[Snyk] Fix for 5 vulnerabilities #10

tim-bellette · 2023-04-19T22:40:55Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @symfony/webpack-encore

The new version differs by 20 commits.

458a51e Tagging 2.0.0
98ed7b2 minor #1115 Tidying up fixes for preact (weaverryan)
b74f1db tidying up fixes for preact
b33cceb feature #762 fix: preact compat (Grafikart)
b2456a9 feature #1033 Allowing new major versions of outdated dependencies (weaverryan)
f1a1db6 Updating Changelog for #960
ffb7f20 feature #960 fix: don't override process variable in DefinePlugin configuration (drazik)
fbe9393 fix: don't override process variable in DefinePlugin configuration
a15c714 feature #1083 fix: Babel loader files add .mjs (minimit)
c2d5c14 fix: Babel loader files add .mjs
e8c6d25 bumping preact min to fix test
e4495aa upgrading babel to work with eslint plugin
e853d9e Bumping eslint-webpack-plugin support to fix bugs
a7d817d Writing out babel.config.js for users when using eslint plugin
a4aec57 Converting warning to error, which is consistent with babel env config method
1dc344c dropping Node 10 in CI
c4351d8 removing already unused, deprecated option
69ecce9 Removing deprecated Encore.enableEslintLoader()
993e364 allowing new major versions of outdated dependencies
d48dba1 fix: preact compat

Package name: release-it

The new version differs by 116 commits.

055a4ff Handle file paths and dots in git urls
1851650 Update dependencies (including git-url-parse)
11e09b4 Release 15.4.0
627763f Add `npm.name` to config.context and extend context for `tagName` (closes #933)
898202c Release 15.3.0
e2101ed Add new features to docs
a6f6eff Add tests for branchName in tag name
ae9ccb9 Update dependencies
9aa9a5d add branchName for template (#897)
5798a7a add new --changelog option (#912)
c2ae00d Release 15.2.0
b78eb1e Update dependencies
acc66f7 Add package.json to exports
145fc71 Fixes loading scoped plugins to ensure name is preserved (#926)
ce3a726 Add workaround for Windows by removing drive letter from git url (#924)
b830876 Enable manual triggers and disable tag triggers in test pipeline
b7cd505 Fix plugin links
b4139e9 Release 15.1.4
41aad00 Migrate to git-url-parse v12
322ef9a Updates README with new plugin package names (#922)
eee4ce8 Release 15.1.3
00566e0 Update dependencies
a5abf60 fix: Fixes exports to correctly export test utils (#921)
3670deb Release 15.1.2