lad icon indicating copy to clipboard operation
lad copied to clipboard

Published 20 hours ago verified publisher icon ladjs

[Snyk] Fix for 12 vulnerabilities

Open titanism opened this issue 5 months ago • 2 comments

snyk-top-banner

Snyk has created this PR to fix 12 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		   696  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   696  
high severity Code Injection
SNYK-JS-LODASH-1040724		   681  
high severity Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767		   671  
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-1279029		   601  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		   589  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		   586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		   586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		   586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		   586  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		   506  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		   479  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Remote Code Execution (RCE) 🦉 Prototype Pollution

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"sao","from":"0.22.17","to":"1.4.1"},{"name":"update-notifier","from":"5.1.0","to":"7.3.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HANDLEBARS-1056767","priority_score":671,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7","score":350},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HANDLEBARS-1279029","priority_score":601,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.6","score":280},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HOSTEDGITINFO-1088355","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHPARSE-1077067","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-UGLIFYJS-1727251","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"7d1e9560-f1e1-4b51-b737-b7bdf163b629","prPublicId":"7d1e9560-f1e1-4b51-b737-b7bdf163b629","packageManager":"yarn","priorityScoreList":[696,671,601,586,586,586,681,506,589,586,696,479],"projectPublicId":"43b04aa0-d79f-4010-9d9a-1a563fd48d50","projectUrl":"https://app.snyk.io/org/titanism/project/43b04aa0-d79f-4010-9d9a-1a563fd48d50?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-HANDLEBARS-1056767","SNYK-JS-HANDLEBARS-1279029","SNYK-JS-HOSTEDGITINFO-1088355","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-MINIMIST-2429795","SNYK-JS-NORMALIZEURL-1296539","SNYK-JS-PATHPARSE-1077067","SNYK-JS-SEMVER-3247795","SNYK-JS-UGLIFYJS-1727251"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-HANDLEBARS-1056767","SNYK-JS-HANDLEBARS-1279029","SNYK-JS-HOSTEDGITINFO-1088355","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-MINIMIST-2429795","SNYK-JS-NORMALIZEURL-1296539","SNYK-JS-PATHPARSE-1077067","SNYK-JS-SEMVER-3247795","SNYK-JS-UGLIFYJS-1727251"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

titanism avatar Sep 06 '24 01:09 titanism