DemocracyOS / democracyos

Democracia en Red is focusing on specific implementations of DemocracyOS. We are working now working with governments and activists all over Latin America. If you are interested in our online participation tools you can check them out on our site.
https://democraciaos.org/en/
GNU General Public License v3.0
1.77k stars 617 forks source link

[Snyk] Fix for 4 vulnerabilities #1693

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
Yes Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-MOUT-1014544
No No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5
Information Exposure
SNYK-JS-NODEFETCH-2342118
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: marked The new version differs by 250 commits.
  • ae01170 chore(release): 4.0.10 [skip ci]
  • fceda57 πŸ—œοΈ build [skip ci]
  • 8f80657 fix(security): fix redos vulnerabilities
  • c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
  • d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
  • 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
  • 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
  • 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (#2353)
  • ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
  • e5171a9 chore(release): 4.0.9 [skip ci]
  • 41990a5 πŸ—œοΈ build [skip ci]
  • a9696e2 fix: retain line breaks in tokens properly (#2341)
  • 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (#2343)
  • 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (#2344)
  • 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (#2345)
  • 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (#2346)
  • 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (#2347)
  • 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (#2338)
  • 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (#2333)
  • be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (#2334)
  • 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
  • 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (#2336)
  • 59375fb chore(release): 4.0.8 [skip ci]
  • 4734c82 πŸ—œοΈ build [skip ci]
See the full diff
Package name: mout The new version differs by 43 commits.
  • eae5ccc v1.2.3
  • 3fecf13 Merge pull request #270 from 418sec/1-npm-mout
  • 397fa13 Merge pull request #1 from Asjidkalam/master
  • bd18212 fixed prototype pollution
  • 2189378 Merge pull request #265 from timgates42/bugfix_typo_delimiter
  • fc281b2 docs: Fix simple typo, delimeter -> delimiter
  • 0771418 v1.2.2
  • f659f52 Merge branch 'master' of github.com:mout/mout
  • 5bdb86e fixes broken build of 1.2.0
  • f158927 Merge pull request #258 from diasbruno/feature/array-repeat
  • 57a2ab4 feature: added array/repeat.
  • fcc0564 v1.2.0
  • 8bc8a78 Merge pull request #213 from fourcube/master
  • 0cd1ad2 Merge pull request #256 from martin-dimitrov13/master
  • 75c3b86 Merge pull request #260 from mout/dependabot/npm_and_yarn/js-yaml-3.13.1
  • 9c1dbf6 Merge pull request #259 from mout/dependabot/npm_and_yarn/handlebars-4.1.2
  • e6f9d98 Bump js-yaml from 3.10.0 to 3.13.1
  • 4c32505 Bump handlebars from 4.0.11 to 4.1.2
  • 98f98ce Updated CHANGELOG.md with the correct change date
  • 32e52a1 Merge branch 'master' into master
  • b06287a Changes as per git comments
  • a7ecd36 update dependencies
  • 4a5d9fe Moved the null check up
  • 5a6b434 Fixed object/get throwing exception for null or undefined input objects
See the full diff
Package name: prop-types The new version differs by 42 commits.
  • fa6fbb7 15.6.2
  • 5115f5c Merge pull request #180 from jaller94/master
  • 2ac742c Merge pull request #171 from barrymichaeldoyle/master
  • a7a5a64 Merge pull request #194 from facebook/no-fbjs
  • d6c9c5c Preserve "Invariant Violation" name
  • 07d1b47 Remove fbjs dependency
  • 3c99d57 Remove trailing spaces
  • a36cda8 Move explanation of `isRequired` and show it in `PropTypes.shape`
  • ba3da12 Show that shapes can have required properties
  • 2bde8eb Add example for `PropTypes.exact`
  • d65f80e Updated vars to consts and lets in PropTypesProductionStandalone-test.js
  • c10c93f Updated vars to consts and lets in PropTypesDevelopmentStandalone-test.js
  • 8e2b34e Updated vars to consts and lets in PropTypesDevelopmentReact15.js
  • c5527c8 Updated vars with consts and lets in PropTypesProductionReact15-test.js
  • 7cc8c81 Add 15.6.1 to CHANGELOG
  • 5df7296 15.6.1
  • b7d03ce Point readme to correct docs for production builds (#153)
  • a94243f Update the repository location (#148)
  • 77c62a7 Fix failing tests (#129)
  • 644844c Merge pull request #140 from flarnie/master
  • 0b5db12 Add `CODE_OF_CONDUCT`
  • a6900f0 Add CONTRIBUTING.md
  • 492e230 Update README.md with improved importing for CDNs (#104)
  • 155f4cc v15.6.0 for real
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic