dev-toolkit icon indicating copy to clipboard operation
dev-toolkit copied to clipboard

Published 20 hours ago verified publisher icon stoikerty

[Snyk] Security upgrade webpack-hot-middleware from 2.24.3 to 2.25.1

Open snyk-bot opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • src/packages/dev-toolkit/package.json
    • src/packages/dev-toolkit/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: webpack-hot-middleware The new version differs by 35 commits.
  • e140693 2.25.1
  • 3d5018a Merge pull request #413 from nttibbetts/replace-ansi-html
  • 90551e5 use public npm registry, not private one
  • adeeade fix: replace ansi-html with ansi-html-community to fix vulnerability
  • f0ffa4c Resolve weird desync in package lock
  • 0f5e3e9 Use old-style require syntax to keep the linter happy
  • aa38d42 Bump ansi/html encoding deps
  • 2c31df1 Bump example dependencies
  • d156bbc Simplify CI setup
  • 0635d00 Replace istanbul with nyc
  • 04fa8c8 Apply prettier formatting updates
  • b81cfd5 Update eslint and prettier
  • c98216a Upgrade test dependencies
  • cb29abb 2.25.0
  • bbffbe6 Merge branch 'master' of github.com:webpack-contrib/webpack-hot-middleware
  • 82dd483 Merge pull request #360 from jimblue/master
  • e2b49ff improved client overlay style
  • c430265 2.24.4
  • fe33d59 Merge pull request #355 from okcoker/ansi-color-fix
  • 331ad96 Merge branch 'master' into ansi-color-fix
  • f6609e4 Bump deps to sort audit out
  • e605d10 Fix ansi colors
  • 036bf30 Merge pull request #354 from Hacksign/master
  • f2b477d Resolve webpack-contrib/webpack-hot-middleware#353

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

snyk-bot avatar Mar 14 '22 16:03 snyk-bot