Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 51 vulnerabilities #1015

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dhari0628
Copy link
Member

snyk-top-banner

Snyk has created this PR to fix 51 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • packages/thumbprint-react/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Prototype Pollution
SNYK-JS-LODASH-608086
  250  
high severity Code Injection
SNYK-JS-LODASH-1040724
  239  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
  221  
high severity Denial of Service (DoS)
SNYK-JS-DICER-2311764
  219  
high severity Prototype Pollution
SNYK-JS-LODASH-567746
  189  
high severity Prototype Pollution
SNYK-JS-Y18N-1021887
  188  
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118
  174  
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
  170  
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
  169  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230
  169  
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
  169  
medium severity Denial of Service
SNYK-JS-NODEFETCH-674311
  167  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
  159  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032
  159  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
  159  
high severity Prototype Pollution
SNYK-JS-INI-1048974
  151  
high severity Prototype Pollution
SNYK-JS-OBJECTPATH-1017036
  149  
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
  142  
medium severity Prototype Pollution
SNYK-JS-DOTPROP-543489
  140  
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
  137  
medium severity Prototype Pollution
SNYK-JS-OBJECTPATH-1569453
  137  
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381
  137  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
  131  
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
  124  
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
  119  
high severity Denial of Service (DoS)
SNYK-JS-APOLLOSERVERCORE-2928764
  115  
high severity Information Exposure
SNYK-JS-APOLLOSERVERCORE-571663
  115  
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
  115  
high severity Prototype Pollution
SNYK-JS-OBJECTPATH-1585658
  107  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
  105  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
  104  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
  104  
high severity Arbitrary File Write
SNYK-JS-TAR-1579147
  97  
high severity Arbitrary File Write
SNYK-JS-TAR-1579152
  97  
high severity Arbitrary File Write
SNYK-JS-TAR-1579155
  97  
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528
  95  
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531
  95  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
  63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939
  63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
  63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783
  63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627
  63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891
  63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
  63  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
  60  
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
  58  
low severity Validation Bypass
SNYK-JS-KINDOF-537849
  57  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
  45  
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692
  45  
low severity Information Exposure
SNYK-JS-APOLLOSERVERCORE-5876618
  40  
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
  40  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-IP-6240864
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1017036
- https://snyk.io/vuln/SNYK-JS-TAR-6476909
- https://snyk.io/vuln/SNYK-JS-DOTPROP-543489
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-IP-7148531
- https://snyk.io/vuln/SNYK-JS-APOLLOSERVERCORE-2928764
- https://snyk.io/vuln/SNYK-JS-APOLLOSERVERCORE-571663
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1585658
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
- https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
- https://snyk.io/vuln/SNYK-JS-ISSVG-1085627
- https://snyk.io/vuln/SNYK-JS-ISSVG-1243891
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/SNYK-JS-KINDOF-537849
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-APOLLOSERVERCORE-5876618
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
Copy link

netlify bot commented Dec 10, 2024

Deploy Preview for thumbprint-gatsby canceled.

Name Link
🔨 Latest commit 79fc675
🔍 Latest deploy log https://app.netlify.com/sites/thumbprint-gatsby/deploys/6757a792ae74b10008e7de88

Copy link

netlify bot commented Dec 10, 2024

Deploy Preview for thumbprint canceled.

Name Link
🔨 Latest commit 79fc675
🔍 Latest deploy log https://app.netlify.com/sites/thumbprint/deploys/6757a792e6837d00083cc4ca

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants