Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 39 vulnerabilities #6

Closed
wants to merge 1 commit into from
Closed

[Snyk] Fix for 39 vulnerabilities #6

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 5, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-173700		 No No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-72889		 No No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-72890		 No No Known Exploit
medium severity Prototype Pollution
SNYK-JS-JQUERY-174006		 Yes Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129		 Yes Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880		 Yes Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-JSYAML-173999		 Yes No Known Exploit
high severity Arbitrary Code Execution
SNYK-JS-JSYAML-174129		 Yes No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-450202		 Yes Proof of Concept
medium severity Prototype Pollution
SNYK-JS-LODASH-567746		 Yes Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-590103		 Yes No Known Exploit
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-73638		 Yes No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 Yes No Known Exploit
medium severity Out-of-bounds Read
SNYK-JS-NODESASS-535499		 Yes No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-NODESASS-535501		 Yes No Known Exploit
high severity Uncontrolled Recursion
SNYK-JS-NODESASS-535503		 Yes No Known Exploit
medium severity Resource Exhaustion
SNYK-JS-NODESASS-535504		 Yes No Known Exploit
high severity NULL Pointer Dereference
SNYK-JS-NODESASS-535505		 Yes No Known Exploit
high severity Uncontrolled Recursion
SNYK-JS-NODESASS-540960		 Yes No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-NODESASS-540962		 Yes No Known Exploit
high severity Improper Input Validation
SNYK-JS-NODESASS-540966		 Yes No Known Exploit
high severity Improper Input Validation
SNYK-JS-NODESASS-540968		 Yes No Known Exploit
high severity Uncontrolled Recursion
SNYK-JS-NODESASS-540970		 Yes No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-NODESASS-540972		 Yes No Known Exploit
high severity NULL Pointer Dereference
SNYK-JS-NODESASS-540974		 Yes No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-NODESASS-540982		 Yes No Known Exploit
medium severity Out-of-bounds Read
SNYK-JS-NODESASS-540984		 Yes No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-NODESASS-540986		 Yes No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-NODESASS-540988		 Yes No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-NODESASS-542662		 Yes No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1085630		 Yes No Known Exploit
medium severity Cross-site Scripting (XSS)
npm:bootstrap:20160627		 No No Known Exploit
medium severity Cross-site Scripting (XSS)
npm:bootstrap:20180529		 No No Known Exploit
medium severity Cross-site Scripting (XSS)
npm:jquery:20150627		 No No Known Exploit
medium severity Prototype Pollution
npm:lodash:20180130		 Yes No Known Exploit
high severity Prototype Override Protection Bypass
npm:qs:20170213		 No No Known Exploit
Commit messages
Package name: bootstrap The new version differs by 250 commits.
  • 68b0d23 Dist
  • 2ccfa57 handle # selector for dropdown
  • a43077d Bump version to 3.4.1.
  • d821de2 Backport sanitize docs from v4.
  • 5cd9ef4 Add wdm gem for Windows.
  • d6b8501 ES5 fixes.
  • 2c8abb9 Add sanitize for tooltips and popovers html content.
  • d4129df Bump year.
  • 0d64d6a less/modals.less: Add missing semicolon.
  • 48c5d7b Use https.
  • b23e213 Update devDependencies and gems.
  • 695c541 Fix redirects.
  • 9206e46 Make meaning of tooltip's 'selector' option more clear in Bootstrap 3
  • b285ea3 Add a few redirects.
  • 3e1b894 Fix broken link in nav version dropdown.
  • 3e519c3 Support nuget contentFiles, used for some project types (#27856)
  • 4c547f2 Dist.
  • 0f1c6b0 Move the whole autoprefixer config to configBridge.json.
  • 9332f3c Add polyfills for older browsers.
  • dd71b40 docs: Concat the IE files with the rest.
  • 4a5c7f2 Update devDependencies, gems and lots of cleanup/build fixes.
  • 7a2cdfb Center skippy.
  • 3b82587 Restore `cursor: help` for `abbr`.
  • bf69f1f Backport the `abbr` fix from the updated normalize.css.

See the full diff

Package name: copy-webpack-plugin The new version differs by 18 commits.

See the full diff

Package name: css-loader The new version differs by 136 commits.
  • 43179a8 chore(release): 1.0.0
  • 3d53968 Merge remote-tracking branch 'origin/master'
  • 240db53 version 1.0 (#742)
  • 1b7acf7 Merge remote-tracking branch 'origin/master'
  • 1703721 docs(README): add more context to `localIdentName` (#711)
  • 1c51265 docs(README): fix malformed emoji (#701)
  • 50f8ec0 Merge remote-tracking branch 'origin/master'
  • 07444ad tests: css custom variables (#709)
  • 3de8aa7 tests: css custom variables (#709)
  • df497db chore(release): 0.28.11
  • c788450 fix(lib/processCss): don't check `mode` for `url` handling (`options.modules`) (#698)
  • c35d8bd chore(release): 0.28.10
  • 9f876d2 fix(getLocalIdent): add `rootContext` support (`webpack >= v4.0.0`) (#681)
  • 0452f26 test: hashes inside `@ font-face` url (#678)
  • 630579d chore(release): 0.28.9
  • 604bd4b chore(package): update dependencies
  • d1d8221 fix: ignore invalid URLs (`url()`) (#663)
  • 0fc46c7 chore(release): 0.28.8
  • 333a2ce chore(package): update `dependencies`
  • 39773aa ci(travis): use `npm`
  • 8897d44 fix: proper URL escaping and wrapping (`url()`) (#627)
  • 0dccfa9 fix(loader): correctly check if source map is `undefined` (#641)
  • d999f4a docs: Update importLoaders documentation (#646)
  • 05c36db test: removed redundant `modules` argument (#599)

