MailOnline / libreact

NO LONGER MAINTAINED - SEE https://github.com/streamich/libreact INSTEAD
The Unlicense
97 stars 6 forks source link

[Snyk] Fix for 5 vulnerabilities #98

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
Yes Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
Yes Proof of Concept
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5
Information Exposure
SNYK-JS-NODEFETCH-2342118
No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-focus-lock The new version differs by 4 commits.
See the full diff
Package name: semantic-release The new version differs by 250 commits.
  • 95af1e4 Merge pull request #2332 from semantic-release/beta
  • f634b8c fix(npm-plugin): upgraded to the beta, which upgrades npm to v8
  • d9e5bc0 fix: upgrade `marked` to resolve ReDos vulnerability (#2330)
  • dd7d664 docs: fix a broken link (#2318)
  • cd6136d docs: wrong prerelease example (#2307)
  • e62c83d docs: remove repeated 'with' word (#2289)
  • 5d78fa4 docs(breaking-change): highlighted the need for `BREAKING CHANGE: ` to be in the commit footer (#2283)
  • b64855f docs(badge): mentioned referencing the commit convention (#2269)
  • 09bcf7a docs: update badges to include preset names (#2266)
  • 8e96b23 docs(issue-templates): fixed links to templates for opening issues (#2264)
  • 5535268 docs: fix typo (#2262)
  • 7f971f3 fix: bump @ semantic-release/commit-analyzer to 9.0.2 (#2258)
  • e636621 docs(troubleshooting): typo (#2254)
  • f2a2def docs(recipes): fix path to recipes (#2253)
  • 628e29e chore(deps): update dependency got to v11.8.3 (#2251)
  • 8fda7fd docs(recipes): moved recipes to sub-directories to align with gitbook expectations (#2246)
  • 52d76a2 docs(plugin-list): updates semantic-release-plus/docker with updated lifecycle hook. (#2243)
  • f092dd1 chore(deps): update dependency nock to v13.2.1 (#2242)
  • 03aa7d0 docs(badge): switched to proper semantic-release logo (#2235)
  • bc146e4 docs(gitbook): updated the summary document so that missing pages are rendered by gitbook (#2234)
  • 5f9d1d1 chore(deps): update dependency nock to v13.2.0 (#2233)
  • 7ff71ad chore(deps): update dependency sinon to v12.0.1 (#2231)
  • d3958b8 Revert "chore(deps): update dependency p-retry to v5" (#2230)
  • 4ae9209 chore(deps): update dependency p-retry to v5 (#2229)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic