search

ArnieHung / PQC-factbook

An interactive website that showcases NIST pqc candidates.
MIT License
1 stars 0 forks source link

[Snyk] Fix for 3 vulnerabilities #17

Open danghoangnhan opened 7 months ago

danghoangnhan commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json
⚠️ Warning ``` Failed to update the package-lock.json, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **601/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 6.3 | Improper Encoding or Escaping of Output
[SNYK-JS-KATEX-6483831](https://snyk.io/vuln/SNYK-JS-KATEX-6483831) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **561/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.5 | Incomplete List of Disallowed Inputs
[SNYK-JS-KATEX-6483834](https://snyk.io/vuln/SNYK-JS-KATEX-6483834) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **611/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 6.5 | Unchecked Input for Loop Condition
[SNYK-JS-KATEX-6483835](https://snyk.io/vuln/SNYK-JS-KATEX-6483835) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: katex The new version differs by 212 commits.
  • ab32359 chore(release): 0.16.10 [ci skip]
  • fc5af64 fix: force protocol to be lowercase for better protocol filtering
  • 085e21b fix: maxExpand limit with Unicode sub/superscripts
  • e88b4c3 fix: \edef bypassing maxExpand via exponential blowup
  • c5897fc fix: escape \includegraphics src and alt
  • 5677f37 chore: fix some typos (#3936)
  • d9640f1 chore(deps): update dependency json-stable-stringify to v1.1.1 [skip netlify] (#3885)
  • 9a1f2f2 chore(deps): update dependency css-loader to v6.10.0 [skip netlify] (#3887)
  • 1851860 chore(deps): update dependency cssnano to v5.1.15 [skip netlify] (#3883)
  • e69d8b1 chore(deps): update dependency browserslist to v4.23.0 [skip netlify] (#3886)
  • 3208440 chore(deps): update dependency @ semantic-release/changelog to v6.0.3 [skip netlify] (#3882)
  • 58f2435 chore(deps): update dependency got to v11.8.6 [skip netlify] (#3884)
  • 8910f16 chore: upgrade to Yarn 4.1.1 and Node 20 in CI (#3934)
  • 3d5de92 docs(users): add bearbei (#3897)
  • e89f5d7 chore(deps): update dependency caniuse-lite to v1.0.30001550 [skip netlify] (#3881)
  • effb102 chore(deps): update dependency postcss to v8.4.31 [security] (#3871)
  • 5ac899e chore(release): 0.16.9 [ci skip]
  • 240d5ae feat: Support bold Fraktur (#3777)
  • 4f1d916 fixed spelling error (#3845)
  • ad03d1e chore(release): 0.16.8 [ci skip]
  • 710774a feat: expose error length and raw error message on ParseError (#3820)
  • 5dd9bc4 docs(libs.md): add Sphinx extension (#3833)
  • c3fb74f docs(libs.md): add a Wechat Mini Program library (#3817)
  • 2bb338d docs: use dark-mode logo in README (#3821)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/danghoangnhan/project/1db185f1-7d48-4b9f-ab2f-ad0bef92ca32?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/danghoangnhan/project/1db185f1-7d48-4b9f-ab2f-ad0bef92ca32?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"835c558e-e8be-4121-9e27-6cd2ccd5ffd9","prPublicId":"835c558e-e8be-4121-9e27-6cd2ccd5ffd9","dependencies":[{"name":"katex","from":"0.13.24","to":"0.16.10"},{"name":"rehype-katex","from":"4.0.0","to":"6.0.3"}],"packageManager":"npm","projectPublicId":"1db185f1-7d48-4b9f-ab2f-ad0bef92ca32","projectUrl":"https://app.snyk.io/org/danghoangnhan/project/1db185f1-7d48-4b9f-ab2f-ad0bef92ca32?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-KATEX-6483831","SNYK-JS-KATEX-6483834","SNYK-JS-KATEX-6483835"],"upgrade":["SNYK-JS-KATEX-6483831","SNYK-JS-KATEX-6483834","SNYK-JS-KATEX-6483835"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["pr-warning-shown","priorityScore"],"priorityScoreList":[601,561,611],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)