[Snyk] Upgrade: pouchdb-browser, pouchdb-find, react, react-dom, bluebird, d3, debug, draggabilly, electron-context-menu, semver, q, winreg, electron-regedit, electron-squirrel-startup, glob, highlight.js, html-to-react, loglevel, marked, material-ui, mobx, mobx-react, mobx-react-devtools, moment, monaco-editor, nan, pako, react-autosuggest, react-datetime, react-json-tree, react-notification-system, react-resizable, regedit, request, request-promise, simple-git, string-similarity, uuid, xterm

[atlslscsrv-app]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

pouchdb-browser
from 6.2.0 to 6.4.3 | 10 versions ahead of your current version | 7 years ago
on 2018-02-02
pouchdb-find
from 6.2.0 to 6.4.3 | 10 versions ahead of your current version | 7 years ago
on 2018-02-02
react
from 15.4.2 to 15.7.0 | 12 versions ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 15.4.2 to 15.7.0 | 12 versions ahead of your current version | 4 years ago
on 2020-10-14
bluebird
from 3.5.1 to 3.7.2 | 8 versions ahead of your current version | 5 years ago
on 2019-11-28
d3
from 4.11.0 to 4.13.0 | 4 versions ahead of your current version | 7 years ago
on 2018-01-29
debug
from 3.1.0 to 3.2.7 | 8 versions ahead of your current version | 4 years ago
on 2020-11-19
draggabilly
from 2.1.1 to 2.4.1 | 4 versions ahead of your current version | 3 years ago
on 2021-12-19
electron-context-menu
from 0.8.0 to 0.16.0 | 13 versions ahead of your current version | 5 years ago
on 2020-02-01
semver
from 5.4.1 to 5.7.2 | 6 versions ahead of your current version | a year ago
on 2023-07-10
q
from 1.5.0 to 1.5.1 | 1 version ahead of your current version | 7 years ago
on 2017-10-19
winreg
from 1.2.4 to 1.2.5 | 1 version ahead of your current version | a year ago
on 2023-10-20
electron-regedit
from 1.0.6 to 1.1.2 | 3 versions ahead of your current version | 4 years ago
on 2020-05-06
electron-squirrel-startup
from 1.0.0 to 1.0.1 | 1 version ahead of your current version | 4 months ago
on 2024-05-13
glob
from 7.1.2 to 7.2.3 | 8 versions ahead of your current version | 2 years ago
on 2022-05-15
highlight.js
from 9.8.0 to 9.18.5 | 26 versions ahead of your current version | 4 years ago
on 2020-11-19
html-to-react
from 1.3.4 to 1.7.0 | 13 versions ahead of your current version | a year ago
on 2023-10-04
loglevel
from 1.4.1 to 1.9.1 | 16 versions ahead of your current version | 8 months ago
on 2024-01-26
marked
from 0.3.6 to 0.8.2 | 22 versions ahead of your current version | 4 years ago
on 2020-03-22
material-ui
from 0.18.7 to 0.20.0 | 6 versions ahead of your current version | 7 years ago
on 2017-12-04
mobx
from 2.6.0 to 2.7.0 | 7 versions ahead of your current version | 8 years ago
on 2016-12-09
mobx-react
from 3.5.8 to 3.5.9 | 1 version ahead of your current version | 8 years ago
on 2016-11-07
mobx-react-devtools
from 4.2.9 to 4.2.15 | 6 versions ahead of your current version | 7 years ago
on 2017-06-17
moment
from 2.22.2 to 2.30.1 | 16 versions ahead of your current version | 9 months ago
on 2023-12-27
monaco-editor
from 0.7.0 to 0.51.0 | 830 versions ahead of your current version | 22 days ago
on 2024-08-23
nan
from 2.5.1 to 2.20.0 | 24 versions ahead of your current version | 3 months ago
on 2024-06-12
pako
from 1.0.5 to 1.0.11 | 6 versions ahead of your current version | 5 years ago
on 2020-01-29
react-autosuggest
from 9.0.1 to 9.4.3 | 11 versions ahead of your current version | 6 years ago
on 2019-01-05
react-datetime
from 2.7.5 to 2.16.3 | 27 versions ahead of your current version | 6 years ago
on 2018-12-03
react-json-tree
from 0.10.9 to 0.19.0 | 16 versions ahead of your current version | 5 months ago
on 2024-04-07
react-notification-system
from 0.2.11 to 0.4.0 | 8 versions ahead of your current version | 4 years ago
on 2020-05-06
react-resizable
from 1.4.5 to 1.11.1 | 14 versions ahead of your current version | 4 years ago
on 2021-03-05
regedit
from 2.2.6 to 2.2.7 | 1 version ahead of your current version | 7 years ago
on 2017-06-07
request
from 2.88.0 to 2.88.2 | 1 version ahead of your current version | 5 years ago
on 2020-02-11
request-promise
from 4.1.1 to 4.2.6 | 7 versions ahead of your current version | 4 years ago
on 2020-07-22
simple-git
from 1.65.0 to 1.132.0 | 67 versions ahead of your current version | 5 years ago
on 2020-03-12
string-similarity
from 1.2.0 to 1.2.2 | 2 versions ahead of your current version | 6 years ago
on 2018-09-12
uuid
from 3.0.1 to 3.4.0 | 7 versions ahead of your current version | 5 years ago
on 2020-01-16
xterm
from 2.8.1 to 2.9.2 | 3 versions ahead of your current version | 7 years ago
on 2017-08-09

