Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 31 vulnerabilities #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

rajis7474
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

    • package.json
    • package-lock.json
  • Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
    Find out more.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-ENGINEIO-1056749
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-ENGINEIO-3136336
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Open Redirect
SNYK-JS-GOT-2932019
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676
No No Known Exploit
medium severity 591/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.4
Cross-site Scripting (XSS)
SNYK-JS-KARMA-2395349
Yes Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Open Redirect
SNYK-JS-KARMA-2396325
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-LOADERUTILS-3043105
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943
No No Known Exploit
medium severity 489/1000
Why? Has a fix available, CVSS 5.5
Information Exposure
SNYK-JS-LOG4JS-2348757
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
Yes Proof of Concept
medium severity 520/1000
Why? Has a fix available, CVSS 5.9
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281
Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Prototype Pollution
SNYK-JS-MINIMIST-2429795
No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MINIMIST-559764
No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-3023021
Yes Proof of Concept
medium severity 571/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5
Improper Input Validation
SNYK-JS-PARSEURL-3024398
Yes Proof of Concept
medium severity 490/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370
Yes No Known Exploit
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Insecure Defaults
SNYK-JS-SOCKETIO-1024859
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-1056752
Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8
Improper Input Validation
SNYK-JS-SOCKETIOPARSER-3091012
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-STYLELINT-1585622
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: conventional-changelog-cli The new version differs by 59 commits.
  • cc567b9 Publish
  • f760aa4 deps: update meow (#695)
  • 07ba18c docs: add missing detailed explanation link (#620)
  • e01e027 feat(conventionalcommits): allow matching scope (#669)
  • d15b90e chore(deps): update eslint rules (#694)
  • 7ae618c fix(deps): update dependency through2 to v4 (#657)
  • 9c00f32 feat: allows notes pattern to be customized (#586)
  • cd4c726 fix: bug in unstableTagTest causing a mismatch on beta release higher then beta-9 (#679)
  • 7b6ec0a fix(deps): update dependency normalize-package-data to v3 (#687)
  • f8fcbc2 fix: ignore gpg lines (#685)
  • be1246c Publish
  • f10256c feat(templates): if hash is nullish, do not display in CHANGELOG (#664)
  • 0c3db59 chore(deps): lock file maintenance (#646)
  • 0679d7a feat: add support for '--skip-unstable' option (#656) (#656)
  • 3dedddc Publish
  • 5e3c4b4 chore(deps): update dependency safe-buffer to v5.2.1 (#645)
  • de4f630 fix(deps): update dependency compare-func to v2 (#647)
  • ea68904 chore(deps): update dependency mocha to v8 (#652)
  • 73c7a1b fix: pass config to parserOpts and writerOpts
  • 8f82b5a docs(conventional-changelog-angular): fix README link (#649)
  • 3f00651 docs: update README for conventional-changelog-conventionalcommits with example (#632)
  • 816407a chore(deps): update dependency eslint to v7 (#643)
  • c5ae3ab Publish
  • 6b0ffec build: keep optional appveyor for now (#640)

See the full diff

Package name: cp-file The new version differs by 24 commits.

See the full diff

Package name: eslint The new version differs by 250 commits.
  • 3dd6741 7.0.0
  • 9a722f9 Build: changelog update for 7.0.0
  • b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
  • 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
  • 401a687 Chore: fix rules list for prereleases (#13230)
  • 4ef6158 Breaking: espree@7.0.0 (#13270)
  • b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
  • 356fdb4 Docs: add migration guide (#12692)
  • 015edf6 Sponsors: Sync README with website
  • fdfa364 7.0.0-rc.0
  • 8d1b4db Build: changelog update for 7.0.0-rc.0
  • 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
  • d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
  • 2ce6bed Chore: added tests for nested arrays (#13145)
  • d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
  • 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
  • bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
  • 3eeae56 Upgrade: some (dev) deps (#13155)
  • 6b7030b Chore: Run tests on Node.js v14 (#13210)
  • ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
  • 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
  • 56d2bee Docs: fix typos (#13204)
  • e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
  • e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: eslint-plugin-mocha The new version differs by 141 commits.
  • b2d8c9e 6.3.0
  • b91a2f8 Update dependencies
  • c470a3d Merge pull request #238 from lo1tuma/fix-nested
  • a18680d Merge pull request #239 from lo1tuma/fix-top-level
  • 2633908 Fix max-top-level-suites to ignore generated suites
  • 46f716d no-hooks-for-single-case: fix false postive in nested suites
  • 1c3a545 Merge pull request #237 from lo1tuma/template-strings
  • 6255546 Check static template strings in valid-test-description and valid-suite-description
  • 7eea93d Merge pull request #236 from lo1tuma/no-hooks-option
  • 8778d96 no-hooks: add option to allow certain kind of hooks
  • 36c9e67 Merge pull request #235 from brettz9/nondeprecated-rule-format
  • 471e354 Switch to nondeprecated eslint rule format
  • 8cf8640 Merge pull request #234 from brettz9/schemas-for-options
  • c1f8049 Merge pull request #229 from brettz9/recommended-rules
  • fdb3843 - Remove regex literal argument; simplify
  • 68a3c07 - Add schemas for options (and remove for files which are using settings)
  • 04cdbaa - Indicate whether rule is recommended (also put into table along with info on whether "fixable")
  • 6ac703b Merge pull request #233 from brettz9/options-in-docs
  • 347d544 Merge pull request #232 from brettz9/regexp-u-flags
  • 57add13 Merge pull request #231 from brettz9/doc-highlighting
  • 07948bd Merge pull request #230 from brettz9/package-lock
  • a147956 Merge pull request #228 from brettz9/fixable
  • f8141df Merge pull request #226 from cruzdanilo/master
  • bdad369 Merge pull request #227 from brettz9/patch-1

See the full diff

Package name: gts The new version differs by 140 commits.
  • 978cda0 chore: release v3.1.1
  • 83ef5f3 fix: drop update notifier (#706), make it compile
  • cf38613 chore: release 3.1.0 (#612)
  • 634bad9 fix(deps): upgrade to latest version of meow (#616)
  • b18e766 chore(deps): lock file maintenance (#614)
  • cb6d2ca feat: support comments in JSON (#571)
  • a1992a8 chore(deps): lock file maintenance (#610)
  • 9403c1c chore(deps): lock file maintenance (#608)
  • a9d77ab chore(deps): lock file maintenance (#607)
  • 6d0fc06 build(deps): bump ini from 1.3.5 to 1.3.7 (#605)
  • f6c7718 chore(deps): lock file maintenance (#603)
  • 6e26681 fix(deps): update dependency eslint-config-prettier to v7 (#601)
  • 3a2dde6 chore(deps): lock file maintenance (#602)
  • 34c34e6 chore: release 3.0.3 (#592)
  • 4e5f1e5 fix(deps): update dependency execa to v5 (#600)
  • e7c23f4 chore(deps): lock file maintenance (#598)
  • dff3699 chore(deps): lock file maintenance (#597)
  • 3fed38d chore(deps): lock file maintenance (#596)
  • 62cc9bf chore(deps): lock file maintenance (#595)
  • fe2b046 chore(deps): lock file maintenance (#594)
  • c7e223e fix(deps): update dependency meow to v8 (#591)
  • 0fb88f2 chore: release 3.0.2 (#590)
  • 8f1d381 fix(deps): loosen ts peer dependency (#589)
  • 9efa15c build: add node 15 to test matrix (#587)

See the full diff

Package name: karma The new version differs by 214 commits.
  • ab4b328 chore(release): 6.3.16 [skip ci]
  • ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
  • c1befa0 chore(release): 6.3.15 [skip ci]
  • d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
  • 653c762 ci: prevent duplicate CI tasks on creating a PR
  • c97e562 chore(release): 6.3.14 [skip ci]
  • 91d5acd fix: remove string template from client code
  • 69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
  • 839578c fix(security): remove XSS vulnerability in `returnUrl` query param
  • db53785 chore(release): 6.3.13 [skip ci]
  • 5bf2df3 fix(deps): bump log4js to resolve security issue
  • 36ad678 chore(release): 6.3.12 [skip ci]
  • 41bed33 fix: remove depreciation warning from log4js
  • c985155 docs: create security.md
  • c96f0c5 chore(release): 6.3.11 [skip ci]
  • a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
  • de0df2f test: fix version regex in the CLI test case
  • eddb2e8 chore(release): 6.3.10 [skip ci]
  • 0d24bd9 fix(logger): create parent folders if they are missing
  • b8eafe9 chore(release): 6.3.9 [skip ci]
  • cf318e5 test: add test case for restarting test run on file change
  • 92ffe60 fix: restartOnFileChange option not restarting the test run
  • b153355 style: fix grammar error in browser capture log message
  • 8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

