libreact
libreact copied to clipboard
Published
20 hours ago •
MailOnline
MailOnline
[Snyk] Fix for 5 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073 |
Yes | Proof of Concept |
|
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082 |
Yes | Proof of Concept |
|
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Information Exposure SNYK-JS-NODEFETCH-2342118 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: react-focus-lock
The new version differs by 4 commits.Package name: semantic-release
The new version differs by 250 commits.- 95af1e4 Merge pull request #2332 from semantic-release/beta
- f634b8c fix(npm-plugin): upgraded to the beta, which upgrades npm to v8
- d9e5bc0 fix: upgrade `marked` to resolve ReDos vulnerability (#2330)
- dd7d664 docs: fix a broken link (#2318)
- cd6136d docs: wrong prerelease example (#2307)
- e62c83d docs: remove repeated 'with' word (#2289)
- 5d78fa4 docs(breaking-change): highlighted the need for `BREAKING CHANGE: ` to be in the commit footer (#2283)
- b64855f docs(badge): mentioned referencing the commit convention (#2269)
- 09bcf7a docs: update badges to include preset names (#2266)
- 8e96b23 docs(issue-templates): fixed links to templates for opening issues (#2264)
- 5535268 docs: fix typo (#2262)
- 7f971f3 fix: bump @ semantic-release/commit-analyzer to 9.0.2 (#2258)
- e636621 docs(troubleshooting): typo (#2254)
- f2a2def docs(recipes): fix path to recipes (#2253)
- 628e29e chore(deps): update dependency got to v11.8.3 (#2251)
- 8fda7fd docs(recipes): moved recipes to sub-directories to align with gitbook expectations (#2246)
- 52d76a2 docs(plugin-list): updates semantic-release-plus/docker with updated lifecycle hook. (#2243)
- f092dd1 chore(deps): update dependency nock to v13.2.1 (#2242)
- 03aa7d0 docs(badge): switched to proper semantic-release logo (#2235)
- bc146e4 docs(gitbook): updated the summary document so that missing pages are rendered by gitbook (#2234)
- 5f9d1d1 chore(deps): update dependency nock to v13.2.0 (#2233)
- 7ff71ad chore(deps): update dependency sinon to v12.0.1 (#2231)
- d3958b8 Revert "chore(deps): update dependency p-retry to v5" (#2230)
- 4ae9209 chore(deps): update dependency p-retry to v5 (#2229)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
