Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #54

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • testdata/react/package.json
    • testdata/react/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @svgr/webpack The new version differs by 146 commits.
  • f02acb4 v5.3.0
  • b2214b7 Merge pull request #415 from gregberge/upgrade-deps
  • 0946fae test: fix flaky test
  • 75d21e1 chore: upgrade dependencies
  • c380147 Merge pull request #414 from gregberge/typescript-support
  • 30362db test: update snapshots
  • e0947c6 docs: document index template
  • 4596d7b feat: add typescript option
  • c5430f9 fix(cli): remove confusion between {keep,ignore}-existing (#413)
  • f2b2367 fix(svgo): support any SVGO config format (#412)
  • 853db4e fix(parcel-plugin): support "parcel" and "parcel-bundler"
  • 928ee77 chore(deps): bump acorn from 5.7.3 to 5.7.4 (#409)
  • 8b2129b v5.2.0
  • 388acea refactor: migrate to import * as React from 'react' (#401)
  • 5a90553 chore(deps-dev): bump codecov from 3.6.1 to 3.6.5 (#399)
  • 88110b6 fix: verify that `svgoConfig.plugins` is an array (#397)
  • 96966eb docs: update CLI options + small website fix (#393)
  • dd89778 docs: update contributors link (#394)
  • d09bcd5 feat(parcel-plugin): replace `parcel-bundler` with `parcel` (#387)
  • f620bea docs(website): add SSR Setup to SVGR Inside section (#389)
  • b806841 chore(opencollective): Loadable -> SVGR
  • 1700dba v5.1.0
  • c9d2dfc fix: fix merging svgo plugins in config (#384)
  • fd120d1 feat: add Svg prefix to exports that starts with a number (#383)

See the full diff

Package name: css-loader The new version differs by 235 commits.
  • 7857d8f chore(release): 4.0.0
  • 5604205 feat: support `file:` protocol
  • 5303db2 chore(deps): update (#1131)
  • 9aa0549 chore(deps): update
  • a54c955 test: imports
  • 5b45d87 test: support in `@ import` at-rule
  • 83515fa refactor: code
  • 1c20b1e fix: parsing
  • 7f49a0a feat: `@ value` supports importing `url()` (#1126)
  • 791fff3 refactor: named export (#1125)
  • 01e8c76 refactor: change function arguments of the `import` option (#1124)
  • c153fe6 refactor: improve schema options (#1123)
  • 58b4b98 test: unresolved (#1122)
  • d2f6bd2 refactor: getLocalIdent function (#1121)
  • 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
  • fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
  • 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
  • 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
  • e1c55e4 refactor: rename the `onlyLocals` option (#1116)
  • ac5f413 refactor: code
  • a5c1b5f test: code coverange (#1114)
  • 908ecee refactor: `esModule` option is `true` by default (#1111)
  • 7cca035 test: coverange (#1112)
  • bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: eslint-loader The new version differs by 44 commits.

See the full diff

Package name: file-loader The new version differs by 42 commits.
  • e44eb73 chore(release): 6.0.0
  • ad39022 chore(deps): update (#369)
  • e1fe27c docs: update README.md (#368)
  • c2aded7 chore(release): 5.1.0
  • cd8698b feat: support the `query` template for the `name` option (#366)
  • 5703c58 chore(deps): update (#365)
  • 521bff2 chore: remove duplicate prettier config file (#357)
  • 5ffac2e refactor: added description on esModule (#358)
  • 190829e docs: fix the description of the `esModule` option (#348)
  • f1b071c chore(release): 5.0.2
  • 6431101 chore: add the `funding` field in `package.json` (#347)
  • 90302cd chore(release): 5.0.1
  • 31d6589 fix: name of `esModule` option in source code (#346)
  • 2a18cba chore(release): 5.0.0
  • 98a6c1d refactor: next (#345)
  • 0df6c8d chore(release): 4.3.0
  • a2f5faf refactor: code (#344)
  • 9b9cd8d feat: new options flag to output ES2015 modules (#340)
  • ba0fd4c chore(release): 4.2.0
  • 642ee74 docs: improve readme (#341)
  • c136f44 feat: `postTransformPublicPath` option (#334)
  • d441daa chore(release): 4.1.0
  • 705eed4 feat: improved validation error messages (#339)
  • d016daa chore(release): 4.0.0

See the full diff

Package name: html-webpack-plugin The new version differs by 210 commits.
  • 74fae99 chore(release): 5.0.0
  • 94a20df chore: update to webpack 5.20.0
  • c5c8212 feat: add meta attribute for html tags
  • d0ab774 feat: provide public path to the alterAssetTagGroups hook
  • 5200ae6 feat: provide public path to the alterAssetTags hook
  • ccbe93a chore: update examples to latest webpack version
  • 33cbd59 fix: generate html files even if no webpack entry exists
  • 826739f feat: allow to use the latest loader-utils and tapable version
  • 81d7b2c feat: add typings for options and version
  • 8d34b81 fix: use correct casing for webpack type import
  • 36f9aca chore: upgrade dev dependencies
  • 1755962 chore: fix css-loader for unit testing
  • a79ab17 chore: drop support for appcache-webpack-plugin as it is not compatible to webpack 5
  • 7c3146d feat: allow to set publicPath to empty string ’’
  • b109213 docs: update installation instructions for webpack 4
  • 833b46b fix: inject javascripts in the <head> tag for inject:true and scriptLoading:'defer'
  • 13af0fb feat: add full support for public paths inside templates
  • fd5fe58 refactor: move the publicPath generation into a seperate function
  • 60a6ef8 test: add test for experiments: { outputModule: true }
  • a43ab72 feat: overrule module output
  • 10a0c5e fix: adjust tests as webpack 5 will no longer emit files for builds with errors
  • 2975a6a feat: process html during the processAssets stage PROCESS_ASSETS_STAGE_OPTIMIZE_INLINE
  • 0f9c239 fix: add support for publicPath: 'auto' in combination with type: 'asset/resource'
  • ab8b195 fix: support loaders like raw-loader

See the full diff

Package name: mini-css-extract-plugin The new version differs by 71 commits.

See the full diff

Package name: postcss-loader The new version differs by 39 commits.

See the full diff

Package name: sass-loader The new version differs by 98 commits.

See the full diff

Package name: style-loader The new version differs by 71 commits.
  • 171a747 chore(release): 1.1.4
  • af1b4a9 chore(deps): update
  • a003f05 docs: add links for the options table (#460)
  • 2756e03 chore(release): 1.1.3
  • 236b243 fix: injection algorithm (#456)
  • 36bd8f1 docs: fix typos (#453)
  • de38c39 chore(release): 1.1.2
  • 91ceaf2 fix: algorithm for importing modules (#449)
  • 1138ed7 fix: checking that the list of modules is an array (#448)
  • aa418dd chore(release): 1.1.1
  • 7ee8b04 fix: add empty default export for `linkTag` value
  • c69ea6c chore(release): 1.1.0
  • c7d6e3a fix: order of imported styles (#443)
  • a283b30 test: more manual test (#442)
  • 3415266 feat: `esModule` option (#441)
  • 907aed8 test: refactor (#440)
  • 28e1628 refactor: code (#438)
  • 5c51b90 refactor: cjs (#437)
  • 609263a test: refactor
  • 7768fce chore(release): 1.0.2
  • dcbfadb fix: support ES module syntax (#435)
  • d515edc chore(deps): update (#434)
  • 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (#432)
  • c6164d5 chore(release): 1.0.1

See the full diff

Package name: url-loader The new version differs by 27 commits.

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 610f368 5.0.0
  • 5ce65c1 update examples
  • bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
  • 75ecff2 5.0.0-rc.6
  • bfc35d6 Merge pull request #11603 from MayaWolf/master
  • 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
  • 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
  • 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
  • 9130d10 fix called variables with ProvidePlugin
  • 3e42105 Merge pull request #11620 from webpack/bugfix/11617
  • 4709719 skip connections copied to concatenated module
  • 57b493f 5.0.0-rc.5
  • 1658e2f Merge pull request #11618 from webpack/bugfix/11615
  • a8fb45d fixes crash in SideEffectsFlagPlugin
  • 84b196d emit error instead of crashing when unexpected problem occurs
  • 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
  • 9b5cce9 Merge pull request #11609 from snitin315/export-types
  • 37c495c export type RuleSetUseItem
  • 39faf34 export type RuleSetUse
  • e5fd246 export type RuleSetConditionAbsolute
  • 660baad export RuleSetCondition types
  • 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
  • 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
  • 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

…o reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant