react-multi-carousel icon indicating copy to clipboard operation
react-multi-carousel copied to clipboard

Published 20 hours ago β€’ verified publisher icon YIZHUANG

[Snyk] Security upgrade next from 8.0.3 to 9.3.4

Open YIZHUANG opened this issue 11 months ago β€’ 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/ssr/package.json
    • examples/ssr/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 763/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4		 Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: next The new version differs by 250 commits.
  • 8c899ee v9.3.4
  • e000d84 v9.3.4-canary.4
  • 7b546a9 Update hello-world example React version & name for CodeSandbox (#11550)
  • a37ad0a Add notes to styled-components example README (#11540)
  • a992444 v9.3.4-canary.3
  • 3f6bd47 Update build output with renamed column (#11401)
  • 1992e2a Example/update unstated (#11534)
  • d61eced Update to make sure AMP only bundles are always removed in pro… (#11527)
  • fa5da6d Remove passing of NODE_OPTIONS='--inspect' to subprocesses (#11041)
  • f9cd7c5 v9.3.4-canary.2
  • c17ee73 Generic Type for GetStaticPaths (#11430)
  • 2263876 added "with-route-as-modal" example (#11473)
  • f2315ff update auth0 example with getServerSideProps (#11051)
  • b307ed9 Update checking for existing dotenv usage (#11496)
  • b8d075e Update environment support (#11524)
  • ce3f7d0 Drop url dependency (#11503)
  • 0bfc0b3 v9.3.4-canary.1
  • b88f20c Fix lockfile
  • d7f9a52 correct babel dev dependency
  • 755dc40 postcss loaders
  • a3ec26d ignore-loader
  • 8dad5ab file-loader
  • c855a38 babel-loader, cache-loader
  • 84a46df thread-loader

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Path Traversal

YIZHUANG avatar Mar 22 '24 17:03 YIZHUANG