spotify-api-graphql-console icon indicating copy to clipboard operation
spotify-api-graphql-console copied to clipboard

Published 20 hours ago verified publisher icon charlypoly

[Snyk] Fix for 3 vulnerabilities

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		 No Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		 No Proof of Concept
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: graphiql The new version differs by 250 commits.
  • 811cf9d 0.11.11
  • 8db8277 yarn.lock update
  • 8e5c7e2 a less aggressive hint suggestion for variables editor
  • 39ff1e6 Add GraphQL 0.12.x to the peer dependencies. (#642)
  • f350efd Add CDNJS & npm version badges in README.md (#643)
  • 7701b81 switch to markdown-it (#581)
  • a4d9732 check the length of npm_config_argv in prepublish
  • 33432ec Change to yarn to reflect travis test (#632)
  • 5ceca93 Remove border radius for document toggle button (#630)
  • 6398718 The field description should be rendered as markdown (#634)
  • 7a7cb13 fix MenuItem example in README (#635)
  • 830b331 0.11.10
  • e078850 Merge pull request #625 from pleunv/patch-1
  • 8ec26d2 Fix `false` being passed as `className` to ExecuteButton's menu list
  • ddd5a0f Merge pull request #620 from sw-yx/patch-2
  • 6e0c983 Merge pull request #607 from brucewpaul/master
  • b61b769 support react16
  • ca16094 0.11.8
  • e5d3f7a Merge pull request #624 from wincent/glh/clipping-fix-2
  • 95745f8 Add missing half of fix from 4e1510b
  • f5c1c8c 0.11.7
  • ed52220 Merge pull request #623 from wincent/glh/clipping-fix
  • 4e1510b Prevent toolbar menu drop-downs from being clipped
  • 210e67e Merge pull request #618 from sw-yx/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 20 '22 16:01 snyk-bot