Package name: lerna The new version differs by 250 commits.
  • 02c534e chore: remove unnecessary write-json-file dep (#3534)
  • fa1f490 feat(publish): add --include-private option for testing private packages (#3503)
  • afde32e chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 in /website (#3532)
  • f444045 chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 (#3531)
  • ad39fe2 fix(create): normalize quotes and indents in generated test and lib files (#3529)
  • 6b50725 chore: remove non-runtime deps from lerna package.json (#3528)
  • f03ee3e feat(publish): recover from network failure (#3513)
  • 724633c chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (#3525)
  • 937b02a feat(run): allow multiple script targets to be triggered at once (#3527)
  • aea79df chore(docs): add lerna watch -- build --include-dependents example (#3512)
  • 1fe6188 chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (#3524)
  • aaccdfb chore(run): warn in docs about using yarn and passing args to lerna run (#3521)
  • b8dff21 chore: ci updates (#3522)
  • 70de43c chore: ci updates (#3523)
  • 116c62c chore: update docs (#3520)
  • 86f8021 chore: apply typo fixes (#3518)
  • 69a45de chore(deps): bump ua-parser-js from 0.7.32 to 0.7.33 in /website (#3514)
  • fc094da chore: initial codebase refactor (#3517)
  • 510c3e9 fix(repair): re-enable repair generators (#3497)
  • fcab26a chore(docs): update filter options docs to specify quote necessity (#3496)
  • a5217c6 chore(release): v6.4.1
  • 24d0d5c fix(run): resolve erroneous failures (#3495)
  • 4688f9d chore(docs): remove state of js banner
  • eb4a755 chore(docs): add workspace watching feature doc (#3487)

See the full diff

Package name: mkdirp The new version differs by 4 commits.
  • b2e7ba0 0.5.2
  • c5b97d1 bump minimist to 1.2 to fix security issue
  • f2003bb test: add v4 and v5 to travis
  • b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: sass-loader The new version differs by 61 commits.
  • 3b51d47 chore(release): 8.0.1
  • 6c59e37 fix: support webpack@5 (#794)
  • 5611f73 docs: improved documentation after breaking changes in release version 8.0.0 (#780)
  • 4834287 refactor: use startsWith (#792)
  • 22c597b refactor: use Array.includes (#777)
  • ed345fa chore(deps): switch to memfs (#791)
  • 2e14b68 chore: removed the duplicated prettier config (#781)
  • 9274387 chore(deps): update (#772)
  • 6d11b7b docs: overhaul readme (#771)
  • 185ba80 test: sass modules "@ use" (#770)
  • aa9b53b chore(release): 8.0.0
  • 45ad0be chore: next (#748)
  • 194fea4 chore(release): 7.3.1
  • 1175920 fix: minimum `node` version in `package.json` (#733)
  • a3ac649 chore(release): 7.3.0
  • 6f4ea37 feat: `webpackImporter` option (#732)
  • 0330253 docs: standardize readme (#730)
  • 997a255 fix: handle module import ending `/` as module (#728)
  • 071fa88 test: alias on directory with `_index` file (#727)
  • 6be93c8 test: import without quotes (#726)
  • dc23895 refactor: code (#725)
  • 97c93dd test: manual test (#724)
  • b2af379 fix: use "compressed" output when mode is "production" (#723)
  • 3545434 refactor: code

See the full diff

Package name: semver The new version differs by 232 commits.
  • e7b78de chore: release 7.5.2
  • 58c791f fix: diff when detecting major change from prerelease (#566)
  • 5c8efbc fix: preserve build in raw after inc (#565)
  • 717534e fix: better handling of whitespace (#564)
  • 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
  • aa016a6 chore: release 7.5.1
  • d30d25a fix: show type on invalid semver error (#559)
  • 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
  • 5b02ad7 chore: release 7.5.0
  • e219bb4 fix: throw on bad version with correct error message (#552)
  • 503a4e5 feat: allow identifierBase to be false (#548)
  • fc2f3df fix: incorrect results from diff sometimes with prerelease versions (#546)
  • 2781767 fix: avoid re-instantiating SemVer during diff compare (#547)
  • 82aa7f6 chore: release 7.4.0
  • 731d896 chore: enable CD (#545)
  • 940723d fix: intersects with v0.0.0 and v0.0.0-0 (#538)
  • aa516b5 fix: faster parse options (#535)
  • 61e6ea1 fix: faster cache key factory for range (#536)
  • f8b8b61 fix: optimistic parse (#541)
  • 796cbe2 fix: semver.diff prerelease to release recognition (#533)
  • 3f222b1 fix: reuse comparators on subset (#537)
  • 113f513 feat: identifierBase parameter for .inc (#532)
  • ea689bc chore: basic type test for RELEASE_TYPES
  • c5d29df docs: Add "Constants" section to README

See the full diff

Package name: stylelint The new version differs by 250 commits.
  • fb8cf35 15.10.1
  • eeed72b Prepare release (#7048)
  • 8090553 Document check of configs in release process (#7047)
  • 56a545e Security fix for `semver` vulnerability (#7043)
  • a42f955 Fix rules documentation for `media-query-no-invalid` (#7044)
  • e56aa30 15.10.0
  • c9e89eb Prepare release (#6974)
  • b8e5317 Fix `selector-type-case` performance (#7041)
  • f82a24a Fix `selector-anb-no-unmatchable` performance (#7042)
  • 16110fd Revert removed changelog entry (#7039)
  • 59d5bf9 Add support JS objects for extends config option (#6998)
  • 888192d Fix `patch-package` warning (#7036)
  • 74c90b3 Refactor `replaceBackslashes()` test utility to migrate to ESM (#7034)
  • 15c15b6 Refactor to use `sourceIndices` utility from `@ csstools/css-parser-algorithms` (#7033)
  • 3f91eaa Bump lint-staged from 13.2.2 to 13.2.3 (#7029)
  • 3948f47 Bump fast-glob from 3.2.12 to 3.3.0 (#7030)
  • 8bb207c Bump typescript from 5.1.3 to 5.1.6 (#7032)
  • fff5ee3 Bump eslint from 8.43.0 to 8.44.0 (#7031)
  • 5775ba0 Bump @ changesets/cli from 2.26.1 to 2.26.2 (#7028)
  • 21e7345 Fix `selector-type-no-unknown` performance (#7027)
  • cf73360 Fix `no-descending-specificity` performance (#7026)
  • b919a0b Refactor `lib/rules/__tests__/*` test files to migrate to ESM (#7024)
  • 366e0d8 Switch Jest `coverageProvider` from `babel` (default) to `v8` (#7025)
  • 1d145f9 Refactor `lib/utils/__tests__/*` test files to migrate to ESM (#7022)

See the full diff

Package name: ts-loader The new version differs by 106 commits.
  • 268bc69 chore(deps): upgrade most production deps (#1237)
  • e160564 Add a cache to file path mapping (#1228)
  • 14fa3f8 Add documentation about performance profiling (#1230)
  • 3cc78b8 Fix typo in README.md (#1229)
  • 8f2a509 Add documentation for the useCaseSensitiveFileNames option (#1227)
  • 566e6ce Instead of checking date, check time thats more accurate to see if something has changed (#1217)
  • 172ebeb Feature/typescript 4 1 (#1213)
  • 0816fe9 Add peer dependencies for Yarn PnP (#1209)
  • 4909d99 Fixed missing errors in watch mode in webpack5 (#1208)
  • 3f73e98 Fix failed builds when using thread-loader (#1207)
  • e90f8ad Fix memory leak when using multiple webpack instances (#1205)
  • 95050eb Speeds up project reference build and doesnt store the result in memory (#1202)
  • f99c7c4 doc: escape pipe in table (#1201)
  • 0b4a86d Replace afterCompile to stop webpack 5 warning (#1200)
  • 6d8d601 Fixed deprecation warnings on webpack@5. (#1195)
  • cafc933 Fix installation link on README.md (#1192)
  • f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (#1182)
  • 0767bce add github action status badge (#1190)
  • db5ea55 Feature/upgrade testpack to ts4 (#1189)
  • 95b6fe8 Uses existing instance if config file is same as already built solution (#1177)
  • b38678a Update minimum compiler version to 3.6.3 (#1188)
  • f8eba53 Add documentation and example code for projectReferences (#1184)
  • 46d9761 Update docs to show transpileOnly does not affect project references (#1175)
  • 0e64ceb Fix getOptionsHash when two options has different props but same values. (#1170)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • f2f998b 5.1.1
  • bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
  • 11935a9 Merge pull request #11703 from webpack/bugfix/11678
  • 63ba54c update chunk to files mapping when deleting asset...

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1048676
- https://snyk.io/vuln/SNYK-JS-KARMA-2395349
- https://snyk.io/vuln/SNYK-JS-KARMA-2396325
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757
- https://snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://snyk.io/vuln/SNYK-JS-MARKED-584281
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3023021
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3024398
- https://snyk.io/vuln/SNYK-JS-RAMDA-1582370
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012
- https://snyk.io/vuln/SNYK-JS-STYLELINT-1585622
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants