[Snyk] Upgrade netlify-cms-app from 2.14.21 to 2.15.27

[snyk-bot]

Snyk has created this PR to upgrade netlify-cms-app from 2.14.21 to 2.15.27.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 56 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2021-07-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Insecure Defaults SNYK-JS-SOCKETIO-1024859	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-REACTDEVUTILS-1083268	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: netlify-cms-app

• 2.15.27 - 2021-07-14
• 2.15.26 - 2021-07-07
• 2.15.25 - 2021-07-07
• 2.15.24 - 2021-07-07
• 2.15.23 - 2021-07-06
• 2.15.22 - 2021-07-06
• 2.15.21 - 2021-07-05
• 2.15.20 - 2021-06-24
• 2.15.19 - 2021-06-10
• 2.15.18 - 2021-06-07
• 2.15.17 - 2021-06-01
• 2.15.16 - 2021-05-31
• 2.15.15 - 2021-05-30
• 2.15.14 - 2021-05-30
• 2.15.13 - 2021-05-30
• 2.15.12 - 2021-05-30
• 2.15.11 - 2021-05-23
• 2.15.10 - 2021-05-23
• 2.15.9 - 2021-05-19
• 2.15.8 - 2021-05-19
• 2.15.7 - 2021-05-19
• 2.15.6 - 2021-05-12
• 2.15.5 - 2021-05-12
• 2.15.4 - 2021-05-10
• 2.15.3 - 2021-05-09
• 2.15.2 - 2021-05-04
• 2.15.1 - 2021-05-04
  

  [email protected]

• 2.15.0 - 2021-05-04
• 2.15.0-beta.0 - 2021-05-03
• 2.14.48 - 2021-05-03
• 2.14.47 - 2021-04-29
• 2.14.46 - 2021-04-18
• 2.14.45 - 2021-04-14
• 2.14.44 - 2021-04-14
• 2.14.43 - 2021-04-13
• 2.14.42 - 2021-04-13
• 2.14.41 - 2021-04-13
• 2.14.40 - 2021-04-07
• 2.14.39 - 2021-04-07
• 2.14.38 - 2021-04-06
• 2.14.37 - 2021-04-04
• 2.14.36 - 2021-04-04
• 2.14.35 - 2021-04-01
• 2.14.34 - 2021-03-31
• 2.14.33 - 2021-03-30
• 2.14.32 - 2021-03-21
• 2.14.31 - 2021-03-21
• 2.14.30 - 2021-03-18
• 2.14.29 - 2021-03-11
• 2.14.28 - 2021-03-11
• 2.14.27 - 2021-03-10
• 2.14.26 - 2021-02-25
• 2.14.25 - 2021-02-23
• 2.14.24 - 2021-02-22
• 2.14.23 - 2021-02-16
• 2.14.22 - 2021-02-15
• 2.14.21 - 2021-02-10

from netlify-cms-app GitHub release notes

Commit messages

Package name: netlify-cms-app

• 409e721 chore(release): publish
• d60df87 feat(list): Add heading for list widgets (#5544)
• b94d5f6 chore(deps): update dependency @ types/hapi__joi to v17.1.7 (#5600)
• e84d7eb chore(deps): update dependency cypress to v7.7.0 (#5606)
• e68f304 fix(deps): update gatsby monorepo (#5607)
• def02a3 chore(deps): lock file maintenance (#5609)
• 3d187e6 fix(deps): update dependency netlify-cms-app to ^2.15.26 (#5594)
• 9b117f3 chore(release): publish
• fb0f825 fix(list-control): better value validation (#5592)
• 5af4908 chore(release): publish
• 7d398b3 docs(pr-template): add checklist (#5591)
• 610421e feat: pass markdown for hint message on field (#5584)
• b362c56 fix(deps): update dependency netlify-cms-app to ^2.15.24 (#5589)
• 27bf1ed chore(release): publish
• fbc3728 feat: show current status in status button (#5574)
• 647b974 fix(deps): update dependency netlify-cms-app to ^2.15.23 (#5588)
• 574025f chore(release): publish
• 1822815 feat(open-authoring): add hover tooltip (#5567)
• 4183409 chore(release): publish
• 8a16d77 fix(deps): update dependency netlify-cms-app to ^2.15.21 (#5586)
• 0c72f7b chore(deps): update typescript-eslint monorepo to v4.28.2 (#5578)
• 9e4fd37 feat: hide delete entry if open authoring (#5568)
• b42ed79 chore(release): publish
• 18724ff feat: image widget insert from url should be optional (#5572)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs