flyteconsole icon indicating copy to clipboard operation
flyteconsole copied to clipboard

Published 20 hours ago verified publisher icon flyteorg

[Snyk] Fix for 11 vulnerabilities

Open cosmicBboy opened this issue 5 months ago • 0 comments

snyk-top-banner

Snyk has created this PR to fix 11 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793		   801  
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		   696  
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		   696  
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		   691  
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		   646  
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		   646  
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		   626  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ADOBECSSTOOLS-6096077		   589  
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		   589  
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		   519  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ADOBECSSTOOLS-5871286		   464  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Server-side Request Forgery (SSRF) 🦉 Open Redirect 🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@semantic-release/npm","from":"7.1.3","to":"10.0.0"},{"name":"@testing-library/jest-dom","from":"5.17.0","to":"6.1.6"},{"name":"@typescript-eslint/eslint-plugin","from":"5.62.0","to":"8.3.0"},{"name":"@typescript-eslint/parser","from":"5.62.0","to":"8.3.0"},{"name":"compression-webpack-plugin","from":"10.0.0","to":"11.0.0"},{"name":"copy-webpack-plugin","from":"11.0.0","to":"12.0.0"},{"name":"lint-staged","from":"13.3.0","to":"15.2.4"},{"name":"msw","from":"1.3.2","to":"2.2.0"},{"name":"wait-on","from":"7.2.0","to":"8.0.0"},{"name":"webpack-dev-server","from":"4.15.1","to":"5.1.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ADOBECSSTOOLS-5871286","priority_score":464,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5","score":250},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ADOBECSSTOOLS-6096077","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-AXIOS-7361793","priority_score":801,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"exploit","label":"Proof of Concept","score":83},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-6474509","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":626,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":626,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":691,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WS-7266574","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"}],"prId":"c0b6878e-c932-4bb3-98be-737e04b1f633","prPublicId":"c0b6878e-c932-4bb3-98be-737e04b1f633","packageManager":"npm","priorityScoreList":[464,589,801,696,519,646,589,626,646,691,696],"projectPublicId":"c3481393-50b3-4d14-914d-4e1c7ddd11d9","projectUrl":"https://app.snyk.io/org/flyte/project/c3481393-50b3-4d14-914d-4e1c7ddd11d9?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-ADOBECSSTOOLS-5871286","SNYK-JS-ADOBECSSTOOLS-6096077","SNYK-JS-AXIOS-7361793","SNYK-JS-BRACES-6838727","SNYK-JS-EXPRESS-6474509","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-MICROMATCH-6838728","SNYK-JS-SERIALIZEJAVASCRIPT-6147607","SNYK-JS-TAR-6476909","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574"],"vulns":["SNYK-JS-ADOBECSSTOOLS-5871286","SNYK-JS-ADOBECSSTOOLS-6096077","SNYK-JS-AXIOS-7361793","SNYK-JS-BRACES-6838727","SNYK-JS-EXPRESS-6474509","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-MICROMATCH-6838728","SNYK-JS-SERIALIZEJAVASCRIPT-6147607","SNYK-JS-TAR-6476909","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

cosmicBboy avatar Sep 06 '24 05:09 cosmicBboy