Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 25 vulnerabilities #82

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

ajesse11x
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • webapp/package.json
    • webapp/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
critical severity 679/1000
Why? Has a fix available, CVSS 9.3
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962463
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTMLMINIFIER-3091181
Yes Proof of Concept
medium severity 429/1000
Why? Has a fix available, CVSS 4.3
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088
Yes No Known Exploit
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Validation Bypass
SNYK-JS-KINDOF-537849
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-MIXINDEEP-450212
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Open Redirect
SNYK-JS-NODEFORGE-2330875
Yes Proof of Concept
medium severity 529/1000
Why? Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-NODEFORGE-2331908
Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337
Yes No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339
Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Improper Input Validation
SNYK-JS-POSTCSS-5926692
Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-SETVALUE-1540541
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-SETVALUE-450213
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:braces:20180219
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
npm:content-type-parser:20170905
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: babel-eslint The new version differs by 31 commits.

See the full diff

Package name: css-loader The new version differs by 98 commits.

See the full diff

Package name: eslint The new version differs by 250 commits.
  • 80b8d5d 5.5.0
  • b68e403 Build: changelog update for 5.5.0
  • 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
  • 5103ee7 Docs: Add Brackets integration (#10813)
  • b61d2cd Update: max-params to only highlight function header (#10815)
  • 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
  • 2824d43 Docs: fix comment placement in a code example (#10799)
  • 10690b7 Upgrade: devdeps and deps to latest (#10622)
  • 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
  • cb946af Chore: use meta.messages in some rules (1/4) (#10764)
  • a857cd9 5.4.0
  • 8dee250 Build: changelog update for 5.4.0
  • a70909f Docs: Add jscs-dev.github.io links (#10771)
  • 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
  • 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
  • 985567d Chore: rm unused dep string.prototype.matchall (#10756)
  • f3d8454 Update: Improve no-extra-parens error message (#10748)
  • 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
  • 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
  • 137140f Chore: use eslintrc overrides (#10677)
  • 2af6f4f 5.3.0
  • 11e70c7 Build: changelog update for 5.3.0
  • dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
  • 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: html-webpack-plugin The new version differs by 250 commits.
  • 873d75b chore(release): 5.5.0
  • ddeb774 chore: update examples
  • 1e42625 feat: Support type=module via scriptLoading option
  • 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
  • 79be779 [chore] changes actions to run on pull_requests
  • b7e5859 [chore] fixes CI to avoid race conditions
  • 48131d3 chore(release): 5.4.0
  • 16a841a [chore] rebuild examples
  • 3bb7c17 Update index.js
  • e38ac97 Update index.js
  • f08bd02 [chore] updates fixtures
  • d62a10f [chore] upgrades [email protected] -> 6.0.2
  • 2f5de7a Remove archived plugin
  • 8f8f7c5 chore(release): 5.3.2
  • 053c6e6 chore: update snapshot tests for webpack 5.4.0
  • 9c7fba0 Fix security vulnerabilities
  • b98fbeb Fix security vulnerabilities
  • 25cdfc7 Added inject-body-webpack-plugin to readme
  • 0e4c1fb Update README to document actual behavior
  • 0a6568d chore(release): 5.3.1
  • 82d0ee8 fix: remove loader-utils from plugin core
  • 6f39192 chore(release): 5.3.0
  • d654f5b feat: allow to modify the interpolation options in webpack config
  • 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.
  • 5280ee7 docs: fix typo
  • d834582 chore(release): 4.7.3
  • 7b8c85b chore(deps): update `selfsigned` (#4170)
  • d598325 chore: fix lint
  • c1907f1 refactor: remove redundant `if` statements (#4158)
  • e535f25 ci: debug (#4144)
  • 75999bb chore(release): 4.7.2
  • 90a96f7 ci: fix (#4143)
  • f6bc644 fix: compatible with `onAfterSetupMiddleware`
  • 317e4b9 docs: fix testing instructions (#4133)
  • ff4550e test: remove redundant test cases related to 3rd party code (#4131)
  • 0dd1ee6 test: add e2e tests for `setupExitSignals` option (#4130)
  • afe4975 chore(release): 4.1.7
  • 4e5d8ea fix: droped `url` package (#4132)
  • b0c98f0 chore(release): 4.7.0
  • 3138213 chore(deps): update (#4127)
  • 8f02c3f feat: added types
  • f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (#4126)
  • 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (#4125)
  • f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (#4121)
  • c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (#4124)
  • 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (#4122)
  • f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (#4120)
  • c13aa56 feat: added the `setupMiddlewares` option (#4068)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Validation Bypass
🦉 More lessons are available in Snyk Learn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants