[Snyk] Upgrade @mui/material from 5.4.1 to 5.15.12 #835

DanneelsSophie · 2024-03-28T23:09:39Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @mui/material from 5.4.1 to 5.15.12.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 106 versions ahead of your current version.
The recommended version was released 23 days ago, on 2024-03-05.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Sandbox Bypass SNYK-JS-WEBPACK-3358798	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Prototype Pollution SNYK-JS-ASYNC-2441827	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-EJS-2803307	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @mui/material

5.15.12 - 2024-03-05
Read more
5.15.11 - 2024-02-24
Read more
5.15.10 - 2024-02-12
Feb 12, 2024

A big thanks to the 8 contributors who made this release possible.
This release was mostly about 🐛 bug fixes and 📚 documentation improvements.

@ mui/[email protected]
- [Avatar] Add props deprecation with a codemod (#40853) @ siriwatknp
@ mui/[email protected]
- [Button] Fix disabled prop priority when inside button group (#41000) @ Smileek
- [IconButton] Support loading prop (#40949) @ Smileek
Docs
- [Button][material-ui] Fix 'File upload' demo a11y (#40943) @ oliviertassinari
- [TableRow][material-ui] Escape markup in children prop so docgen tools don't parse it as HTML (#40992) @ millerized
- [material-ui] Remove outdated example projects link (it uses Joy UI now) (#40913) @ oliviertassinari
- [material-ui] Fix the "Intro to the MUI ecosystem" link placement (#40988) @ danilo-leal
- Fix 301 redirection to StackBlitz @ oliviertassinari
- Fix h1 on Joy UI templates @ oliviertassinari
- Have MUI workspace own the CodeSandbox @ oliviertassinari
- Add notification for mui x v7 beta (#41001) @ joserodolfofreitas
- Fix 301 links @ oliviertassinari
- Fix Next.js v13.5.1 <title> SEO regression (#40302) @ oliviertassinari
- Add a 404 page (#40884) @ danilo-leal
- Fix missing GitHub label when opening new issue @ oliviertassinari
- [Stack] Update import statement for Stack component (#41032) @ sai6855
Core
- [blog] Add post about upcoming plans for Base UI (#40882) @ danilo-leal
- [core] Simplify CodeSandbox reproduction @ oliviertassinari
- [core] Missing redirection @ oliviertassinari
- [core] Export functions from copyFiles script to reuse in MUI X repo (#40970) @ cherniavskii
- [core] Avoid variable shorthands @ oliviertassinari
- [docs-infra] Fix search icon issue (#40957) @ oliviertassinari
- [docs-infra] Ignore classes tagged with @ ignore (#41009) @ cherniavskii
- [docs-infra] Fix selected tab on codeblocks (#41036) @ danilo-leal
- [website] Polish Customer Support Agent role @ oliviertassinari
All contributors of this release in alphabetical order: @ cherniavskii, @ danilo-leal, @ joserodolfofreitas, @ millerized, @ oliviertassinari, @ sai6855, @ siriwatknp, @ Smileek
5.15.9 - 2024-02-08
Feb 8, 2024

A big thanks to the 7 contributors who made this release possible. Here are some highlights ✨:
- 🐛 A critical fix to remove non-published library usage in @ mui/material peerDependencies.
@ mui/[email protected]
- [autocomplete] Avoid spread operator (#40968) @ oliviertassinari
- [material] Remove zero-runtime from peer dep (#41003) @ brijeshb42
@ mui/[email protected]
- [base-ui] Update props using Array to ReadonlyArray type (#40754) @ RaghavenderSingh
@ mui/[email protected]
- [system] use ReadonlyArray for CSS related types (#40972) @ siriwatknp
- [zero] Migrate to use wyw-in-js instead of linaria (#40866) @ brijeshb42
Docs
- [docs] Polish codemod git diff format @ oliviertassinari
- [material-ui][docs] Migrating from deprecated apis follow up (#40981) @ DiegoAndai
Core
- [code-infra] Move next config to ESM (#40869) @ Janpot
- [code-infra] Update prettier (#40772) @ Janpot
- [code-infra] Add codemod for light prop removal (#40947) @ sai6855
All contributors of this release in alphabetical order: @ brijeshb42, @ DiegoAndai, @ Janpot, @ oliviertassinari, @ RaghavenderSingh, @ sai6855, @ siriwatknp
5.15.8 - 2024-02-06
Read more
5.15.7 - 2024-01-31
Read more
5.15.6 - 2024-01-22
Read more
5.15.5 - 2024-01-17
Read more
5.15.4 - 2024-01-10
Read more
5.15.3 - 2024-01-03
5.15.2 - 2023-12-25
5.15.1 - 2023-12-19
5.15.0 - 2023-12-12
5.14.20 - 2023-12-05
5.14.19 - 2023-11-29
5.14.18 - 2023-11-14
5.14.17 - 2023-11-06
5.14.16 - 2023-10-31
5.14.15 - 2023-10-24
5.14.14 - 2023-10-17
5.14.13 - 2023-10-10
5.14.12 - 2023-10-04
5.14.11 - 2023-09-26
5.14.10 - 2023-09-18
5.14.9 - 2023-09-13
5.14.8 - 2023-09-05
5.14.7 - 2023-08-29
5.14.6 - 2023-08-24
5.14.5 - 2023-08-14
5.14.4 - 2023-08-08
5.14.3 - 2023-08-01
5.14.2 - 2023-07-25
5.14.1 - 2023-07-19
5.14.0 - 2023-07-11
5.13.7 - 2023-07-04
5.13.6 - 2023-06-23
5.13.5 - 2023-06-12
5.13.4 - 2023-06-05
5.13.3 - 2023-05-29
5.13.2 - 2023-05-22
5.13.1 - 2023-05-17
5.13.0 - 2023-05-10
5.12.3 - 2023-05-02
5.12.2 - 2023-04-25
5.12.1 - 2023-04-17
5.12.0 - 2023-04-11
5.11.16 - 2023-04-04
5.11.15 - 2023-03-28
5.11.14 - 2023-03-21
5.11.13 - 2023-03-14
5.11.12 - 2023-03-06
5.11.11 - 2023-02-28
5.11.10 - 2023-02-20
5.11.9 - 2023-02-14
5.11.8 - 2023-02-07
5.11.7 - 2023-01-31
5.11.6 - 2023-01-23
5.11.5 - 2023-01-18
5.11.4 - 2023-01-09
5.11.3 - 2023-01-02
5.11.2 - 2022-12-26
5.11.1 - 2022-12-20
5.11.0 - 2022-12-13
5.10.17 - 2022-12-06
5.10.16 - 2022-11-28
5.10.15 - 2022-11-22
5.10.14 - 2022-11-15
5.10.13 - 2022-11-07
5.10.12 - 2022-10-31
5.10.11 - 2022-10-25
5.10.10 - 2022-10-18
5.10.9 - 2022-10-11
5.10.8 - 2022-10-03
5.10.7 - 2022-09-27
5.10.6 - 2022-09-19
5.10.5 - 2022-09-12
5.10.4 - 2022-09-06
5.10.3 - 2022-08-29
5.10.2 - 2022-08-23
5.10.1 - 2022-08-16
5.10.0 - 2022-08-09
5.9.3 - 2022-08-01
5.9.2 - 2022-07-25
5.9.1 - 2022-07-18
5.9.0 - 2022-07-12
5.8.7 - 2022-07-04
5.8.6 - 2022-06-27
5.8.5 - 2022-06-21
5.8.4 - 2022-06-14
5.8.3 - 2022-06-07
5.8.2 - 2022-05-31
5.8.1 - 2022-05-23
5.8.0 - 2022-05-17
5.7.0 - 2022-05-10
5.6.4 - 2022-05-02
5.6.3 - 2022-04-25
5.6.2 - 2022-04-18
5.6.1 - 2022-04-11
5.6.0 - 2022-04-06
5.5.3 - 2022-03-28
5.5.2 - 2022-03-21
5.5.1 - 2022-03-14
5.5.0 - 2022-03-07
5.4.4 - 2022-02-28
5.4.3 - 2022-02-21
5.4.2 - 2022-02-15
5.4.1 - 2022-02-08

from @mui/material GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @mui/material from 5.4.1 to 5.15.12. See this package in npm: https://www.npmjs.com/package/@mui/material See this project in Snyk: https://app.snyk.io/org/danneelssophie/project/6caeb292-c5c9-4b37-a413-b1fe8bc2f805?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @mui/material from 5.4.1 to 5.15.12 #835

[Snyk] Upgrade @mui/material from 5.4.1 to 5.15.12 #835

DanneelsSophie commented Mar 28, 2024

`@ mui/[email protected]`

`@ mui/[email protected]`

Docs

Core

`@ mui/[email protected]`

`@ mui/[email protected]`

`@ mui/[email protected]`

Docs

Core

[Snyk] Upgrade @mui/material from 5.4.1 to 5.15.12 #835

Are you sure you want to change the base?

[Snyk] Upgrade @mui/material from 5.4.1 to 5.15.12 #835

Conversation

DanneelsSophie commented Mar 28, 2024

Snyk has created this PR to upgrade @mui/material from 5.4.1 to 5.15.12.

@ mui/[email protected]

@ mui/[email protected]

Docs

Core

@ mui/[email protected]

@ mui/[email protected]

@ mui/[email protected]

Docs

Core

`@ mui/[email protected]`

`@ mui/[email protected]`

`@ mui/[email protected]`

`@ mui/[email protected]`

`@ mui/[email protected]`