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-AJV-584908	619	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	619	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	619	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	619	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	619	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	619	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	619	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	619	Proof of Concept
	Cross-site Scripting (XSS) npm:marked:20170112	619	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20170815	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	619	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	619	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	619	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	619	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	619	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHMERGE-173732	619	Proof of Concept
	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	619	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	619	Proof of Concept
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	619	Proof of Concept
	Cross-site Scripting (XSS) npm:marked:20170815-1	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	619	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	619	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHMERGE-173733	619	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	619	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	619	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	619	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	619	Proof of Concept

Release notes

Package name: pouchdb-browser

• 6.4.3 - 2018-02-02
• 6.4.2 - 2018-01-24
• 6.4.1 - 2017-12-18
• 6.4.0 - 2017-12-17
• 6.3.4 - 2017-07-15
• 6.3.3 - 2017-07-14
• 6.3.2 - 2017-07-13
• 6.3.1 - 2017-07-13
• 6.3.0 - 2017-07-13
• 6.2.1-prerelease - 2017-07-13
• 6.2.0 - 2017-04-20

from pouchdb-browser GitHub release notes

Package name: pouchdb-find

• 6.4.3 - 2018-02-02
• 6.4.2 - 2018-01-24
• 6.4.1 - 2017-12-18
• 6.4.0 - 2017-12-17
• 6.3.4 - 2017-07-15
• 6.3.3 - 2017-07-14
• 6.3.2 - 2017-07-13
• 6.3.1 - 2017-07-13
• 6.3.0 - 2017-07-13
• 6.2.1-prerelease - 2017-07-13
• 6.2.0 - 2017-04-20

from pouchdb-find GitHub release notes

Package name: react

• 15.7.0 - 2020-10-14
  

  React

  • Backport support for the new JSX transform to 15.x. (@ lunaruan in #18299 and @ gaearon in #20024)
• 15.6.2 - 2017-09-26
• 15.6.1 - 2017-06-15
• 15.6.0 - 2017-06-13
• 15.6.0-rc.1 - 2017-06-01
• 15.5.4 - 2017-04-11
• 15.5.3 - 2017-04-08
• 15.5.2 - 2017-04-08
• 15.5.1 - 2017-04-07
• 15.5.0 - 2017-04-07
• 15.5.0-rc.2 - 2017-04-06
• 15.5.0-rc.1 - 2017-04-05
• 15.4.2 - 2017-01-06

from react GitHub release notes

Package name: react-dom

• 15.7.0 - 2020-10-14
  

  React

  • Backport support for the new JSX transform to 15.x. (@ lunaruan in #18299 and @ gaearon in #20024)
• 15.6.2 - 2017-09-26
• 15.6.1 - 2017-06-15
• 15.6.0 - 2017-06-13
• 15.6.0-rc.1 - 2017-06-01
• 15.5.4 - 2017-04-11
• 15.5.3 - 2017-04-08
• 15.5.2 - 2017-04-08
• 15.5.1 - 2017-04-07
• 15.5.0 - 2017-04-07
• 15.5.0-rc.2 - 2017-04-06
• 15.5.0-rc.1 - 2017-04-05
• 15.4.2 - 2017-01-06

from react-dom GitHub release notes

Package name: bluebird

• 3.7.2 - 2019-11-28
  

  Bugfixes:

  • Fixes firefox settimeout not initialized error (#1623)
• 3.7.1 - 2019-10-15
  

  Features:

  • feature

  Bugfixes:

  • Fix (#1614)
  • Fix (#1613)
  • Fix (#1616)
• 3.7.0 - 2019-10-01
  

  Features:

  • Add Promise.allSettled` method (#1606)
• 3.6.0 - 2019-10-01
  

  Features:

  • Add support for AsyncResource (#1403)

  Bugfixes:

  • Fix .reduce generating unhandled rejection events (#1501)
  • Fix Promise.reduce` generating unhandled rejction events (#1502)
  • Fix .map and .filter generating unhandled rejection events (#1487)
  • Fix Promise.map` unhandled rejection events (#1489)
  • Fix cancel skipping upward propagation (#1459)
  • Fix loadTimes deprecation (#1505)
  • Fix Promise.each` maximum stack exceeded error (#1326)
  • Make PromiseRejectionEvent confrom to spec (#1509)
  • Fix false unhandled rejection events (#1468)
• 3.5.5 - 2019-05-24
  

  Features:

  • Added Symbol.toStringTag support to Promise (#1421)

  Bugfixes:

  • Fix error in IE9 (#1591, #1592)
  • Fix error with undefined stack trace (#1537)
  • Fix #catch throwing an error later rather than immediately when passed non-function handler (#1517)
• 3.5.4 - 2019-04-03
  
  • Proper version check supporting VSCode(#1576)
• 3.5.3 - 2018-11-06
  

  Bugfixes:

  • Update acorn dependency
• 3.5.2 - 2018-09-03
  

  Bugfixes:

  • Fix PromiseRejectionEvent to contain .reason and .promise properties. (#1509, #1464)
  • Fix promise chain retaining memory until the entire chain is resolved (#1544, #1529)

  ---

  id: changelog
  title: Changelog

• 3.5.1 - 2017-10-04
  

  Bugfixes:

  • Fix false positive unhandled rejection when using async await (#1404)
  • Fix false positive when reporting error as non-error (#990)

from bluebird GitHub release notes

Package name: d3

• 4.13.0 - 2018-01-29
• 4.12.2 - 2017-12-26
• 4.12.1 - 2017-12-26
• 4.12.0 - 2017-11-21
• 4.11.0 - 2017-10-03

from d3 GitHub release notes

Package name: debug

• 3.2.7 - 2020-11-19
  

  3.2.7

• 3.2.6 - 2018-10-10
• 3.2.5 - 2018-09-11
• 3.2.4 - 2018-09-11
• 3.2.3 - 2018-09-11
• 3.2.2 - 2018-09-11
• 3.2.1 - 2018-09-11
• 3.2.0 - 2018-09-11
• 3.1.0 - 2017-09-26

from debug GitHub release notes

Package name: draggabilly

• 2.4.1 - 2021-12-19
  

  🐞 Fixed bug for dragging on iOS 15

• 2.4.0 - 2021-12-19
  

  2.4.0

• 2.3.0 - 2020-05-16
  
  • 🐞 fix Safari 9 drag bug.
  • Deploy to Netlify
  • Switch to npm for front-end dependencies, off of Bower
  • Switch to vanilla node for scripts, remove Gulp
  • Add linting with ESLint
  • Add CI with GitHub actions
• 2.2.0 - 2018-03-27
  

  🔔 Added setPosition method. #147
  🐞 Fixed contain top down, not bottom-up. #185
  🐞 Enabled clicks in text inputs. #181
  🐞 Disabled preventDefault when disabled. #165
  ⬆️ Updated dependencies Unipointer 2.3, Unidragger 2.3
  🛠 Breaking change. Drop vendor prefixes. Drop support for Android 4

• 2.1.1 - 2016-06-10
  
  • 🛠 allow fixed positioning. Fixed #134
  • 🐞 Fixed Firefox % position, not-in-DOM bug. Fixed #131

from draggabilly GitHub release notes

Package name: electron-context-menu

• 0.16.0 - 2020-02-01
  
  • Support rich text for Cut, Copy, and Paste items 296ae9c
  • Add WebContents to browserWindow TypeScript type (#90) 1410532

  v0.15.2...v0.16.0

• 0.15.2 - 2020-01-02
  
  • Fix the TypeScript types 26938e1

  v0.15.1...v0.15.2

• 0.15.1 - 2019-11-08
  
  • Fix showing Inspect Element menu item 9e9fd9a
  • Fix TypeScript definition 4d28a12

  v0.15.0...v0.15.1

• 0.15.0 - 2019-08-30
  

  Enhancements:

  • Add Copy Image option (true by default) (#79) 79868f1

  v0.14.0...v0.15.0

• 0.14.0 - 2019-08-08
  
  • Fix the "Save Image" label ID 4c8eb16
    If you localize the "Save Image" label, you need to update the ID from save to saveImage.

  v0.13.0...v0.14.0

• 0.13.0 - 2019-06-30
  

  Enhancements:

  • Add Services submenu on macOS (#73) 295e19d
  • Add menu item for looking up a word on macOS (#71) 35f3dd0
  • Filter out false menu items (#69) 2529d65

  v0.12.1...v0.13.0

• 0.12.1 - 2019-04-30
  
  • Fix cut and paste for webviews (#67) e1e4061

  v0.12.0...v0.12.1

• 0.12.0 - 2019-04-09
  

  Breaking:

  • Require Electron 4 or later b075c7f
  • The function given to the prepend and append options now receive a defaultActions argument as the first argument. So the previous first and second argument are now second and third.
  • For TypeScript users only:
    • Refactor TypeScript definition to CommonJS compatible export (#64) d447280
      • You need to change import contextMenu from 'electron-context-menu'; to import contextMenu = require('electron-context-menu');

  Enhancements:

  • Add menu option (#44) bb1b073

  v0.11.0...v0.12.0

• 0.11.0 - 2019-01-27
  
  • Add TypeScript definition (#62) d7bbff3

  v0.10.1...v0.11.0

• 0.10.1 - 2018-10-28
  

  0.10.1

• 0.10.0 - 2018-06-19
• 0.9.1 - 2017-05-24
• 0.9.0 - 2017-04-19
• 0.8.0 - 2016-11-23

from electron-context-menu GitHub release notes

Package name: semver

• 5.7.2 - 2023-07-10
  

  5.7.2 (2023-07-10)

  Bug Fixes

  • 2f8fd41 #585 better handling of whitespace (#585) (@ joaomoreno, @ lukekarrys)
• 5.7.1 - 2019-08-12
• 5.7.0 - 2019-03-26
• 5.6.0 - 2018-10-10
• 5.5.1 - 2018-08-17
• 5.5.0 - 2018-01-16
• 5.4.1 - 2017-07-24

from semver GitHub release notes

Package name: q

• 1.5.1 - 2017-10-19
  

  1.5.1

• 1.5.0 - 2017-03-22
  

  1.5.0

from q GitHub release notes

Package name: winreg

• 1.2.5 - 2023-10-20
  
  • fixes a possible security issue if an attacker is able to pollute Object.prototype (thanks to Mikhail Shcherbakov KTH Royal Institute of Technology for reporting)
  • adds support for electron apps
  • updates the development dependencies
  • updates the mocha tests
• 1.2.4 - 2017-05-12
  

  1.2.4

from winreg GitHub release notes

Package name: electron-squirrel-startup

• 1.0.1 - 2024-05-13
  

  1.0.1

• 1.0.0 - 2016-05-19
  

  1.0.0

from electron-squirrel-startup GitHub release notes

Package name: glob

• 7.2.3 - 2022-05-15
  

  7.2.3

• 7.2.2 - 2022-05-13
  

  7.2.2

• 7.2.0 - 2021-09-22
  

  7.2.0

• 7.1.7 - 2021-05-06
  

  7.1.7

• 7.1.6 - 2019-11-06
  

  7.1.6

• 7.1.5 - 2019-10-21
• 7.1.4 - 2019-05-08
• 7.1.3 - 2018-08-27
• 7.1.2 - 2017-05-19

from glob GitHub release notes

Package name: highlight.js

• 9.18.5 - 2020-11-19
• 9.18.4 - 2020-11-18
• 9.18.3 - 2020-07-29
• 9.18.2 - 2020-07-28
• 9.18.1 - 2020-02-01
• 9.18.0 - 2020-01-20
• 9.17.1 - 2019-12-12
• 9.17.0 - 2019-12-11
• 9.16.2 - 2019-11-01
• 9.16.1 - 2019-10-31
• 9.15.10 - 2019-08-20
• 9.15.9 - 2019-07-31
• 9.15.8 - 2019-05-29
• 9.15.7 - 2019-05-29
• 9.15.6 - 2019-02-26
• 9.15.5 - 2019-02-25
• 9.15.2 - 2019-02-25
• 9.15.1 - 2019-02-25
• 9.14.2 - 2019-02-01
• 9.14.1 - 2019-01-30
• 9.13.1 - 2018-10-17
• 9.13.0 - 2018-10-13
• 9.12.0 - 2017-05-31
• 9.11.0 - 2017-04-19
• 9.10.0 - 2017-03-08
• 9.9.0 - 2016-12-14
• 9.8.0 - 2016-11-02

from highlight.js GitHub release notes

Package name: html-to-react

• 1.7.0 - 2023-10-04
  

  v1.7.0

• 1.6.0 - 2023-06-04
  

  v1.6.0

• 1.5.1 - 2023-04-07
  

  New version

• 1.5.0 - 2022-07-01
  

  New version

• 1.4.8 - 2022-01-25
  

  New version

• 1.4.7 - 2021-09-16
  

  New version

• 1.4.6 - 2021-09-16
  

  New version

• 1.4.5 - 2020-10-24
  

  New version

• 1.4.4 - 2020-10-05
  

  New version

• 1.4.3 - 2020-05-23
  

  New version

• 1.4.2 - 2019-09-20
• 1.4.1 - 2019-08-11
• 1.4.0 - 2019-08-06
• 1.3.4 - 2018-12-06

from html-to-react GitHub release notes

Package name: loglevel

• 1.9.1 - 2024-01-26
  

  v1.9.1

• 1.9.0 - 2024-01-25
  

  v1.9.0

• 1.8.1 - 2022-11-08
  No content.
• 1.8.0 - 2021-11-18
  

  v1.8.0

• 1.7.1 - 2020-11-25
  

  v1.7.1

• 1.7.0 - 2020-08-26
  

  v1.7.0

• 1.6.8 - 2020-04-14
  No content.
• 1.6.7 - 2020-02-10
  No content.
• 1.6.6 - 2019-11-07
  

  Fix bugs in v1.6.5, which caused issues in node.js & IE < 9

• 1.6.4 - 2019-09-05
• 1.6.3 - 2019-06-11
• 1.6.2 - 2019-05-30
• 1.6.1 - 2018-01-10
• 1.6.0 - 2017-11-13
• 1.5.1 - 2017-10-09
• 1.5.0 - 2017-09-11
• 1.4.1 - 2016-05-31

from loglevel GitHub release notes

Package name: marked

• 0.8.2 - 2020-03-22
  

  Fixes

  • Add html to TextRenderer for html in headings #1622
  • Remove html tags in heading ids #1622

  Docs

  • Update comment about GitHub breaks #1620
• 0.8.1 - 2020-03-18
  

  Fixes

  • Fix marked --help #1588
  • Fix GFM Example 116 code fences #1600
  • Send inline html to renderer #1602 (fixes #1601)
  • Improve docs example for invoking highlight.js #1603
  • Fix block-level elements breaking tables #1598 (fixes #1467)
  • break nptables on block-level structures #1617
• 0.8.0 - 2019-12-12
  

  Breaking changes

  • Remove substitutions #1532
  • Separate source into modules #1563 #1572 #1573 #1575 #1576 #1581

  Fixes

  • Fix relative urls in baseUrl option #1526
  • Loose task list #1535
  • Fix image parentheses #1557
  • remove module field & update devDependencies #1581

  Docs

  • Update examples with es6+ #1521
  • Fix link to USING_PRO.md page #1552
  • Fix typo in USING_ADVANCED.md #1558
  • Node worker threads are stable