suicrux
suicrux copied to clipboard
Metnew
[Snyk] Fix for 21 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
-
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
-
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Configuration Override SNYK-JS-HELMETCSP-469436 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
No | Proof of Concept |
 |
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
No | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-450202 |
No | Proof of Concept |
|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
No | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
No | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-73638 |
No | Proof of Concept |
|
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639 |
No | Proof of Concept |
|
661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8 |
Arbitrary Code Injection SNYK-JS-MORGAN-72579 |
No | Proof of Concept |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Information Exposure SNYK-JS-NODEFETCH-2342118 |
Yes | No Known Exploit |
|
520/1000 Why? Has a fix available, CVSS 5.9 |
Denial of Service SNYK-JS-NODEFETCH-674311 |
Yes | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840 |
Yes | No Known Exploit |
|
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution npm:deep-extend:20180409 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Cross-site Scripting (XSS) npm:react-dom:20180802 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: chokidar
The new version differs by 191 commits.- 7b8e02a Release 3.0.0.
- e7bfe2f Move stuff.
- df7f22e Remove changelog from npm, move to hidden dir.
- 3df7692 Improve naming.
- 6e94ca2 Clean-up.
- 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. (#833)
- 9e0965a Fix Windows tests in Travis CI (#832)
- c95a98f Update stuff.
- 187ff2b test: Trying to fix blinked tests for Travis CI. (#825)
- db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. (#824)
- 41f8782 fix(FsEvents): Remove situation with NaN depth. (#823)
- 7cf3f7e Update readdirp to stable.
- 0927a62 Bump packages.
- 11cd857 Update nyc.
- 99c14d7 Uncomment fsevents.
- cf330a5 Update fsevents.
- 0e4fca5 Fix deps.
- 9c575d4 Fix Windows version (#821)
- 3323d59 fix(Linux): Make event loop hack for keep testing valid. (#820)
- 06214c5 Update to latest readdirp.
- 793639f Rename osxfswatch.
- 078bc2d Refactor and fix freaking tests.
- 2b9bb41 Try node 11.
- 3fe3d4e Test travis.
Package name: helmet
The new version differs by 85 commits.- 5d964d4 3.21.1
- 1e9b8ea Update changelog for 3.21.1 release
- 86f1f59 Update helmet-csp to 2.9.2
- 76ca5bd Update Standard devDependency to latest version
- 0dad3c2 3.21.0
- 33cfd10 Update changelog for 3.21.0 release
- 349117f Update helmet-csp to 2.9.1
- 03d4fa6 Update x-xss-protection from 1.2.0 to 1.3.0
- 3b9d0e8 Update devDependencies to latest versions
- 80fe85f Remove old HISTORY.md
- e3ea074 Use sinon's default sandbox feature
- 968fabd 3.20.1
- d588453 Update changelog for 3.20.1 release
- a5a9679 Update Sinon and Standard to latest versions
- 844739c Update helmet-csp to v2.9.0
- b2a3700 3.20.0
- 87d7323 Update changelog for 3.20.0 release
- a711731 Update Mocha and Standard to latest versions
- 6aab72d Update helmet-csp to 2.8.0
- ac46aaf Minor: in changelog, change "updated" header in under 3.19.0
- 17707ae 3.19.0
- ca34982 Update changelog for 3.19.0 release
- 06d5bde Update all remaining outdated dependencies
- 91e071c Update helmet-crossdomain from 0.3.0 to 0.4.0
Package name: isomorphic-fetch
The new version differs by 12 commits.- fc5e0d0 3.0.0
- 496fa43 Add version that was previously uncomitted to the package.json due to the previous release process
- 9f5a8b6 Add a list of alternatives
- 49280e6 Resolve minor security issue
- 0f5edd0 Explain why Isomorphic Fetch is needed in docs (#135)
- e32b006 Fix travis (#190)
- db0aa8c Update to latest version
- 8bf02c4 Bump node-fetch from 1.7.3 to 2.6.1 (#189)
- 89c7e70 Merge pull request #93 from paulmelnikow/fetch_ponyfill
- 25e3cab Add link to fetch-ponyfill
- 8d33aba Merge pull request #90 from josiah0/update-lintspaces-cli
- c22fcda Update lintspaces-cli
Package name: morgan
The new version differs by 27 commits.- 572dd93 1.9.1
- e02de38 lint: apply standard 12 style
- e329663 Fix using special characters in format
- eb1968a tests: use strict equality checks
- 310b206 build: use yaml eslint configuration
- 5810937 build: [email protected]
- f60afd5 build: [email protected]
- 5295b0c build: [email protected]
- 178daaf build: [email protected]
- 7b08641 build: [email protected]
- 73cb666 build: [email protected]
- edc95aa build: [email protected]
- ace86c3 build: [email protected]
- 4dd1180 lint: apply standard 11 style
- 60c31e8 build: [email protected]
- 05e382f build: [email protected]
- 1a5be20 build: [email protected]
- cf9565f docs: remove gratipay badge
- b66251d build: [email protected]
- 0113732 build: [email protected]
- 47659a9 deps: depd@~1.1.2
- 695f659 build: support Node.js 9.x
- f4c51e9 build: [email protected]
- 4f15f36 build: [email protected]
Package name: offline-plugin
The new version differs by 53 commits.- df08535 [skip ci] 5.0.4
- 363a89e [ci skip] Release 5.0.5
- 56553d4 [ci skip] Release 5.0.4
- ddec2aa Fix tests
- ec987f4 Fix appShell returning the shell file when navigating to sw file's location
- 2cf8af2 Update fixtures to new webpack 4's bundle output format
- 5b9f60a Fix 'only-if-cached' in fetch event error
- 765abb0 Merge pull request #384 from julienw/patch-1
- 9b8e5de Add a link to appShell doc from the doc for cacheMaps
- 1f99abe [skip ci] Readme improvment
- a9daba4 Readme improvment
- eb9c16b Merge pull request #381 from etchteam/master
- fd22075 fix: Update deep-extend
- 1454262 [ci skip] Release 5.0.3
- a2eee00 Make `ServiceWorker.minify` option auto-detect usage of optimization.minimize (webpack 4+)
- 0f73617 [ci skip] Release 5.0.2
- 7b29577 Use never version of loader injection into "after-resolve" NMF
- 65edf58 [ci skip] Release 5.0.1
- bf055a8 Fix plugin usage without options
- c8a6344 [skip ci] Comment demo from readme for now
- 9018bd7 [ci skip] Release 5.0.0
- 5fc00d8 Remove loaders information from build scripts and tests
- b8b961f Fix addAllNormalized wrong behavior with activate and remove undocumented loaders
- 75557ad Fix `isNotRedirectedResponse` function is used without an argument
Package name: semantic-ui-react
The new version differs by 44 commits.- c8fabc7 0.81.2
- 95429e6 feat(Dropdown): lazyLoad prop for menu items (#1918)
- 9af142e fix(Popup): remove semi from typings
- eae01ad fix(Input): fix icon order to ensure rounded border is kept (#2507)
- 06ab95f feat(Popup): add context prop (#2934)
- 02af086 fix(Icon): fix handling of aria-label (#2947)
- 7da1dd0 docs (Search): update layout for search example to accommodate code (#2948)
- caee404 chore(typings): update TypeScript and use tslint-config-airbnb (#2942)
- 1f01e14 chore(package): add `sideEffects: false` for Webpack 4 (#2941)
- e90cc89 chore(package): use shallowequal instead of fbjs and use alias in docs (#2940)
- 4549d14 docs(assets): move images to /public (#2935)
- 0d00166 feat(Sidebar): add lifecycle handlers (#2845)
- 3a594ba fix(examples): webpack 3 App direct import description (#2929)
- 55e9388 fix(Docs): Add babel-polyfill so that the Docs work in IE11 (#2884)
- 43793ae Fix automatic upward logic in IE11. (#2885)
- 6ae850e feat(Sticky): use SUI CSS classes (#2890)
- 531d5d1 fix(Search): wrap categorized search results with "results" (#2909)
- 4e9b8ba chore(package): update lint-stagged (#2914)
- 530a0d6 fix(Modal): remove dimmer={false} (#2882)
- 8a26279 chore(getComponentInfo): handle HOC default exports (#2883)
- 6d6f6eb fix(Icon): remove unexisting aliases (#2879)
- 84fff9d docs(changelog): update changelog [ci skip]
- b44681e 0.81.1
- 9360d31 chore(gulp): fix dist:clean task (#2871)
Package name: serialize-javascript
The new version differs by 49 commits.- b54341e v3.1.0
- 7cee7e4 Revert "support for bigint (#80)"
- 026a445 Bump mocha from 7.1.2 to 7.2.0 (#83)
- 5130a71 support for bigint (#80)
- ea76b23 Bump mocha from 7.1.1 to 7.1.2 (#82)
- 073c8d8 Bump nyc from 15.0.0 to 15.0.1 (#81)
- f21a6fb Don't replace regex / function placeholders within string literals (#79)
- 1ac487e [Security] Bump minimist from 1.2.0 to 1.2.5 (#78)
- c795cef Bump mocha from 7.1.0 to 7.1.1 (#77)
- 3064431 Bump mocha from 7.0.1 to 7.1.0 (#74)
- 9dbe8f6 Update example in README (#73)
- f5957ee v3.0.0
- eed510c Introduce support for Infinity (#72)
- 82bb2d2 Bump mocha from 7.0.0 to 7.0.1 (#71)
- fdfb10a Test on Node.js v12 (#70)
- 2f5f126 Bump mocha from 6.2.2 to 7.0.0 (#69)
- 35062c0 Bump nyc from 14.1.1 to 15.0.0 (#68)
- 6c43b02 v2.1.2
- 3e05a3f Ignore .nyc_output (#64)
- 3c46e8e Bump mocha from 6.2.0 to 6.2.2 (#62)
- 433fc9c 2.1.1
- 16a68ab Merge pull request from GHSA-h9rv-jmmf-4pgx
- 3bab6de Bump mocha from 6.2.1 to 6.2.2 (#60)
- 7a6b13d Bump mocha from 6.2.0 to 6.2.1 (#59)
With a Snyk patch:
| Severity | Priority Score (*) | Issue | Exploit Maturity |
|---|---|---|---|
|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Proof of Concept |
 |
399/1000 Why? Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
No Known Exploit |
|
579/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution npm:extend:20180424 |
No Known Exploit |
|
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution npm:hoek:20180212 |
Proof of Concept |
|
646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2 |
Uninitialized Memory Exposure npm:stringstream:20180511 |
Mature |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905 |
No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Cross-site Scripting (XSS) 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn
