search

arcus-azure / arcus.security

Security for Azure development in a breeze.
https://security.arcus-azure.net/
MIT License
39 stars 12 forks source link

[Snyk] Fix for 1 vulnerabilities #420

Open stijnmoreels opened 1 year ago

stijnmoreels commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - docs/package.json - docs/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @docusaurus/core The new version differs by 250 commits.
  • 2a9e8f5 v2.0.0
  • 2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (#7788)
  • d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (#7787)
  • e4fc47b Merge branch 'main' into docusaurus-v2
  • 7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (#7784)
  • 1065e55 refactor(core): log Docusaurus & Node version before exiting (#7781)
  • 965a01e chore: port-2.0.0-rc.1 (#7782)
  • e78a15e chore: ci tests should run on version branches "docusaurus-vX" (#7783)
  • c751bc6 chore: regen v2.0.0-rc.1 examples (#7780)
  • d255389 chore: prepare v2.0.0-rc.1 release (#7778)
  • 443914a docs: add Bruce Wiki website to showcase (#7770)
  • f913af0 docs: release process, versioning, breaking changes, public API surface (#7706)
  • 9788944 refactor(theme): fix duplicate page metadata usage (#7777)
  • c48f338 fix(core): swizzle --eject js should not copy theme .d.ts files (#7776)
  • c3d2e0d fix(sitemap): complete gracefully when all pages have noIndex meta (#7774)
  • 665c311 chore: bump Infima to 0.2.0-alpha.42, fix a:hover link bug (#7771)
  • 1899a2e docs: add EverShop website to showcase (#7765)
  • 542228e fix(deploy): revert "feat(deploy): copy local git config to tmp repo (#7702)" (#7750)
  • a4b4a7f fix(migrate): import siteConfig with file extension (#7766)
  • 337463a chore(theme-translations): complete ko translations (#7762)
  • 9467da6 chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (#7764)
  • cba8be0 fix(theme-classic): validate options properly (#7755)
  • 636d470 refactor(core): use has instead of get to test for existence in ExecEnv (#7763)
  • f21dadf docs: add StackQL Provider Registry to showcase (#7760)
See the full diff
Package name: @docusaurus/preset-classic The new version differs by 250 commits.
  • 2a9e8f5 v2.0.0
  • 2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (#7788)
  • d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (#7787)
  • e4fc47b Merge branch 'main' into docusaurus-v2
  • 7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (#7784)
  • 1065e55 refactor(core): log Docusaurus & Node version before exiting (#7781)
  • 965a01e chore: port-2.0.0-rc.1 (#7782)
  • e78a15e chore: ci tests should run on version branches "docusaurus-vX" (#7783)
  • c751bc6 chore: regen v2.0.0-rc.1 examples (#7780)
  • d255389 chore: prepare v2.0.0-rc.1 release (#7778)
  • 443914a docs: add Bruce Wiki website to showcase (#7770)
  • f913af0 docs: release process, versioning, breaking changes, public API surface (#7706)
  • 9788944 refactor(theme): fix duplicate page metadata usage (#7777)
  • c48f338 fix(core): swizzle --eject js should not copy theme .d.ts files (#7776)
  • c3d2e0d fix(sitemap): complete gracefully when all pages have noIndex meta (#7774)
  • 665c311 chore: bump Infima to 0.2.0-alpha.42, fix a:hover link bug (#7771)
  • 1899a2e docs: add EverShop website to showcase (#7765)
  • 542228e fix(deploy): revert "feat(deploy): copy local git config to tmp repo (#7702)" (#7750)
  • a4b4a7f fix(migrate): import siteConfig with file extension (#7766)
  • 337463a chore(theme-translations): complete ko translations (#7762)
  • 9467da6 chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (#7764)
  • cba8be0 fix(theme-classic): validate options properly (#7755)
  • 636d470 refactor(core): use has instead of get to test for existence in ExecEnv (#7763)
  • f21dadf docs: add StackQL Provider Registry to showcase (#7760)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/stijnmoreels/project/c2c3acd9-bad0-4afb-b670-e763bd357b0c?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/stijnmoreels/project/c2c3acd9-bad0-4afb-b670-e763bd357b0c?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"426b8bb8-ff41-4d6b-baa8-5f35428e492f","prPublicId":"426b8bb8-ff41-4d6b-baa8-5f35428e492f","dependencies":[{"name":"@docusaurus/core","from":"2.0.0-beta.6","to":"2.0.0"},{"name":"@docusaurus/preset-classic","from":"2.0.0-beta.6","to":"2.0.0"}],"packageManager":"npm","projectPublicId":"c2c3acd9-bad0-4afb-b670-e763bd357b0c","projectUrl":"https://app.snyk.io/org/stijnmoreels/project/c2c3acd9-bad0-4afb-b670-e763bd357b0c?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
netlify[bot] commented 1 year ago

Deploy Preview for arcus-security failed.

Name Link
Latest commit 9a0b1f56a649d63cf2d0456d1e9a859bf6d9db83
Latest deploy log https://app.netlify.com/sites/arcus-security/deploys/64af16307d955f0008292b3f
codecov[bot] commented 1 year ago

Codecov Report

Patch and project coverage have no change.

Comparison is base (d16484a) 89.85% compared to head (9a0b1f5) 89.85%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #420 +/- ## ======================================= Coverage 89.85% 89.85% ======================================= Files 20 20 Lines 1065 1065 Branches 82 82 ======================================= Hits 957 957 Misses 79 79 Partials 29 29 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.