search

OWASP / crAPI

completely ridiculous API (crAPI)
Apache License 2.0
1.13k stars 347 forks source link

[Snyk] Upgrade react-scripts from 3.4.1 to 3.4.4 #142

Closed JBAhire closed 2 years ago

JBAhire commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade react-scripts from 3.4.1 to 3.4.4.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=react-scripts&from_version=3.4.1&to_version=3.4.4&pr_id=fef248fa-9083-4405-a0e5-5688b0dfa60a&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **2 years ago**, on 2020-10-20. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Improper Input Validation
[SNYK-JS-URLPARSE-2407770](https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Arbitrary Code Injection
[SNYK-JS-SERIALIZEJAVASCRIPT-570062](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-OBJECTPATH-1585658](https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1585658) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Prototype Pollution
[SNYK-JS-OBJECTPATH-1017036](https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1017036) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-NODEFORGE-598677](https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Remote Memory Exposure
[SNYK-JS-DNSPACKET-1293563](https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-YARGSPARSER-560381](https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Authorization Bypass Through User-Controlled Key
[SNYK-JS-URLPARSE-2412697](https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Authorization Bypass
[SNYK-JS-URLPARSE-2407759](https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Access Restriction Bypass
[SNYK-JS-URLPARSE-2401205](https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Open Redirect
[SNYK-JS-URLPARSE-1533425](https://snyk.io/vuln/SNYK-JS-URLPARSE-1533425) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Improper Input Validation
[SNYK-JS-URLPARSE-1078283](https://snyk.io/vuln/SNYK-JS-URLPARSE-1078283) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Denial of Service (DoS)
[SNYK-JS-SOCKJS-575261](https://snyk.io/vuln/SNYK-JS-SOCKJS-575261) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-OBJECTPATH-1569453](https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Information Exposure
[SNYK-JS-EVENTSOURCE-2823375](https://snyk.io/vuln/SNYK-JS-EVENTSOURCE-2823375) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react-scripts
  • 3.4.4 - 2020-10-20
  • 3.4.3 - 2020-08-12
  • 3.4.2 - 2020-08-11
  • 3.4.1 - 2020-03-21
from react-scripts GitHub release notes
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/jbahire/project/856e73f0-e00e-4934-90cc-0cd733be909f?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/jbahire/project/856e73f0-e00e-4934-90cc-0cd733be909f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/jbahire/project/856e73f0-e00e-4934-90cc-0cd733be909f/settings/integration?pkg=react-scripts&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)