react-multi-carousel [Snyk] Fix for 1 vulnerabilities

[Snyk] Fix for 1 vulnerabilities

Open YIZHUANG opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/ssr/package.json
- examples/ssr/package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 250 commits.

5201cdb v10.0.6
f8f2a17 v10.0.6-canary.12
232209b Remove note about Yarn 2 support. (#21665)
5be31f5 Update CI publish step to trigger after build (#21661)
5582892 v10.0.6-canary.11
843252b Add note about Yarn 2 support. (#21657)
8f21c28 Experimental feature changes (#21646)
08846cf v10.0.6-canary.10
652a1e8 Improvements to webpack tracing, including hot-reload (#21652)
5a73859 Update docs and Create Next App to use API Middlewares by default. (#21639)
8f0c155 Grammatical fixes (#21644)
e75f611 v10.0.6-canary.9
87ed37d Ensure prerender-manifest contains all i18n revalidate values (#21404)
b785fbc chore: upgrade webpack5 (#21563)
35efe8d Remove branches filter from actions cancel workflow (#21564)
cca2000 Update CI docs change diff check (#21558)
e1fe28c Fix and add test filterModuleRules for next-plugin-storybook (#17306)
0370c03 Update links that go to vercel.com/now (#21556)
dc2de37 Font optimization - Pass nonce to inlined font definition (#21346)
004ad62 Allow `undefined` body sent to `sendData()` (#20981)
07d4af9 suppressing eslint warning (#21163)
7aa397f Add Kontent example to preview section (#21542)
a47d47e Change type of GetServerSidePropsContext.req.cookies the be the same as NextApiRequest.cookies (#21336)
f6cc0de Remove mkdirp (#21365)

Package name: snyk

The new version differs by 250 commits.

8987918 Merge pull request #1781 from snyk/fix/replace-proxy
eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
8045ceb test: update proxy tests for the new proxy global-agent
0d0c76a feat: support lowercase http_proxy envvars
e597846 test(proxy): acceptance test for Proxy envvar settings
6d67579 fix: replace vulnerable proxy dependency
1449c57 Merge pull request #1707 from snyk/feat/snyk-fix
3d872fb test: assert exact errors for unsupported
5ebd685 Merge pull request #1777 from snyk/feat/fix-with-version-provenance
17e3431 Merge pull request #1778 from snyk/feat/dont-force-https
fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
77e6665 chore: lerna release with exact version
f14819f Merge pull request #1760 from snyk/feat/support-critical-in-sarif
b286418 feat: v1 support for previously fixed reqs.txt
0384020 feat: basic pip fix -r support
f94c558 feat: include pins optionally
66ca77a feat: do not skip files with -r directive
bc44f9a refactor: fix individual reqs manifest
6e84322 feat: fix individual file with provenance
9ed99f3 Merge pull request #1764 from snyk/feat/update-code-client
c92599b Merge pull request #1774 from snyk/refactor/change-binaries-release-script
ca508ac test: smoke test for `snyk fix`
c68c7da feat: add @ snyk/fix as a dep

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Jan 10 '23 01:01 YIZHUANG