search

LabZoneSK / labzone-gatsby

BSD Zero Clause License
2 stars 0 forks source link

[Snyk] Upgrade html-react-parser from 1.2.4 to 1.4.8 #118

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade html-react-parser from 1.2.4 to 1.4.8.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
npm:underscore.string:20170908		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-XSS-1584355		 375/1000
Why? CVSS 7.5		 No Known Exploit
Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647		 375/1000
Why? CVSS 7.5		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936		 375/1000
Why? CVSS 7.5		 Proof of Concept
Improper Input Validation
SNYK-JS-URLPARSE-2407770		 375/1000
Why? CVSS 7.5		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 375/1000
Why? CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-SIMPLEGET-2361683		 375/1000
Why? CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-OBJECTPATH-1585658		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 375/1000
Why? CVSS 7.5		 No Known Exploit
Uncaught Exception
SNYK-JS-ENGINEIO-2336356		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 375/1000
Why? CVSS 7.5		 Proof of Concept
Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697		 375/1000
Why? CVSS 7.5		 Proof of Concept
Authorization Bypass
SNYK-JS-URLPARSE-2407759		 375/1000
Why? CVSS 7.5		 Proof of Concept
Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 375/1000
Why? CVSS 7.5		 Proof of Concept
Open Redirect
SNYK-JS-URLPARSE-1533425		 375/1000
Why? CVSS 7.5		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 375/1000
Why? CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-OBJECTPATH-1569453		 375/1000
Why? CVSS 7.5		 No Known Exploit
Denial of Service
SNYK-JS-NODEFETCH-674311		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 375/1000
Why? CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 375/1000
Why? CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 375/1000
Why? CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 375/1000
Why? CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: html-react-parser
  • 1.4.8 - 2022-02-06

    Bug Fixes

    • ensure backwards compatibility for html-dom-parser's ES Module (1d9ab19), closes #445
  • 1.4.7 - 2022-02-05

    Build System

    • package: upgrade html-dom-parser from 1.0.4 to 1.1.0 (750f5e6)
  • 1.4.6 - 2022-01-28

    Bug Fixes

  • 1.4.5 - 2022-01-05

    Bug Fixes

    • make reset and submit input types retain value attribs (b9613f4)
  • 1.4.4 - 2021-12-18

    Bug Fixes

    • dom-to-react: trim whitespaces if it is not valid in parent (523e292)
    • grammar and doc strings (87b0cd4)
    • improved language in README.md and removed TOC item (4126592)
    • remove #document from list of node names (d6e3554)
  • 1.4.3 - 2021-12-13

    Bug Fixes

    • attributes-to-props: convert attrib to uncontrolled component prop (6786046), closes #321
  • 1.4.2 - 2021-12-06

    Build System

    • deps: bump domhandler to 4.3.0 and html-dom-parser to 1.0.4 (2a9783b)
  • 1.4.1 - 2021-11-27

    Performance Improvements

    • upgrade dependency html-dom-parser to v1.0.3 (8987efb)
  • 1.4.0 - 2021-10-01

    Features

    • added CRA typescript example (42f42e5)
    • export domhandler's Element (0473e83)
  • 1.3.0 - 2021-09-07

    Features

    • upgrade react-property to get react-dom 17 DOM/SVG properties (f0fbbff)
  • 1.2.9 - 2021-09-06
  • 1.2.8 - 2021-08-12
  • 1.2.7 - 2021-06-19
  • 1.2.6 - 2021-04-18
  • 1.2.5 - 2021-04-13
  • 1.2.4 - 2021-02-01
from html-react-parser GitHub release notes
Commit messages
Package name: html-react-parser
  • 6caf45b Merge pull request #447 from remarkablemark/release-v1.4.8
  • 2d1ca85 chore: release 1.4.8
  • 1daa39f Merge pull request #446 from remarkablemark/fix/html-dom-parser
  • 5f724cc test: add tests to check exports are functions
  • 1d9ab19 fix: ensure backwards compatibility for html-dom-parser's ES Module
  • 03747b8 Merge pull request #444 from remarkablemark/release-v1.4.7
  • 0caf105 chore: release 1.4.7
  • 654ee73 Merge pull request #443 from remarkablemark/build/package
  • 750f5e6 build(package): upgrade html-dom-parser from 1.0.4 to 1.1.0
  • b6a5a06 Merge pull request #441 from remarkablemark/dependabot/npm_and_yarn/types/react-17.0.39
  • 952ebb8 build(deps-dev): bump @ types/react from 17.0.38 to 17.0.39
  • e9278be Merge pull request #440 from remarkablemark/dependabot/npm_and_yarn/rollup-2.67.0
  • 9cd9b1d build(deps-dev): bump rollup from 2.66.1 to 2.67.0
  • 5624dbb Merge pull request #439 from remarkablemark/dependabot/npm_and_yarn/lint-staged-12.3.3
  • b8b282e build(deps-dev): bump lint-staged from 12.3.2 to 12.3.3
  • 18fe51d Merge pull request #438 from remarkablemark/dependabot/npm_and_yarn/typescript-eslint/parser-5.10.2
  • 94db665 build(deps-dev): bump @ typescript-eslint/parser from 5.10.1 to 5.10.2
  • 0b99fd8 Merge pull request #437 from remarkablemark/dependabot/npm_and_yarn/eslint-8.8.0
  • db25f91 build(deps-dev): bump eslint from 8.7.0 to 8.8.0
  • 7d282b9 Merge pull request #436 from remarkablemark/release-v1.4.6
  • 852985e chore: release 1.4.6
  • e80d7d0 Merge pull request #434 from AndrewLeedham/AL-exports-main-field
  • 9e15c45 refactor: use import and require fields
  • 05593f1 Merge pull request #435 from remarkablemark/dependabot/npm_and_yarn/preact-10.6.5
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs