Closed snyk-bot closed 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ANSIREGEX-1583908
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-BROWSERSLIST-1090194
Why? Has a fix available, CVSS 5.3
SNYK-JS-CSSWHAT-1298035
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-GLOBPARENT-1016905
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-IMMER-1019369
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-IMMER-1540542
Why? Recently disclosed, Has a fix available, CVSS 4.3
SNYK-JS-ISTANBULREPORTS-2328088
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-JSZIP-1251497
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7
SNYK-JS-NETMASK-1089716
Why? Has a fix available, CVSS 5.3
SNYK-JS-NODESASS-1059081
Why? Has a fix available, CVSS 7.5
SNYK-JS-NTHCHECK-1586032
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JS-PACRESOLVER-1564857
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-POSTCSS-1090595
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-POSTCSS-1255640
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-REACTDEVUTILS-1083268
Why? Has a fix available, CVSS 8.1
SNYK-JS-SHELLQUOTE-1766506
Why? Has a fix available, CVSS 7.5
SNYK-JS-SSH2-1656673
Why? Has a fix available, CVSS 8.2
SNYK-JS-TAR-1536528
Why? Has a fix available, CVSS 8.2
SNYK-JS-TAR-1536531
Why? Has a fix available, CVSS 3.7
SNYK-JS-TAR-1536758
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579147
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579152
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579155
Why? Has a fix available, CVSS 7.5
SNYK-JS-TRIMNEWLINES-1298042
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @svgr/webpack
The new version differs by 197 commits.- af9a6cb v6.0.0
- e9469c3 Merge pull request #629 from gregberge/rewriting-docs
- eb3282b docs: rewriting
- 6f832f0 Merge pull request #627 from gregberge/support-css-variables
- cbdb47f fix: support CSS variables
- 985444d chore: fix package-lock.json
- a5effba v6.0.0-alpha.4
- 3f071d6 Merge pull request #626 from gregberge/upgrade-deps
- daf6a08 chore(deps): upgrade
- 1c5f163 Merge pull request #625 from gregberge/icon-size
- 483560d chore: fix package-lock.json
- 3c0b779 feat: allow to specify icon size
- 6ba16a3 Merge pull request #624 from gregberge/various-things
- f61c8ba chore: fix ref following refactoring
- 261e1b5 v6.0.0-alpha.3
- fe5c117 Merge pull request #623 from gregberge/webpack
- 9a4cbce docs(examples): update examples
- 1a8cc98 fix(webpack): fix webpack 5 behaviour with url-loader
- a857bb1 feat: support mask-type property (#621)
- 5966714 fix(template): make it possible to use type in template (#619)
- 9ea5da4 refactor(core): use exportName transform (#616)
- 8a1b0aa docs(readme): Fixing CRA link (#618)
- 00a1d4b chore: fix package-lock.json
- f729efa v6.0.0-alpha.2
See the full diffPackage name: @testing-library/jest-dom
The new version differs by 17 commits.- 7921e4a feat: Enhance toHaveStyle to accept JS as css (#196)
- 3b3a3d3 docs: add benmonro as a contributor (#195)
- a053cdd docs: add JPBlancoDB as a contributor (#194)
- 69aee34 docs: add koala-lava as a contributor (#193)
- 5f3f9c7 docs: add jzarzeckis as a contributor (#192)
- 0d60a25 docs: add MichaelDeBoey as a contributor (#191)
- c9a8664 chore: Update dependencies (#190)
- e4d61c2 fix: toBeVisible ignoring Details element (#184)
- d87dfee Simplify README code usage examples (#188)
- 030da62 fix: Add @ types/testing-library__jest-dom dependency (#189)
- d13bb90 docs: Tiny typo (#181)
- c919520 docs: Remove lines about using fireEvent to gain focus or blur (#187)
- 760409a Merge pull request #183 from testing-library/next
- d68ccd7 Add matchers module in the package root
- c76f8c5 Remove extend-expect typings (#182)
- 27c1056 Add jest extensions on main module (#175)
- 8e14dc1 docs: Update examples using document.querySelector (#168)
See the full diffPackage name: eslint
The new version differs by 250 commits.- 145aec1 7.16.0
- 83518a5 Build: changelog update for 7.16.0
- a62ad6f Update: fix false negative of no-extra-parens with NewExpression (#13930)
- f85b4c7 Fix: require-atomic-updates false positive across await (fixes #11954) (#13915)
- 301d0c0 Fix: no-constant-condition false positives with unary expressions (#13927)
- 555c128 Fix: false positive with await and ** in no-extra-parens (fixes #12739) (#13923)
- d93c935 Docs: update JSON Schema links (#13936)
- 8d0c93a Upgrade: table@6.0.4 (#13920)
- 9247683 Docs: Remove for deleted npm run profile script (#13931)
- ab240d4 Fix: prefer-exponentiation-operator invalid autofix with await (#13924)
- dc76911 Chore: Add .pre-commit-hooks.yaml file (#13628)
- 2124e1b Docs: Fix wrong rule name (#13913)
- 06b5809 Sponsors: Sync README with website
- 26fc12f Docs: Update README team and sponsors
- 902a032 7.15.0
- 6356778 Build: changelog update for 7.15.0
- 5c11aab Upgrade: @ eslint/esintrc and espree for bug fixes (refs #13878) (#13908)
- 0eb7957 Upgrade: file-entry-cache@6.0.0 (#13877)
- 683ad00 New: no-unsafe-optional-chaining rule (fixes #13431) (#13859)
- cbc57fb Fix: one-var autofixing for export (fixes #13834) (#13891)
- 110cf96 Docs: Fix a broken link in working-with-rules.md (#13875)
- 0cb81a9 7.14.0
- fb3a594 Build: changelog update for 7.14.0
- 5f09073 Update: fix 'skip' options in no-irregular-whitespace (fixes #13852) (#13853)
See the full diffPackage name: jest
The new version differs by 250 commits.- 343532a v26.0.0
- 075854a chore: update changelog for release
- 68b65af v26.0.0-alpha.2
- d30a586 fix: disallow hook definitions in tests (#9957)
- 3375ac3 chore: remove unused prettier uninstall step from CI
- 0a63d40 fix: absolute path moduleNameMapper + jest.mock issue (#8727)
- 03dbb2f chore: fix watch mode test with utimes (#9967)
- 68d12d5 chore: skip broken test on windows (#9966)
- e8e8146 align circus with jasmine's top-to-bottom execution order (#9965)
- 968a301 Fix invalid re-run of tests in watch mode (#7347)
- 5d1be03 chore: fix windows CI (#9964)
- 2bac04f v26.0.0-alpha.1
- c665f22 feat: add `createMockFromModule` to replace `genMockFromModule` (#9962)
- 8147af1 chore: improve error on module not found (#9963)
- 71631f6 feat: add new 'modern' implementation of Fake Timers (#7776)
- d7f3427 chore: rename LolexFakeTimers to ModernFakeTimers (#9960)
- 2c7682c Update index.js (#9095)
- 5a16415 docs: Updated Testing Frameworks guide with React; make it generic (#9106)
- 4216b86 updated docs regarding testSequencer (#9174)
- 2e8f8d5 fix: handle `null` being passed to `createTransformer` (#9955)
- 7a3c997 jest-circus: throw if a test / hook is defined asynchronously (#8096)
- 42f920c chore: update ts-eslint (#9953)
- 3078172 Updated config docs with default transform value (#8583)
- b6052e0 Update jest-phabricator documentation (#8662)
See the full diffPackage name: node-sass
The new version differs by 74 commits.- 99242d7 7.0.1
- 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
- c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
- 918dcb3 Lint fix
- 0a21792 Set rejectUnauthorized to true by default (#3149)
- e80d4af chore: Drop EOL Node 15 (#3122)
- d753397 feat: Add Node 17 support (#3195)
- dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
- bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
- 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
- 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
- 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
- 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
- fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
- 6200b21 docs: Double word "support" (#3159)
- eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
- 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
- c167004 6.0.1
- 911d4db remove mkdirp dep (#3108)
- 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
- 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
- cfcbb2c chore: Use default Apline version from docker-node (#3121)
- 886319b chore: Drop Node 10 support
- c908f4f fix: Bump OSX minimum to 10.11
See the full diffPackage name: optimize-css-assets-webpack-plugin
The new version differs by 5 commits.- 09d29b3 5.0.5
- d0a7da7 feat(deps): update dependencies (#154)
- 41d1e23 Redirect to css-minimizer-webpack-plugin for webpack 5 or above
- e9b84f1 5.0.4
- b3a3ada Update dependencies (#133)
See the full diffPackage name: react-dev-utils
The new version differs by 238 commits.- 221e511 Publish
- 6a3315b Update CONTRIBUTING.md
- 5614c87 Add support for Tailwind (#11717)
- 657739f chore(test): make all tests install with `npm ci` (#11723)
- 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
- 69321b0 Remove cached lockfile (#11706)
- 3afbbc0 Update all dependencies (#11624)
- f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
- e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
- c7627ce Update webpack and dev server (#11646)
- f85b064 The default port used by `serve` has changed (#11619)
- 544befe Update package.json (#11597)
- 9d0369b Fix ESLint Babel preset resolution (#11547)
- d7b23c8 test(create-react-app): assert for exit code (#10973)
- 1465357 Prepare 5.0.0 alpha release
- 3880ba6 Remove dependency pinning (#11474)
- 8b9fbee Update CODEOWNERS
- cacf590 Bump template dependency version (#11415)
- 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
- 50ea5ad allow CORS on webpack-dev-server (#11325)
- 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
- 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
- 134cd3c Resolve dependency issues in v5 alpha (#11294)
- b45ae3c Update CONTRIBUTING.md
See the full diffPackage name: snyk
The new version differs by 250 commits.- 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
- 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
- 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
- 95631e7 test: migrate is-docker to jest
- babe22a test: migrate old-snyk-format to jest
- e22e94f feat: Snyk CLI is bundled with Webpack
- dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
- e7c314f Merge pull request #2178 from snyk/test/server-close
- 5e824c0 fix(protect): skip previously patched files
- ca2177a fix(protect): catch and log unexpected errors
- c9ddb44 chore(protect): move api url warnings to stderr
- e8fed38 refactor(protect): move stdout logs to top level
- 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
- 1522c5f test: server.close uses callbacks, not promises
- 13dce51 test: increase timeout for slow oauth test
- 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
- a1e3992 chore: don't run tests on master
- 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
- f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
- 1ed7d11 refactor: replace cc parser with split functions
- 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
- dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
- 7973015 fix: support quoted keys in inline tables
- 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin
See the full diffPackage name: webpack-dev-server
The new version differs by 250 commits.- c9271b9 chore(release): 4.0.0
- 18bf369 test: fix stability (#3676)
- cdcabb2 fix: respect protocol from browser for manual setup (#3675)
- 1768d6b fix: initial reloading for lazy compilation (#3662)
- 4f5bab1 docs: improve examples (#3672)
- f2d87fb fix: improve https CLI output (#3673)
- 0277c5e chore: remove redundant console statements (#3671)
- 16fcdbc docs: add `ipc` example (#3667)
- 8915fb8 test: add e2e tests for built in routes (#3669)
- 4d1cbe1 docs: ask `version` information in issue template (#3668)
- b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
- ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
- f1fdaa7 chore(release): 4.0.0-rc.1
- c4678bc fix: legacy API (#3660)
- d8bdd03 test: fix stability (#3661)
- 22b1414 refactor: remove `killable` (#3657)
- 75bafbf test: add e2e tests for module federation (#3658)
- 493ccbd chore(deps): update `ws` (#3652)
- ae8c523 test: add e2e test for universal compiler (#3656)
- f94b84f chore(deps): update (#3655)
- 1923132 test: fix cli
- 2adfd01 test: fix todo (#3653)
- 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
- c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic