function-templates [Snyk] Security upgrade @twilio/flex-plugin-scripts from 6.0.3 to 6.4.0

[Snyk] Security upgrade @twilio/flex-plugin-scripts from 6.0.3 to 6.4.0

Open twilio-product-security opened this issue 8 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 7 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

experimental-flex-dialpad/ui-src/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Denial of Service (DoS) SNYK-JS-WS-7266574	****
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	169
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	167
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	124
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	115
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	67

[!IMPORTANT]

Check the changes in this PR to ensure they won't cause issues with your project.

Max score is 1000. Note that the real score may have changed since the PR was raised.

This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Cross-site Request Forgery (CSRF) 🦉 Prototype Pollution

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@twilio/flex-plugin-scripts","from":"6.0.3","to":"6.4.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00396},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Sep 12 2021 12:52:37 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-AXIOS-6032459","priority_score":167,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Oct 25 2023 07:24:40 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.03},{"name":"likelihood","value":2.36},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-AXIOS-6124857","priority_score":67,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Dec 14 2023 09:43:10 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.83},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":169,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:36:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:42:05 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:42:05 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-UNSETVALUE-2400660","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 13 2022 15:26:38 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.92},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WS-7266574","severity":"high","title":"Denial of Service (DoS)"}],"prId":"8cbda560-16c1-4c6b-805b-95f8ec0de979","prPublicId":"8cbda560-16c1-4c6b-805b-95f8ec0de979","packageManager":"npm","priorityScoreList":[159,167,67,169,124,115,null],"projectPublicId":"101f6492-faa4-461f-ae1c-5b1fb442d0c8","projectUrl":"https://app.snyk.io/org/twilio-labs/project/101f6492-faa4-461f-ae1c-5b1fb442d0c8?utm_source=github-enterprise&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-6032459","SNYK-JS-AXIOS-6124857","SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728","SNYK-JS-UNSETVALUE-2400660","SNYK-JS-WS-7266574"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-6032459","SNYK-JS-AXIOS-6124857","SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728","SNYK-JS-UNSETVALUE-2400660","SNYK-JS-WS-7266574"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

Jun 17 '24 16:06 twilio-product-security

function-templates function-templates copied to clipboard

[Snyk] Security upgrade @twilio/flex-plugin-scripts from 6.0.3 to 6.4.0

Snyk has created this PR to fix 7 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

function-templates
function-templates copied to clipboard