Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #10

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

marcusrc
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 80 commits.

See the full diff

Package name: eslint The new version differs by 250 commits.
  • c4fffbc 8.0.0
  • d51f4cf Build: changelog update for 8.0.0
  • 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixes #15036) (#15146)
  • 2174a6f Fix: require-atomic-updates property assignment message (fixes #15076) (#15109)
  • f885fe0 Docs: add note and example for extending the range of fix (refs #13706) (#13748)
  • 3da1509 Docs: Add jsdoc `type` annotation to sample rule (#15085)
  • 68a49a9 Docs: Update Rollup Integrations (#15142)
  • d867f81 Docs: Remove a dot from curly link (#15128)
  • 9f8b919 Sponsors: Sync README with website
  • 4b08f29 Sponsors: Sync README with website
  • ebc1ba1 Sponsors: Sync README with website
  • 2d654f1 Docs: add example .eslintrc.json (#15087)
  • 16034f0 Docs: fix fixable example (#15107)
  • 07175b8 8.0.0-rc.0
  • 71faa38 Build: changelog update for 8.0.0-rc.0
  • 67c0074 Update: Suggest missing rule in flat config (fixes #14027) (#15074)
  • cf34e5c Update: space-before-blocks ignore after switch colons (fixes #15082) (#15093)
  • c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081)
  • 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` (#14860)
  • 7f2346b Docs: Update release blog post template (#15094)
  • fabdf8a Chore: Remove `target.all` from `Makefile.js` (#15088)
  • e3cd141 Sponsors: Sync README with website
  • 05d7140 Chore: document target global in Makefile.js (#15084)
  • 0a1a850 Update: include `ruleId` in error logs (fixes #15037) (#15053)

See the full diff

Package name: husky The new version differs by 11 commits.

See the full diff

Package name: lint-staged The new version differs by 250 commits.
  • 885a644 Merge pull request Bump terser from 4.6.7 to 4.8.1 moroshko/react-autosuggest#852 from okonet/listr2
  • aba3421 fix: all lint-staged output respects the `quiet` option
  • b8df31a fix: do not show incorrect error when verbose and no output
  • eed6198 style: simplify eslint and prettier config
  • b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
  • 2c6f3ad docs: improve `verbose` description
  • e749a0b test: remove redundant, misbehaving test
  • 16848d8 fix: use test renderer during tests and when TERM=dumb
  • efffa22 test: cover `--verbose` option usage
  • 1b18550 test: restore variable in test output
  • 6aede38 test: add test for error during merge state restoration
  • b565481 test: integration test targets the full Node.js API instead of just `runAll`
  • a3bd9d7 feat: allow specifying `cwd` using the Node.js API
  • 85de3a3 feat: add `--verbose` to show output even when tasks succeed
  • d69c65b fix: log task output after running listr to keep everything
  • e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
  • 6da7667 refactor: move messages to separate file
  • 6392480 refactor: use symbols for errors
  • 8f32a3e feat: replace listr with listr2 and print errors inline
  • c9adca5 fix: use stash create/store to prevent files from disappearing from disk
  • e093b1d fix(deps): update dependencies
  • 6066b07 fix: pass correct path to unstaged patch during cleanup
  • 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
  • 1ac6863 Merge pull request Bump follow-redirects from 1.11.0 to 1.14.7 moroshko/react-autosuggest#837 from okonet/serial-git-add

See the full diff

Package name: nyc The new version differs by 182 commits.
  • e21721a chore(release): 14.0.0
  • 8cf8a89 docs: update issue template [skip ci] (#1008)
  • d7a9d6a chore: Update package-lock.json
  • 189bae8 chore: Update dependencies for 14.0.0-rc.1
  • 2eb13c6 feat: instrument `--complete-copy` implementation (#1056)
  • c88a852 docs: `nyc instrument` and `--exclude-node-modules` (#1039)
  • c213469 feat: always build the processinfo temp dir (#1061)
  • e597c46 feat: Add support for --exclude-node-modules to subcommands. (#1053)
  • 8dcf180 feat: add processinfo index, add externalId (#1055)
  • 32f75b0 fix: set processinfo pid/ppid to actual numbers (#1057)
  • 16d4315 chore: Stop excluding `bin` from coverage results. (#1060)
  • b909575 fix: Use a single instance of nyc for all actions of main command. (#1059)
  • 997ed29 chore: Remove arrify dependency. (#1058)
  • 68d6333 docs: move setup docs out of the readme [skip ci] (#1052)
  • 8da097e feat: add `include` and `exclude` options to instrument command (#1007)
  • 31817de chore: Update dependencies (#1050)
  • 18e04ba fix: make --all work for transpiled code (#1047)
  • b7e16cd feat: Support turning off node_modules default exclude via flag (#912)
  • 3eb0e37 docs: A bunch of docs fix-ups (#1038)
  • 5c1eb38 test(instrument): should return unmodified source if no transform found (#1036)
  • 1f6c3d4 docs: project root directory and `--cwd` doc (#1032)
  • 051d95a fix: Add `cwd` option to instrument command (#1024)
  • 91e02c6 chore: A few code cleanups (#1033)
  • 2867538 feat: Rename `plugins` option to `parser-plugins`. (#1031)

See the full diff

Package name: postcss-loader The new version differs by 104 commits.

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.
  • c9271b9 chore(release): 4.0.0
  • 18bf369 test: fix stability (#3676)
  • cdcabb2 fix: respect protocol from browser for manual setup (#3675)
  • 1768d6b fix: initial reloading for lazy compilation (#3662)
  • 4f5bab1 docs: improve examples (#3672)
  • f2d87fb fix: improve https CLI output (#3673)
  • 0277c5e chore: remove redundant console statements (#3671)
  • 16fcdbc docs: add `ipc` example (#3667)
  • 8915fb8 test: add e2e tests for built in routes (#3669)
  • 4d1cbe1 docs: ask `version` information in issue template (#3668)
  • b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
  • ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
  • f1fdaa7 chore(release): 4.0.0-rc.1
  • c4678bc fix: legacy API (#3660)
  • d8bdd03 test: fix stability (#3661)
  • 22b1414 refactor: remove `killable` (#3657)
  • 75bafbf test: add e2e tests for module federation (#3658)
  • 493ccbd chore(deps): update `ws` (#3652)
  • ae8c523 test: add e2e test for universal compiler (#3656)
  • f94b84f chore(deps): update (#3655)
  • 1923132 test: fix cli
  • 2adfd01 test: fix todo (#3653)
  • 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
  • c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants