search

BetterTyped / hyper-fetch

⚡ Fetching and realtime data exchange framework.
https://hyperfetch.bettertyped.com/
Apache License 2.0
1.03k stars 28 forks source link

[Snyk] Fix for 12 vulnerabilities #92

Open prc5 opened 2 months ago

prc5 commented 2 months ago

snyk-top-banner

Snyk has created this PR to fix 12 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning ``` Failed to update the yarn.lock, please update manually before merging. ```

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		   786  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793		   761  
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		   696  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   696  
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		   686  
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		   676  
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		   646  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   631  
high severity Prototype Pollution
SNYK-JS-AXIOS-6144788		   589  
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		   589  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		   586  
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533		   479  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn

codeclimate[bot] commented 2 months ago

Code Climate has analyzed commit 522d055d and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (0% is the threshold).

This pull request will bring the total coverage in the repository to 99.9% (0.0% change).

View more on Code Climate.