pinterest
[Snyk] Fix for 4 vulnerabilities
Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
docs_website/package.json
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.
⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555 |
158 |
 |
Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298 |
155 |
|
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607 |
109 |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106 |
67 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Cross-site Scripting (XSS) 🦉 Path Traversal
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@docusaurus/core","from":"3.0.1","to":"3.6.0"},{"name":"@docusaurus/preset-classic","from":"3.0.1","to":"3.6.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHTOREGEXP-7925106","priority_score":67,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 10 2024 08:00:38 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHTOREGEXP-7925106","priority_score":67,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 10 2024 08:00:38 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":109,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jan 09 2024 12:13:57 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":2.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":109,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jan 09 2024 12:13:57 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":2.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":109,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jan 09 2024 12:13:57 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":2.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":109,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jan 09 2024 12:13:57 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":2.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WEBPACK-7840298","priority_score":155,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00059},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Aug 27 2024 19:41:55 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":1.98},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WEBPACK-7840298","priority_score":155,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00059},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Aug 27 2024 19:41:55 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":1.98},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":158,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Mar 22 2024 08:05:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":2.36},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":158,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Mar 22 2024 08:05:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":2.36},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Path Traversal"}],"prId":"6e50f541-0737-40a4-8260-9bcba43fe2c4","prPublicId":"6e50f541-0737-40a4-8260-9bcba43fe2c4","packageManager":"yarn","priorityScoreList":[67,109,155,158],"projectPublicId":"9d7885b0-89fe-4a7e-8ab7-605eb2af6394","projectUrl":"https://app.snyk.io/org/pinterest-open-source-repos/project/9d7885b0-89fe-4a7e-8ab7-605eb2af6394?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-JS-PATHTOREGEXP-7925106","SNYK-JS-SERIALIZEJAVASCRIPT-6147607","SNYK-JS-WEBPACK-7840298","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555"],"vulns":["SNYK-JS-PATHTOREGEXP-7925106","SNYK-JS-SERIALIZEJAVASCRIPT-6147607","SNYK-JS-WEBPACK-7840298","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
