Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , , ajv, glob, eslint, minimist, handlebars, jsdom, katex, moment, prettier, winston, yargs, workbox-cli #534

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

AnushaSalian
Copy link

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@babel/cli
from 7.20.7 to 7.25.6 | 21 versions ahead of your current version | 23 days ago
on 2024-08-29
@babel/core
from 7.20.12 to 7.25.2 | 41 versions ahead of your current version | 2 months ago
on 2024-07-30
@types/shelljs
from 0.8.11 to 0.8.15 | 4 versions ahead of your current version | 10 months ago
on 2023-11-07
ajv
from 8.12.0 to 8.17.1 | 5 versions ahead of your current version | 2 months ago
on 2024-07-12
glob
from 7.1.6 to 7.2.3 | 4 versions ahead of your current version | 2 years ago
on 2022-05-15
eslint
from 8.31.0 to 8.57.0 | 26 versions ahead of your current version | 7 months ago
on 2024-02-23
minimist
from 1.2.7 to 1.2.8 | 1 version ahead of your current version | 2 years ago
on 2023-02-09
handlebars
from 4.7.7 to 4.7.8 | 1 version ahead of your current version | a year ago
on 2023-08-01
jsdom
from 16.4.0 to 16.7.0 | 6 versions ahead of your current version | 3 years ago
on 2021-08-01
katex
from 0.16.4 to 0.16.11 | 7 versions ahead of your current version | 3 months ago
on 2024-07-02
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 9 months ago
on 2023-12-27
prettier
from 2.8.2 to 2.8.8 | 6 versions ahead of your current version | a year ago
on 2023-04-23
winston
from 3.8.2 to 3.14.2 | 10 versions ahead of your current version | a month ago
on 2024-08-14
yargs
from 17.6.2 to 17.7.2 | 3 versions ahead of your current version | a year ago
on 2023-04-27
workbox-cli
from 7.0.0 to 7.1.0 | 1 version ahead of your current version | 5 months ago
on 2024-04-23

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
646 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
646 Proof of Concept
medium severity Unchecked Input for Loop Condition
SNYK-JS-KATEX-6483836
646 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
646 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
646 Proof of Concept
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533
646 No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JS-KATEX-6483831
646 No Known Exploit
medium severity Incomplete List of Disallowed Inputs
SNYK-JS-KATEX-6483834
646 No Known Exploit
medium severity Unchecked Input for Loop Condition
SNYK-JS-KATEX-6483835
646 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
646 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
646 Proof of Concept
Release notes
Package name: @babel/cli
  • 7.25.6 - 2024-08-29

    v7.25.6 (2024-08-29)

    Thanks @ j4k0xb for your first PR!

    🐛 Bug Fix

    • babel-generator
    • babel-traverse
    • babel-parser
    • babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

    💅 Polish

    • babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
    • babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
    • babel-generator

    🏠 Internal

    Committers: 5

  • 7.24.8 - 2024-07-11
  • 7.24.7 - 2024-06-05
  • 7.24.6 - 2024-05-24
  • 7.24.5 - 2024-04-29
  • 7.24.1 - 2024-03-19
  • 7.23.9 - 2024-01-25
  • 7.23.4 - 2023-11-20
  • 7.23.0 - 2023-09-25
  • 7.22.15 - 2023-09-04
  • 7.22.10 - 2023-08-07
  • 7.22.9 - 2023-07-12
  • 7.22.6 - 2023-07-04
  • 7.22.5 - 2023-06-08
  • 7.21.5 - 2023-04-28
  • 7.21.4-esm.4 - 2023-04-04
  • 7.21.4-esm.3 - 2023-04-04
  • 7.21.4-esm.2 - 2023-04-04
  • 7.21.4-esm.1 - 2023-04-04
  • 7.21.4-esm - 2023-04-04
  • 7.21.0 - 2023-02-20
  • 7.20.7 - 2022-12-22
from @babel/cli GitHub release notes
Package name: @babel/core
  • 7.25.2 - 2024-07-30

    v7.25.2 (2024-07-30)

    🐛 Bug Fix

    • babel-core, babel-traverse

    Committers: 2

  • 7.24.9 - 2024-07-15

    v7.24.9 (2024-07-15)

    🐛 Bug Fix

    💅 Polish

    • babel-generator, babel-plugin-transform-optional-chaining

    🏠 Internal

    • babel-helper-module-transforms

    Committers: 5

  • 7.24.8 - 2024-07-11
  • 7.24.7 - 2024-06-05
  • 7.24.6 - 2024-05-24
  • 7.24.5 - 2024-04-29
  • 7.24.4 - 2024-04-03
  • 7.24.3 - 2024-03-20
  • 7.24.1 - 2024-03-19
  • 7.24.0 - 2024-02-28
  • 7.23.9 - 2024-01-25
  • 7.23.7 - 2023-12-29
  • 7.23.6 - 2023-12-11
  • 7.23.5 - 2023-11-29
  • 7.23.3 - 2023-11-09
  • 7.23.2 - 2023-10-12
  • 7.23.0 - 2023-09-25
  • 7.22.20 - 2023-09-16
  • 7.22.19 - 2023-09-14
  • 7.22.18 - 2023-09-14
  • 7.22.17 - 2023-09-08
  • 7.22.15 - 2023-09-04
  • 7.22.11 - 2023-08-24
  • 7.22.10 - 2023-08-07
  • 7.22.9 - 2023-07-12
  • 7.22.8 - 2023-07-06
  • 7.22.7 - 2023-07-06
  • 7.22.6 - 2023-07-04
  • 7.22.5 - 2023-06-08
  • 7.22.1 - 2023-05-26
  • 7.22.0 - 2023-05-26
  • 7.21.8 - 2023-05-02
  • 7.21.5 - 2023-04-28
  • 7.21.4 - 2023-03-31
  • 7.21.4-esm.4 - 2023-04-04
  • 7.21.4-esm.3 - 2023-04-04
  • 7.21.4-esm.2 - 2023-04-04
  • 7.21.4-esm.1 - 2023-04-04
  • 7.21.4-esm - 2023-04-04
  • 7.21.3 - 2023-03-14
  • 7.21.0 - 2023-02-20
  • 7.20.12 - 2023-01-04
from @babel/core GitHub release notes
Package name: @types/shelljs
  • 0.8.15 - 2023-11-07
  • 0.8.14 - 2023-10-18
  • 0.8.13 - 2023-09-25
  • 0.8.12 - 2023-04-12
  • 0.8.11 - 2022-01-13
from @types/shelljs GitHub release notes
Package name: ajv from ajv GitHub release notes
Package name: glob from glob GitHub release notes
Package name: eslint
  • 8.57.0 - 2024-02-23

    Features

    • 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
    • dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)

    Bug Fixes

    • 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
    • 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
    • 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
    • 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)

    Documentation

    • 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
    • 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
    • 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)

    Chores

  • 8.56.0 - 2023-12-15

    Features

    • 0dd9704 feat: Support custom severity when reporting unused disable directives (#17212) (Bryan Mishkin)
    • 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818) (Arka Pratim Chaudhuri)

    Bug Fixes

    • 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846) (Francesco Trotta)
    • 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#17812) (Bryan Mishkin)

    Documentation

    • 9007719 docs: update link in ways-to-extend.md (#17839) (Amel SELMANE)
    • 3a22236 docs: Update README (GitHub Actions Bot)
    • 54c3ca6 docs: fix migration-guide example (#17829) (Tanuj Kanti)
    • 4391b71 docs: check config comments in rule examples (#17815) (Francesco Trotta)
    • fd28363 docs: remove mention about ESLint stylistic rules in readme (#17810) (Zwyx)
    • 48ed5a6 docs: Update README (GitHub Actions Bot)

    Chores

    • ba6af85 chore: upgrade @ eslint/[email protected] (#17864) (Milos Djermanovic)
    • 60a531a chore: package.json update for @ eslint/js release (Jenkins)
    • ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783) (renovate[bot])
    • 9271d10 chore: add GitHub issue template for docs issues (#17845) (Josh Goldberg ✨)
    • 70a686b chore: Convert rule tests to FlatRuleTester (#17819) (Nicholas C. Zakas)
    • f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#17837) (唯然)
    • 905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#17838) (唯然)
    • 4d7c3ce chore: update eslint-plugin-n v16.4.0 (#17836) (唯然)
    • fd0c60c ci: unpin Node.js 21.2.0 (#17821) (Francesco Trotta)
  • 8.55.0 - 2023-12-01

    Features

    • 8c9e6c1 feat: importNamePattern option in no-restricted-imports (#17721) (Tanuj Kanti)

    Documentation

    • 83ece2a docs: fix typo --rules -> --rule (#17806) (OKURA Masafumi)
    • fffca5c docs: remove "Open in Playground" buttons for removed rules (#17791) (Francesco Trotta)
    • a6d9442 docs: fix correct/incorrect examples of rules (#17789) (Tanuj Kanti)
    • 383e999 docs: update and fix examples for no-unused-vars (#17788) (Tanuj Kanti)
    • 5a8efd5 docs: add specific stylistic rule for each deprecated rule (#17778) (Etienne)

    Chores

  • 8.54.0 - 2023-11-17

    Features

    • a7a883b feat: for-direction rule add check for condition in reverse order (#17755) (Angelo Annunziata)
    • 1452dc9 feat: Add suggestions to no-console (#17680) (Joel Mathew Koshy)
    • 21ebf8a feat: update no-array-constructor rule (#17711) (Francesco Trotta)

    Bug Fixes

    • 98926e6 fix: Ensure that extra data is not accidentally stored in the cache file (#17760) (Milos Djermanovic)
    • e8cf9f6 fix: Make dark scroll bar in dark theme (#17753) (Pavel)
    • 3cbeaad fix: Use cwd constructor option as config basePath in Linter (

Snyk has created this PR to upgrade:
  - @babel/cli from 7.20.7 to 7.25.6.
    See this package in npm: https://www.npmjs.com/package/@babel/cli
  - @babel/core from 7.20.12 to 7.25.2.
    See this package in npm: https://www.npmjs.com/package/@babel/core
  - @types/shelljs from 0.8.11 to 0.8.15.
    See this package in npm: https://www.npmjs.com/package/@types/shelljs
  - ajv from 8.12.0 to 8.17.1.
    See this package in npm: https://www.npmjs.com/package/ajv
  - glob from 7.1.6 to 7.2.3.
    See this package in npm: https://www.npmjs.com/package/glob
  - eslint from 8.31.0 to 8.57.0.
    See this package in npm: https://www.npmjs.com/package/eslint
  - minimist from 1.2.7 to 1.2.8.
    See this package in npm: https://www.npmjs.com/package/minimist
  - handlebars from 4.7.7 to 4.7.8.
    See this package in npm: https://www.npmjs.com/package/handlebars
  - jsdom from 16.4.0 to 16.7.0.
    See this package in npm: https://www.npmjs.com/package/jsdom
  - katex from 0.16.4 to 0.16.11.
    See this package in npm: https://www.npmjs.com/package/katex
  - moment from 2.29.4 to 2.30.1.
    See this package in npm: https://www.npmjs.com/package/moment
  - prettier from 2.8.2 to 2.8.8.
    See this package in npm: https://www.npmjs.com/package/prettier
  - winston from 3.8.2 to 3.14.2.
    See this package in npm: https://www.npmjs.com/package/winston
  - yargs from 17.6.2 to 17.7.2.
    See this package in npm: https://www.npmjs.com/package/yargs
  - workbox-cli from 7.0.0 to 7.1.0.
    See this package in npm: https://www.npmjs.com/package/workbox-cli

See this project in Snyk:
https://app.snyk.io/org/anushasalian/project/e53fa273-8fc4-48d3-8bdf-56886cf7f09b?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants