AdminLTEAspNetMVC
AdminLTEAspNetMVC copied to clipboard
Published
20 hours ago •
mak-thevar
mak-thevar
[Snyk] Fix for 12 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- WebCore/package.json
- WebCore/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-CHARTJS-1018716 |
No | Proof of Concept |
|
644/1000 Why? Has a fix available, CVSS 8.6 |
Use of Weak Hash SNYK-JS-CRYPTOJS-6028119 |
No | No Known Exploit |
|
579/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-DATATABLESNET-1016402 |
No | No Known Exploit |
 |
476/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.1 |
Cross-site Scripting (XSS) SNYK-JS-DATATABLESNET-1540544 |
No | Proof of Concept |
 |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-DATATABLESNET-598806 |
No | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-1056868 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-2840635 |
No | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-2940620 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JS-JSZIP-1251497 |
No | Proof of Concept |
|
529/1000 Why? Has a fix available, CVSS 6.3 |
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Directory Traversal SNYK-JS-MOMENT-2440688 |
No | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: chart.js
The new version differs by 9 commits.- 1d92605 Use Object.create(null) as `merge` target (#7920)
- dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
- d919188 Bump verison number to v2.9.4
- 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
- 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
- 2493cb5 Use node v12.18.2 on Travis CI (#7864)
- 679ec4a docs: fix rollup external moment (#7587)
- 484f0d1 Preserve object prototypes when cloning (#7404)
- 2df6986 Look for any branch starting with release (#7087) (#7089)
Package name: datatables.net
The new version differs by 250 commits.- d67ca5d Sync tag release - 1.11.3
- 02aee29 79772b97fe6d45af67057cc13fa6af3f00c873ea 1.11.3 release
- 0ba589b 148ef5aaad0ebbafab2afd5b52e30b09b509301b remove debug
- 3e83d1d 1be97b106ca9b87308ca4fba2e8d8abf795c9213 dev: Stop calling save state when loading a state
- 5047dd5 1eddf57e55486c9e69581f14f77a2c3cd58b43f4 Fix: Polyfill for String.prototype.includes
- c12b06c af651f6ab12052c1cb5d67cb73ad3284e2c296cb Fix: Add polyfill for Array.prototype.includes as we use it in extensions now and IE11 (which is still supported) does not have Array.prototype.includes
- 59a8d3f e835ddc5b800c47f7e9e32a91cc522f8ca7ced5c Fix: If an array was passed to the HTML escape entities function it would not have its contents escaped
- 7e67f10 eb374d15c81375eb82eca6f16a27ecf2b86f0701 Release 1.11.2
- 267d3bf 45b675ba154e93eae3087811c7cd36675c953b10 dev: Only set start position internal property on initialisation
- 90940b2 e5bbe90f5ddb2e0016f6d8c158390b046c7d923a dev: Need columns visibility to be restoreable when using statesave not at initialisation
- d237bed a9f7bdf49784b713583995c0fd1863a279ed6533 return true from loadstate function
- ac873b2 1ae8c6893bd43961c55c3d0dff4a409bbffde3a5 TEST updated case number for disabled tests (was using the old bug tracker)
- 3eb5dab d4d67505a6a80b5645bb1078037e3bcd14816070 update: Move implementstate function so that it is available from the outside
- b5bd164 2496e827205d7a138c2da4456c4926c7bc6c00f8 test: revert the previous commit to add an afterall
- 7980ff7 485a1cff8910a8f953fab52d8950aafba1c92d75 test: Fix issue with tests not cleaning up nicely when they finish
- 3fbab9a b2b0ae8f214878fe08bc3f507624584cb6d3b242 fix: Fix issue with internal function not retrieving filter data where appropriate
- 2d7d3e1 Sync tag release - 1.11.2
- 691e7fc b231df3c8fdf73ee04bcd2a6b75bb94e94322a74
- 46aa22b Update datatables.json to include js files
- d2daf5e b231df3c8fdf73ee04bcd2a6b75bb94e94322a74 TEST changes to support StateRestore
- b72bdde d06d068a421fe57e888d6270166579812f0c2cbd
- 9bd642e d06d068a421fe57e888d6270166579812f0c2cbd
- 5a4328f Sync tag release - 1.11.1
- c13e9aa d06d068a421fe57e888d6270166579812f0c2cbd DataTables 1.11.1
Package name: datatables.net-bs4
The new version differs by 226 commits.- dfc7316 Sync tag release - 1.11.0
- 622f639 a6ece4b2200e305b761f1ba2a893d8bcc5c5cb52 Fix: Language information being loaded in might not take into account the thousands and decimal separator options if using camelCase style
- be7648d 2fbd02e4f168a5b5a4f5e9a7a935230ffc694e05 Readme: Update package manager section
- 190736d 82e29b70c11f82a33c180362fcb7680f6032a624
- 99d21b5 Include types in package.json and correct folder
- 498cf42 90d756c563582681fce93859952654d814bf1414 Update: Remove `zoom` hacks for IE6
- 90d260e c786a08db6bf6a8cd9b9da1707bc0f776b380483 Fix: CSS for nested DataTable in a scrolling DataTable would have its sorting icons removed
- 42ce8d3 bff756573cff460d180af024046fa12173335650 Example: Add a search-side processing example for `-init search.return`.
- 3fa2389 92eec59cf594ce7aadba5945031e2442c2086136 DEV tweaks to enter key example
- ee3318c b732d779fe8861e16fabf41e83c2b5d7ade6e2b2 new: New initialisation option for search on return.
- 7917d05 f49883e2fd683142fe688f5670908a443d52c856 Fix: Rather than using Bootstrap 5's default row striping (which is 2n+1 based) we need to use the .odd selector to account for injected rows (child rows, rowgroup, etc).
- b2d815b 2c9940c023915984f5325b051af6748a887a8431 DEV tweaks to fuzzy search example
- 9b9b97c 2bef3655d1427404e06a18720ac380ce989dc9b8 new: New example for fuzzySearch - won't work until js file is added to cdn
- feee275 99456a13f37aa243e85d008869439d75f3a4c626 Types: Fix for old style `$().dataTable()` init
- b6fd977 e1c071b8e2b3e4ce6d3e508f4851c3a2c8ee9744 Types: Fix jQuery definitions
- 50892ec 6cd6387e6a0c32c3c83f3a91c34ae3eda4cc5fcb Types: Typing for selectors and passing around the data type more
- a5f82a9 4d9ddb4ac48674f01c432d0488e1884db5308d69 Types: Row data type information can be passed around now
- 33c5891 95508a92b2a5c638afbee859e774cd57dab7e135 Docs: Fix names of new static get/set methods
- 06346bc d34661c11a58978b17afdc27bea78acfc5458444 Fix: Remove superflous aria roles
- 36e7f99 bf1f0eb31dfdc5b9790c597b8c63bf4876d9c03f Docs: Add Bootstrap 5 to `-init dom`
- b47af93 b5287626fe86319a25e1182ddddf8adf17ed7096 Fix: Scrollbar was showing on tables which had a border on the table
- 3df71f3 0c7ee29e8de948282be59f640be0d7214c184cfa TEST updated tests for DD02036
- f074aa4 01128f168f9b2112ea9e565bef0a67d3afcfc1d4 fix: Make requestChild event run before initComplete
- 4814bf6 aef9c8080d64820cf72b1fe957e36bff8688df5f fix: Fix mistake in docs by removing a third parameter documented in requestChild event that does not exist
Package name: jquery-validation
The new version differs by 29 commits.- 5907740 1.19.5
- 5bbd80d Merge pull request from GHSA-ffmh-x56j-9rc3
- 3d3c1fb Chore: Add CodeQL analysis
- 0da4906 Core: fix deprecated jquery .submit() event shorthand (#2430)
- 1b79877 Localization: Add periods to messages (#2266)
- b68e282 Chore: update changelog
- 3a4cd94 Build: Updating the master version to 1.19.5-pre.
- 91d2098 Build: update release steps
- 69cb17e Core: fix ReDoS vulnerability in url2 (#2428)
- aa5bcdc Chore: update issue templates
- 350f6ae Core: fix validation for input type="date" (#2360)
- 7828568 Gruntfile.js: add LICENSE.md to zip tarball (#2386)
- 3688078 Chore: switch to stale bot github action (#2425)
- f8b0b53 README: update build status badge (#2424)
- 25293cc Test: Switch from Travis to GitHub workflows (#2423)
- 900a90b Core: fix code style (#2422)
- eb88df0 Core: wait for pendingRequests to finish before submitting form (#2369)
- 31ea8ff Fixed bug for Html Editor(summernote) (#2154)
- df89cf0 Create SECURITY.md
- bda9a58 Build: added CVE-2021-21252 reference
- 322a575 Build: Updating the master version to 1.19.4-pre.
- 5d8f29e Core: fixed Regular Expression Denial of Service vulnerability (#2371)
- b8d6646 Localization: Add "pattern" translation for French (#2363)
- b9c793c docs: Fix simple typo, atteched -> attached (#2345)
Package name: jszip
The new version differs by 56 commits.- 3b98cfc 3.8.0
- 2edab36 Sanitize filenames with `loadAsync` to prevent zip slip attacks
- 1f631b0 Update contributing
- 459ff79 Add tests for utils that remove leading slash
- d4702a7 Merge pull request #541 from PatricSteffen/patch-1
- 2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
- 85c4989 Merge pull request #796 from Stuk/ghci
- 40cc7f4 Add dependency caching
- 5ee321e Install deps needed for Playwright on Github Actions
- eeb841e Remove code and dependencies used for Saucelabs
- e281bc3 Test using Playwright instead of Saucelabs
- f7275e6 Use local qunit files in tests
- 0509c73 Add playwright and http-server
- 2bb0f74 Add names to steps
- a076d64 Add Github Actions PR workflow
- 3f2f0da 3.7.1
- 9f9c33b Updates for 3.7.1
- 5639745 Merge branch 'fix-build'
- e08003e Fix lint
- 79f7691 Revert "Disable proto assert that fails in browsers"
- 89298b9 Update gitignore for Mac, and sort
- 81cb5eb Temporarily update docs for building dist correctly
- e5b3f0d 3.7.0
- e88ba4b Update for version 3.7.0
Package name: pdfmake
The new version differs by 59 commits.- 8827c9a 0.1.71
- 08d2b3b refresh pdf examples
- 0778858 update pdfkit to 0.12.0
- e720def update Roboto font, version 3.004
- 49377ff Update LICENSE
- 625b160 cleanup in npm release archive
- 4f1fa64 GitHub CI - fix double building
- 0efc03a reformat
- e248dd2 Performance problem when pageBreakBefore for large files used fixed (v0.1) (#2203)
- ecb9efe ignore .idea
- 800aae3 0.1.70
- 1fb9759 fix definition for compatibility with IE11 #2170
- afff197 contributing.md not required in 0.1 branch, normalize composer.json
- e2969bf GitHub Actions 0.1 branch status badge
- 3414e47 fix support node 8
- 78676e3 ignore .github
- e179969 github actions - disable fail-fast
- 5e69351 Merge branch '0.1' of https://github.com/bpampuch/pdfmake into 0.1
- 1597a8d CI GitHub action
- e12124d reformat
- c404252 0.1.69
- dd49fcd fix banner
- ec646e3 refresh pdf examples
- 27d4b1c migrate to terser (related with #1832)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Use of Weak Hash 🦉 Cross-site Scripting (XSS) 🦉 More lessons are available in Snyk Learn
