution (#11547)
  • d7b23c8 test(create-react-app): assert for exit code (#10973)
  • 1465357 Prepare 5.0.0 alpha release
  • 3880ba6 Remove dependency pinning (#11474)
  • 8b9fbee Update CODEOWNERS
  • cacf590 Bump template dependency version (#11415)
  • 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
  • 50ea5ad allow CORS on webpack-dev-server (#11325)
  • 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
  • 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
  • 134cd3c Resolve dependency issues in v5 alpha (#11294)
  • b45ae3c Update CONTRIBUTING.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS) 🦉 Command Injection 🦉 Prototype Pollution

GregBrimble avatar Dec 19 '23 19:12 GregBrimble