search

ExtensionEngine / tailor

Content authoring platform
MIT License
31 stars 10 forks source link

[Snyk] Fix for 2 vulnerabilities #910

Closed snyk-bot closed 2 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JS-JSZIP-1251497		 No No Known Exploit
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Open Redirect
SNYK-JS-URLPARSE-1533425		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jszip The new version differs by 18 commits.
  • e5b3f0d 3.7.0
  • e88ba4b Update for version 3.7.0
  • 9046487 Disable proto assert that fails in browsers
  • 6d029b4 Merge pull request #766 from MichaelAquilina/fix/files-null-prototype
  • bb38812 Ensure prototype isn't modified by zip file
  • d024c22 test: Add test case for loading zip filenames which shadow method names
  • 2235749 fix: Use a null prototype object for this.files
  • b7f472d Merge pull request #757: Update license to be valid spdx identifier
  • a311039 update license to be valid spdx identifier
  • 112fcdb 3.6.0
  • 7c75dff Update changelog and build for 3.6.0
  • 10035ad Update contributing
  • dcc6ff9 Merge pull request #742 from jahed/fix/webpack-5-async-failure
  • f4700f9 fix(browser): redirect main to dist on browsers
  • 3db5fdc Merge pull request #734 from JayFate/master
  • e534454 fix: duplicate require
  • 25d401e Merge pull request #703 from vdoubleu/patch-1
  • 9f13168 fix small error in read_zip.md
See the full diff
Package name: snyk The new version differs by 250 commits.
  • 8387aed Merge pull request #2111 from snyk/fix/update-jszip
  • e686299 fix: update plugins package versions
  • 7f0b32e Merge pull request #2108 from snyk/smoke/binary-cdn
  • e974b9d test: use binary from cdn for smoke tests
  • 64e3fe8 Merge pull request #2107 from snyk/refactor/analytics-tests
  • 0f2a7e3 refactor: call anaytics module the right way
  • 0b833f6 refactor: use await syntax rather than callbacks
  • fce83d5 Merge pull request #2096 from snyk/feat/iac-tracking
  • f7f2961 feat: track IaC local execution tests [CC-972]
  • 9e7f79a Merge pull request #2104 from snyk/feat/centralize-colors
  • 3292ffb feat: Centralize icons and err messages by theme
  • e3c3ac0 feat: central colors theme
  • 2aecd40 Merge pull request #2074 from snyk/docs/update-protect-readme
  • 0203c6c Merge pull request #2100 from snyk/fix/propagate-error-message
  • 7416bc9 docs: update protect readme
  • 42288e0 fix: propagate userMessage to 404 errors
  • 77336a0 Merge pull request #2099 from snyk/test/migrate-trust-policies-jest
  • e2106f1 test: migrate trust-policies to jest
  • b227f78 Merge pull request #2095 from snyk/protect/smoke-tests
  • 20b05d0 Merge pull request #2087 from snyk/chore/async-test-with-polling
  • d7f23e0 Merge pull request #2098 from snyk/fix/bump-docker-plugin
  • cb2ecf1 fix: bump docker plugin version with fixes
  • 697f81f chore(protect): fix production test caching
  • d21cff7 chore: init support async test with polling
See the full diff
Package name: url-parse The new version differs by 13 commits.
  • 201034b [dist] 1.5.2
  • 2d9ac2c [fix] Sanitize only special URLs (#209)
  • fb128af [fix] Use `'null'` as `origin` for non special URLs
  • fed6d9e [fix] Add a leading slash only if the URL is special
  • 94872e7 [fix] Do not incorrectly set the `slashes` property to `true`
  • 81ab967 [fix] Ignore slashes after the protocol for special URLs
  • ee22050 [ci] Use GitHub Actions
  • d2979b5 [fix] Special case the `file:` protocol (#204)
  • 9f43f43 [pkg] Update browserify to version 17.0.0
  • af84da0 [test] Fix multiple mixed slashes test
  • eb6d9f5 [dist] 1.5.1
  • 750d8e8 [fix] Fixes relative path resolving #199 #200 (#201)
  • 3ac7774 [test] Make test consistent for browser testing
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

underscope commented 2 years ago

Resolved on the latest develop