See the full diff

Package name: history The new version differs by 35 commits.
  • 702db62 Version 1.14.0
  • 990b853 Merge pull request #168 from taion/doc-141
  • a9db75a Deprecate pushState and replaceState
  • 50420f9 Document the new push and replace syntax
  • 0a1b31a Merge pull request #171 from rackt/query-string
  • d0edd09 Use query-string instead of qs
  • 331ee28 Merge pull request #167 from taion/hash-replace
  • 32a3978 Consider the full path in changing PUSH to REPLACE
  • ce96689 Merge pull request #141 from taion/push-replace-location-object
  • 9a5a378 Merge pull request #156 from taion/actually-fix-coverage
  • 969463f Configure the coverage reporter
  • 4ab16f3 Merge pull request #155 from rackt/taion-patch-1
  • d88948f Clean up the last of the old push/replace docs
  • e2c9860 Merge pull request #152 from taion/build-es6
  • 07b8013 Add ES2015 module build
  • 2688abe Merge pull request #151 from taion/clean-lib
  • b1cf2fa Merge pull request #150 from taion/linkify-CHANGES-HEAD
  • a6aac12 Clean output directory when building
  • 23353fe Link to HEAD diffs on CHANGES
  • ede110f Merge pull request #147 from taion/CriOS-fixme
  • 7f28fcb Merge pull request #148 from taion/eslint-mocha
  • 7bb2867 Centralize eslint env setting
  • b98fc54 Add FIXME note to CriOS workaround
  • ae05e84 Update CHANGES.md

See the full diff

Package name: node-sass The new version differs by 234 commits.
  • b54053a Update changelog
  • 01db051 4.13.1
  • 338fd7a Merge pull request from GHSA-f6rp-gv58-9cw3
  • c6f2e5a doc: README example fix (#2787)
  • fbc9ff5 Merge pull request #2754 from saper/no-map-if-not-requested
  • 60fad5f 4.13.0
  • 43db915 Merge pull request #2768 from sass/release-4-13
  • 0c8d308 Update references for v4.13 release
  • f1cc0d3 Use GCC 6 for Node 12 binaries (#2767)
  • 3838eae Use GCC 6 for Node 12 binaries
  • e84c6a9 Merge pull request #2766 from saper/node-modules-79
  • 64b6f32 Node 13 support
  • 8498f70 Fix #2394: sourceMap option should have consistent behaviour
  • 8d0acca Merge pull request #2753 from schwigri/master
  • b0d4d85 Fix broken link to NodeJS docs in README.md
  • 887199a Merge pull request #2730 from kessenich/master
  • b1f54d7 Fix #2614 - Update lodash version
  • 96aa279 Merge pull request #2726 from XhmikosR/master-xmr-typos
  • 8421979 Assorted typo fixes.
  • 2513e6a chore: Remove PR template
  • 7ab387c Merge pull request #2673 from abetomo/remove_sudo_setting_from_travis
  • 15355dd Remove sudo settings from .travis.yml
  • 0c1a49e chore: Add not in PR template about node-gyp 4.0
  • e59f5ba chore: Change note about Node 12 support

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 610f368 5.0.0
  • 5ce65c1 update examples
  • bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
  • 75ecff2 5.0.0-rc.6
  • bfc35d6 Merge pull request #11603 from MayaWolf/master
  • 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
  • 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
  • 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
  • 9130d10 fix called variables with ProvidePlugin
  • 3e42105 Merge pull request #11620 from webpack/bugfix/11617
  • 4709719 skip connections copied to concatenated module
  • 57b493f 5.0.0-rc.5
  • 1658e2f Merge pull request #11618 from webpack/bugfix/11615
  • a8fb45d fixes crash in SideEffectsFlagPlugin
  • 84b196d emit error instead of crashing when unexpected problem occurs
  • 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
  • 9b5cce9 Merge pull request #11609 from snitin315/export-types
  • 37c495c export type RuleSetUseItem
  • 39faf34 export type RuleSetUse
  • e5fd246 export type RuleSetConditionAbsolute
  • 660baad export RuleSetCondition types
  • 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
  • 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
  • 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
a056b56 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-NODESASS-535499
- https://snyk.io/vuln/SNYK-JS-NODESASS-535501
- https://snyk.io/vuln/SNYK-JS-NODESASS-535503
- https://snyk.io/vuln/SNYK-JS-NODESASS-535504
- https://snyk.io/vuln/SNYK-JS-NODESASS-535505
- https://snyk.io/vuln/SNYK-JS-NODESASS-540960
- https://snyk.io/vuln/SNYK-JS-NODESASS-540962
- https://snyk.io/vuln/SNYK-JS-NODESASS-540966
- https://snyk.io/vuln/SNYK-JS-NODESASS-540968
- https://snyk.io/vuln/SNYK-JS-NODESASS-540970
- https://snyk.io/vuln/SNYK-JS-NODESASS-540972
- https://snyk.io/vuln/SNYK-JS-NODESASS-540974
- https://snyk.io/vuln/SNYK-JS-NODESASS-540982
- https://snyk.io/vuln/SNYK-JS-NODESASS-540984
- https://snyk.io/vuln/SNYK-JS-NODESASS-540986
- https://snyk.io/vuln/SNYK-JS-NODESASS-540988
- https://snyk.io/vuln/SNYK-JS-NODESASS-542662
- https://snyk.io/vuln/SNYK-JS-SSRI-1085630
- https://snyk.io/vuln/npm:bootstrap:20160627
- https://snyk.io/vuln/npm:bootstrap:20180529
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:qs:20170213
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Persist tx arguments across refreshes (like reflux-tx does for txes) More full explorer functionality
2 participants
@snyk-bot @1Blackdiamondsc