react-molin
react-molin copied to clipboard
Published
20 hours ago •
Molin123
Molin123
[Snyk] Fix for 12 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181 |
Yes | Proof of Concept |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Information Exposure SNYK-JS-NODEFETCH-2342118 |
Yes | No Known Exploit |
|
520/1000 Why? Has a fix available, CVSS 5.9 |
Denial of Service SNYK-JS-NODEFETCH-674311 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Input Validation SNYK-JS-POSTCSS-5926692 |
Yes | No Known Exploit |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: antd-mobile
The new version differs by 250 commits.- 4b7a202 doc: update home page
- 20a4068 doc: update doc for v5 publish
- 2f99247 chore: upgrade dependencies
- f4918f9 chore: update version and publish script
- fc6a5c8 doc: update banner image
- 7b85f30 chore: change version
- a8bf311 refactor: (Form) move layout style to `Form.Item` (#4795)
- 510aaf8 fix: (PullToRefresh) prevent jitter when pulling down (#4800)
- ed91b3d chore: remove @ types/classnames (#4798)
- f495b46 feat: (Form.Item) add help popover and icon (#4799)
- 6ca4bce doc: update logo and banner
- a50d0a4 doc: update
- 1115b0c doc: update the name of Checkbox in Chinese
- 1aff646 fix: (Tabs) animation does not work when some tabs dynamically changed when switching
- 06aa747 doc: (Icon) selector of copy type must have state (#4794)
- 24adac1 doc: update home page
- 8b43a27 feat: (ProgressCircle) add some CSS variable globals (#4792)
- c06f03c refactor: (ProgressCircle) remove unused prop `strokeColor` (#4791)
- 9c177ad refactor: (ProgressBar) replace CSS Variables `--fill-color` default value (#4793)
- 6cccc60 feat:(Calendar) add onPageChange (#4725) (#4786)
- 17adefc enhance: (Input) add `min-height` style (#4787)
- 217e909 feat: (Form) form item add `description` prop (#4781)
- 4ead11b doc: fix typo
- 3848dd7 refactor: (Slider) make thumb icon as a svg React component
Package name: css-loader
The new version differs by 146 commits.- 634ab49 chore(release): 2.0.0
- 6ade2d0 refactor: remove unused file (#860)
- e7525c9 test: nested url (#859)
- 7259faa test: css hacks (#858)
- 5e6034c feat: allow to filter import at-rules (#857)
- 5e702e7 feat: allow filtering urls (#856)
- 9642aa5 test: css stuff (#855)
- 3338656 fix: reduce number of require for url (#854)
- 533abbe test: issue 636 (#853)
- 08c551c refactor: better warning on invalid url resolution (#852)
- b0aa159 test: issue #589 (#851)
- f599c70 fix: broken unucode characters (#850)
- 1e551f3 test: issue 286 (#849)
- 419d27b docs: improve readme (#848)
- d94a698 refactor: webpack-default (#847)
- b97d997 feat: schema options
- 453248f fix: support module resolution in composes (#845)
- 8a6ea10 refactor: postcss plugins (#844)
- fdcf687 fix: url resolving logic (#843)
- 889dc7f feat: allow to disable css modules and disable their by default (#842)
- ee2d253 test: importLoaders option (#841)
- 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
- fe94ebc test: icss reserved keywords (#839)
- 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)
Package name: html-webpack-plugin
The new version differs by 196 commits.- eb73905 chore(release): 4.0.0
- 42a6d4a Add typing for getHooks
- a1a37cf Release html-webpack-plugin 4.0.0-beta.14
- 97f9fb9 fix: load script files before style files files in defer script loading mode
- e97ce17 Release html-webpack-plugin 4.0.0-beta.13
- e448b5d Release html-webpack-plugin 4.0.0-beta.12
- de315eb feat: Add defer script loading
- 7df269f feat: Provide a verbose error message if html minification failed
- 1d66e53 feat: merge templateParameters with default template parameters
- dfb98e7 Fix typo in template option docts
- 096a760 Fix broken links in examples
- a195c34 docs: Update template-option documentation
- 40b410e docs: Update example for template parameters
- bf017f3 chore: Release 4.0.0-beta.11
- 2549557 test: Don't use minification for speed measurement
- de22fc2 test: Adjust measurment for node 6 on travis
- 24bf1b5 fix: Update references to html-minifier
- f4eafdc chore: Release 4.0.0-beta.10
- a2ad30a refactor: Use getAssetPath instead of calling the hook directly
- 2595a79 chore: Release 4.0.0-beta.9
- c66766c feat: Add support for minifying inline ES6 inside html templates
- 655cbcd Fix README typo
- 6de319b update lodash dependency for prototype polution vulnerability
- 35a1541 Properly encode file names emitted as part of URLs.
Package name: less
The new version differs by 250 commits.- e4f7551 v3.12.0
- 371185c v3.12.0-RC.2 (#3540)
- d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
- a722237 Remove lib folder from git (#3531)
- e0f5c1a Move changelog to root (#3530)
- f7bdce7 Duplicate dist files in root for older links (#3529)
- 0925cf1 Test-data module (#3525)
- 51fb02b Fixes #3504 / organizes tests (#3523)
- efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
- 2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
- a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
- e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
- 95b9007 Update changelog
- 6238bbc Fixes #3508 (#3509)
- 8338366 Update README.md
- 6313bc5 Update changelog
- 53bf877 Remove tree caching in import manager (#3498)
- 0f271f3 issue#3481 ignore missing debugInfo (#3482)
- 3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
- 0715d90 fix: Use make-dir instead of mkdirp (#3490)
- 2634494 Properly exit calc mode after use (#3493)
- 096dd22 Convert to auto-changelog (#3477)
- 842386b Fixes #3469 - Include tslib dependency (#3475)
- 1adaadb 3.11.0 (#3468)
Package name: optimize-css-assets-webpack-plugin
The new version differs by 2 commits.Package name: svg-sprite-loader
The new version differs by 136 commits.- 3364249 2.0.1
- c21fc48 Update examples
- 6d202f2 Refactoring
- 03b2353 Use browser sprite by default
- e7e56fd Update README.md
- c237eec 2.0.0
- a2947e8 Add toc to readme
- 4dbf434 Merge branch '2.0'
- 36f48fe Update README
- 39a1922 Update 2.0 overview
- b2aa0ab Restore missed section in overview
- 85ce360 Add 2.0 overview
- ca52ed6 Update README
- fe5158c Update config
- 72b152d Fix bluebird warning (https://snyk.io/redirect/github/kisenka/svg-sprite-loader/issues/91#issuecomment-297690801)
- e5d2afc Runtime compat
- a7ef2e8 Update yarn lock
- f21f87b Update yarn lock
- d42e03a Update yarn lock
- f5066ff Update yarn lock
- dedbba6 Update webpack-toolkit
- e7c307b Update set-env script
- e1b9030 Update dependencies
- 1e3cc72 Refactoring
Package name: webpack
The new version differs by 250 commits.- 610f368 5.0.0
- 5ce65c1 update examples
- bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
- 75ecff2 5.0.0-rc.6
- bfc35d6 Merge pull request #11603 from MayaWolf/master
- 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
- 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
- 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
- 9130d10 fix called variables with ProvidePlugin
- 3e42105 Merge pull request #11620 from webpack/bugfix/11617
- 4709719 skip connections copied to concatenated module
- 57b493f 5.0.0-rc.5
- 1658e2f Merge pull request #11618 from webpack/bugfix/11615
- a8fb45d fixes crash in SideEffectsFlagPlugin
- 84b196d emit error instead of crashing when unexpected problem occurs
- 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
- 9b5cce9 Merge pull request #11609 from snitin315/export-types
- 37c495c export type RuleSetUseItem
- 39faf34 export type RuleSetUse
- e5fd246 export type RuleSetConditionAbsolute
- 660baad export RuleSetCondition types
- 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
- 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
- 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4
Package name: webpack-dev-server
The new version differs by 250 commits.- c9271b9 chore(release): 4.0.0
- 18bf369 test: fix stability (#3676)
- cdcabb2 fix: respect protocol from browser for manual setup (#3675)
- 1768d6b fix: initial reloading for lazy compilation (#3662)
- 4f5bab1 docs: improve examples (#3672)
- f2d87fb fix: improve https CLI output (#3673)
- 0277c5e chore: remove redundant console statements (#3671)
- 16fcdbc docs: add `ipc` example (#3667)
- 8915fb8 test: add e2e tests for built in routes (#3669)
- 4d1cbe1 docs: ask `version` information in issue template (#3668)
- b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
- ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
- f1fdaa7 chore(release): 4.0.0-rc.1
- c4678bc fix: legacy API (#3660)
- d8bdd03 test: fix stability (#3661)
- 22b1414 refactor: remove `killable` (#3657)
- 75bafbf test: add e2e tests for module federation (#3658)
- 493ccbd chore(deps): update `ws` (#3652)
- ae8c523 test: add e2e test for universal compiler (#3656)
- f94b84f chore(deps): update (#3655)
- 1923132 test: fix cli
- 2adfd01 test: fix todo (#3653)
- 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
- c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Improper Input Validation 🦉 Server-side Request Forgery (SSRF) 🦉 More lessons are available in Snyk Learn
