New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 4 vulnerabilities #33

Open

mordf wants to merge 1 commit into master from snyk-fix-b1506bdb5e8148da169b9da87ea6c45d

Owner

mordf commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNCVALIDATOR-2311201	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: antd

The new version differs by 250 commits.

5a60d48 docs: 4.0.0 changelog (#21652)
181ef7f Merge remote-tracking branch 'origin/feature'
8e367cc chore: 🆙 upgrade rc-pagination to 2.0 (#21650)
b64e6b0 Update CHANGELOG.zh-CN.md
464c108 docs: Adjust QR code to use https instead
28e8e1b site: 💄 tweak header more arrow style
d86c14b docs: fix link in ConfigProvider (#21647)
566c379 chore(deps): bump rc-virtual-list from 0.0.0 to 1.0.0 (#21646)
ba78905 docs: Fix site fixed nav overflow style
de0d609 docs: Adjust site (#21642)
12761e8 fix: Breadcrumb 默认使用path作为唯一key (#21583)
afedb41 docs: Site with single paging (#21360)
2620801 Update verbiage in sample to match the property value (#21628)
e259449 chore: Update rc component version
3c6faa6 🎬 Improve Grid demo style (#21625)
928ff9a 📝 Add issuehunt badge
3269d8c feat: Timeline.Item support label (#21560)
9d04915 docs: 🔗 update demo links
e3fbb0d chore: replace legacy context and use PureComponent (#21597)
0f5dc22 docs: fix wrong link
0154154 🐛 Table filter menu should have max-height (#21602)
b617b41 fix typos in messages (#21594)
4584a62 style: optimization calendar year content (#21598)
50087b2 📦 Remove DatePicker legacy cell className (#21589)

See the full diff

Package name: react-json-view

The new version differs by 160 commits.

23c3d0f Merge pull request close pipeline after run, edit pipeline only type stored kube-HPC/simulator#315 from mac-s-g/update-flux-dependency
730b65b upgrading flux to 4.0.1
687c00f Merge pull request [Snyk] Upgrade dotenv from 8.2.0 to 8.6.0 kube-HPC/simulator#314 from mac-s-g/node-dependency
d1ef3a2 remove node dependency
ef2736c Merge pull request [Snyk] Upgrade apexcharts from 3.37.0 to 3.41.0 kube-HPC/simulator#312 from mac-s-g/bump-minor-version
db92bbe bump version and update demo build
e58c4e0 Merge pull request [Snyk] Upgrade @apollo/client from 3.6.2 to 3.7.15 kube-HPC/simulator#311 from mac-s-g/thomasjm-inline-styles
e12f320 i think i got it
937d783 upgraded some dependencies, upgraded docker node image
875a3f4 wrong git user
b0b8914 went-down-a-rabbit-hole
9c57b96 updating lint rules to fix tests
3c9bdaa updating coveralls version, ensuring node_env is test before sending coverage to coveralls
b939ee4 merging-master
e5330e0 Merge pull request test add link kube-HPC/simulator#293 from mac-s-g/feature/setup-ci
5c67e94 Merge pull request error grafana kube-HPC/simulator#303 from uzikilon/patch-1
622bd65 Merge pull request add msg to buildid by error code kube-HPC/simulator#271 from kochis/remove-quotes-from-keys-option
87011cd Merge pull request fix bugs queue kube-HPC/simulator#231 from EvertEt/fix/scientific-float
46f0a72 Merge pull request fix flowinput and metrics kube-HPC/simulator#218 from gfortaine/default-style
8a295cf Merge pull request Bump follow-redirects from 1.13.3 to 1.15.2 kube-HPC/simulator#213 from azcn2503/patch-1
5f44a4e Adds support for React 17
831b37f Re-indent dev-server/dist/index.html
8dd9409 Fix another window ReferenceError issue
98f029b Rebuild demo

See the full diff

Package name: socket.io-client

The new version differs by 24 commits.

d30914d [chore] Release 2.0.0
9e7b543 [chore] Bump engine.io to version 3.1.0 (#1109)
442587e [chore] Bump dev dependencies (#1108)
ff4cb3e [feat] Move binary detection to the parser (#1103)
b4c7e49 [chore] Bump debug to version 2.6.4 (#1101)
3f19445 Merge pull request #1096 from satya164/patch-1
628eb3b Fix dependencies
d32bc5b [docs] Fix messed events documentation (#1089)
2135ed8 [docs] Fix Manager constructor documentation (#1093)
25321d1 [docs] Fix format in API.md (#1090)
9064608 [docs] Add note regarding the Emitter class (#1079)
49fb3e0 [fix] Run tests on the minified files (#1042)
4af8fd3 [docs] Add missing path option in the documentation (#1078)
2dcc794 [feature] Allow the use of a custom parser (#1075)
4322cf2 [docs] Fix typo (#1076)
1ac8374 [chore] Bump engine.io-client to version 2.0.2 (#1074)
3d63875 [chore] Bump socket.io-parser to version 2.3.2 (#1071)
8fc4b44 [docs] Fix typo (#1066)
a98f94d [chore] Bump engine.io-client to version 2.0.0 (#1062)
fcb5c43 [fix] Add nsp prefix to socket.id (#1058)
ba5dca3 [test] Update browsers matrix (#1059)
7a533cd [chore] Update issue template with fiddle (#1057)
55411df [docs] Add `connect_error` and `connect_timeout` events (#1051)
558163d [docs] API documentation (#1049)

See the full diff

Package name: styled-components

The new version differs by 207 commits.

a060e88 1.4.5
8143a46 Update CHANGELOG
93ba810 Merge pull request #662 from Kureev/patch-1
9196793 Merge branch 'master' into patch-1
1bef736 Merge pull request #663 from styled-components/remove-glamor
8b5168b Add CHANGLOG entry
6eef38b Remove glamor from our dependencies
55e54b2 Merge branch 'master' into patch-1
0855eff Add FlatList, SectionList & VirtualizedList
44b1968 Merge pull request #671 from YasserKaddour/typo
5ad504d Fix typo in CHANGELOG.md
f52e467 Merge pull request #668 from YasserKaddour/proptype-master
a8203cb Fix CHANGELOG.md
8bc2d64 migrate from the deprecated React.propTypes to prop-types package
2855234 Merge pull request #644 from bntzio/add-boilerplate
1652118 Add gatsby-starter-superstylin boilerplate
f034477 Merge pull request #635 from styled-components/larkin-docs
1d8a3dc Add a code of conduct
46c14f6 Add a contributor guide
01f6800 Add bundle size and module type badges
9c3c823 Merge pull request #621 from JohnAlbin/master
aa86399 Add "styled-components" to package.json keywords
fbc541c Merge pull request #607 from krasevych/patch-1
3199aec Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)


          fix: package.json & package-lock.json to reduce vulnerabilities

ce4965c

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ASYNCVALIDATOR-2311201
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/npm:parsejson:20170908

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet