Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade yup from 0.32.9 to 0.32.11 #575

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

gzacharski
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade yup from 0.32.9 to 0.32.11.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2021-10-12.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary File Write
SNYK-JS-TAR-1579155
425/1000
Why? CVSS 8.5
No Known Exploit
Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026
425/1000
Why? CVSS 8.5
No Known Exploit
Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
425/1000
Why? CVSS 8.5
Proof of Concept
Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LUXON-3225081
425/1000
Why? CVSS 8.5
Proof of Concept
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
425/1000
Why? CVSS 8.5
No Known Exploit
Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
425/1000
Why? CVSS 8.5
Proof of Concept
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
425/1000
Why? CVSS 8.5
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147
425/1000
Why? CVSS 8.5
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152
425/1000
Why? CVSS 8.5
No Known Exploit
Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922
425/1000
Why? CVSS 8.5
No Known Exploit
Improper Input Validation
SNYK-JS-URLPARSE-2407770
425/1000
Why? CVSS 8.5
Proof of Concept
Prototype Poisoning
SNYK-JS-QS-3153490
425/1000
Why? CVSS 8.5
Proof of Concept
Prototype Poisoning
SNYK-JS-QS-3153490
425/1000
Why? CVSS 8.5
Proof of Concept
Directory Traversal
SNYK-JS-MOMENT-2440688
425/1000
Why? CVSS 8.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TMPL-1583443
425/1000
Why? CVSS 8.5
Proof of Concept
Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076
425/1000
Why? CVSS 8.5
Proof of Concept
Prototype Pollution
SNYK-JS-ASYNC-2441827
425/1000
Why? CVSS 8.5
Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
425/1000
Why? CVSS 8.5
Proof of Concept
Denial of Service (DoS)
SNYK-JS-NWSAPI-2841516
425/1000
Why? CVSS 8.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
425/1000
Why? CVSS 8.5
Proof of Concept
Open Redirect
SNYK-JS-EXPRESS-6474509
425/1000
Why? CVSS 8.5
No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
425/1000
Why? CVSS 8.5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
425/1000
Why? CVSS 8.5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
425/1000
Why? CVSS 8.5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891
425/1000
Why? CVSS 8.5
Proof of Concept
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088
425/1000
Why? CVSS 8.5
No Known Exploit
Prototype Pollution
SNYK-JS-JSON5-3182856
425/1000
Why? CVSS 8.5
Proof of Concept
Prototype Pollution
SNYK-JS-JSON5-3182856
425/1000
Why? CVSS 8.5
Proof of Concept
Authorization Bypass
SNYK-JS-URLPARSE-2407759
425/1000
Why? CVSS 8.5
Proof of Concept
Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
425/1000
Why? CVSS 8.5
Proof of Concept
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
425/1000
Why? CVSS 8.5
Proof of Concept
Information Exposure
SNYK-JS-NANOID-2332193
425/1000
Why? CVSS 8.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366
425/1000
Why? CVSS 8.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366
425/1000
Why? CVSS 8.5
No Known Exploit
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
425/1000
Why? CVSS 8.5
Proof of Concept
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
425/1000
Why? CVSS 8.5
Proof of Concept
Open Redirect
SNYK-JS-URLPARSE-1533425
425/1000
Why? CVSS 8.5
Proof of Concept
Access Restriction Bypass
SNYK-JS-URLPARSE-2401205
425/1000
Why? CVSS 8.5
Proof of Concept
Information Exposure
SNYK-JS-EVENTSOURCE-2823375
425/1000
Why? CVSS 8.5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
425/1000
Why? CVSS 8.5
No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
425/1000
Why? CVSS 8.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
425/1000
Why? CVSS 8.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
425/1000
Why? CVSS 8.5
Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795
425/1000
Why? CVSS 8.5
Proof of Concept
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
425/1000
Why? CVSS 8.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: yup from yup GitHub release notes
Commit messages
Package name: yup
  • d072af3 Publish v0.32.11
  • 2015c0f fix: dep ranges
  • 846161e Publish v0.32.10
  • 1d767b4 chore: fix ts compilation
  • 2778b88 Merge pull request #1483 from jquense/bug-bash
  • 4bdc4e4 chore: bump deps and clean up tooling
  • 5334349 fix: carry over excluded edges when concating objects
  • f3056f2 fix: missing transforms on concat
  • 03584f6 feat: add resolved to params (#1437)
  • 7842afb fix: oneOf, notOneOf swallowing multiple errors (#1434)
  • 7576cd8 feat: add types to setLocale (#1427)
  • eab974f Update typescript.md
  • 877f777 chore(deps): update dependency lint-staged to v11 (#1359)
  • 94cfd11 feat: allows custom types to be passed to avoid cast to ObjectSchema (#1358)
  • 70d0b67 fix: update lodash/lodash-es to fix CVEs flagged in 4.17.20 (#1334)
  • acbb8b4 fix(utils): use named functions for default exports (#1329)
  • 5eda549 fix: prevent unhandled Promise rejection when returning rejected Promise inside test function (#1327)
  • 91ace1e fix: SchemaOf<>'s treatment of Date objects. (#1305)
  • 0fca0a4 docs: clarify wording
  • 4c17508 fix: fix the typo for the array length validation (#1287)
  • bbd44d0 chore(deps): update dependency husky to v5 (#1251)
  • 357ffa4 docs: Fix typo (#1272)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants