search

attesch / cezerin

Cezerin is React and Node.js based eCommerce platform.
https://cezerin.com
MIT License
1 stars 0 forks source link

[Snyk] Fix for 1 vulnerabilities #297

Open attesch opened 1 year ago

attesch commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: concurrently The new version differs by 75 commits.
  • 105445c 6.2.2
  • 875d375 Fix linting
  • 7263ffe Remove read-pkg
  • 8bcdf7f ci: add missing parallel coverage reporting step
  • 24e51ad Add coveralls badge to readme
  • b16585f ci: readd coveralls reporting
  • 0bc490f 6.2.1
  • c295062 Stop reading from stdin after programmatic API finishes (#253)
  • 07a7de1 Update links to new GH org and remove travis+appveyor (#285)
  • f574848 Fix link to substack blog post in README
  • fe5c01c Add GH actions workflow
  • 10ff00c Correctly reexport flow controllers
  • becac73 6.2.0
  • d38ab32 Include `killed` boolean in command result (#250)
  • e8f0706 Make --restart-tries restart forever with negative value
  • aad79fa 6.1.0
  • ecf1c5b Change default text color to reset instead of gray.dim
  • 70b92da Run npm audit fix
  • ccb6b8d 6.0.2
  • 330cf92 Fix input handler when input contains a colon (#269)
  • 7710c21 Update lodash package (#271)
  • e36e8c1 6.0.1
  • 9fa0544 Fix cwd option not overwriting per command if specified in programmatic usage (#266)
  • 343d1ab 6.0.0
See the full diff
Package name: eslint The new version differs by 250 commits.
  • 3dd6741 7.0.0
  • 9a722f9 Build: changelog update for 7.0.0
  • b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
  • 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
  • 401a687 Chore: fix rules list for prereleases (#13230)
  • 4ef6158 Breaking: espree@7.0.0 (#13270)
  • b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
  • 356fdb4 Docs: add migration guide (#12692)
  • 015edf6 Sponsors: Sync README with website
  • fdfa364 7.0.0-rc.0
  • 8d1b4db Build: changelog update for 7.0.0-rc.0
  • 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
  • d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
  • 2ce6bed Chore: added tests for nested arrays (#13145)
  • d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
  • 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
  • bcafd0f Update: Add ESLint API (refs eslint/rfcs#40) (#12939)
  • 3eeae56 Upgrade: some (dev) deps (#13155)
  • 6b7030b Chore: Run tests on Node.js v14 (#13210)
  • ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
  • 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
  • 56d2bee Docs: fix typos (#13204)
  • e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
  • e4f57b7 Chore: add nested array tests for array-element-newline (#13161)
See the full diff
Package name: eslint-plugin-import The new version differs by 250 commits.
  • b0131d2 Bump to v2.25.0
  • 7463de2 utils: v2.7.0
  • 900ac9a [resolvers/webpack] [deps] update `is-core-module`
  • c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
  • 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
  • 62e2d88 [New] Support `eslint` v8
  • 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
  • dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
  • 4f0f560 [Docs] `no-namespace`: fix a typo
  • 430d16c [Tests] eslint-import-resolver-typescript@1.0.2 doesn't resolve .js
  • 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
  • 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
  • 471790f [Tests] fix skip usage
  • fd85369 [Tests] skip failing test on eslint < 6 + node < 8
  • 64423e9 [Tests] add passing test for export-star
  • 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
  • 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
  • 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
  • 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
  • 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
  • 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
  • 7c382f0 [New] `no-unused-modules`: support dynamic imports
  • 7579748 [utils] [new] add `visit`, to support dynamic imports
  • 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option
See the full diff
Package name: node-sass The new version differs by 123 commits.
  • c167004 6.0.1
  • 911d4db remove mkdirp dep (#3108)
  • 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
  • 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
  • cfcbb2c chore: Use default Apline version from docker-node (#3121)
  • 886319b chore: Drop Node 10 support
  • c908f4f fix: Bump OSX minimum to 10.11
  • 8ab02da fix: Remove old compiler gyp settings
  • 3d7b9d0 chore: Add Node 16 support
  • 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
  • 06f3ab4 Update TROUBLESHOOTING.md
  • c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
  • 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
  • a2a3a78 chore: Bump dependabot limit
  • 7105b0a 5.0.0 (#3015)
  • 0648b5a chore: Add Node 15 support (#2983)
  • e2391c2 Add a deprecation message to the readme (#3011)
  • 6a33e53 chore: Don't upload artifacts on PRs
  • d763506 chore: Only run coverage on main repo
  • d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
  • 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
  • f877689 chore: Don't double build DependaBot PRs
  • b48fac4 chore: Add weekly DependaBot updates
  • 91c40a0 Remove deprecated process.sass API
See the full diff
Package name: sass-loader The new version differs by 61 commits.
  • 3b51d47 chore(release): 8.0.1
  • 6c59e37 fix: support webpack@5 (#794)
  • 5611f73 docs: improved documentation after breaking changes in release version 8.0.0 (#780)
  • 4834287 refactor: use startsWith (#792)
  • 22c597b refactor: use Array.includes (#777)
  • ed345fa chore(deps): switch to memfs (#791)
  • 2e14b68 chore: removed the duplicated prettier config (#781)
  • 9274387 chore(deps): update (#772)
  • 6d11b7b docs: overhaul readme (#771)
  • 185ba80 test: sass modules "@ use" (#770)
  • aa9b53b chore(release): 8.0.0
  • 45ad0be chore: next (#748)
  • 194fea4 chore(release): 7.3.1
  • 1175920 fix: minimum `node` version in `package.json` (#733)
  • a3ac649 chore(release): 7.3.0
  • 6f4ea37 feat: `webpackImporter` option (#732)
  • 0330253 docs: standardize readme (#730)
  • 997a255 fix: handle module import ending `/` as module (#728)
  • 071fa88 test: alias on directory with `_index` file (#727)
  • 6be93c8 test: import without quotes (#726)
  • dc23895 refactor: code (#725)
  • 97c93dd test: manual test (#724)
  • b2af379 fix: use "compressed" output when mode is "production" (#723)
  • 3545434 refactor: code
See the full diff
Package name: webpack-cli The new version differs by 250 commits.
  • fb50f76 chore(release): publish new version
  • 2c75aeb chore: new version of the packages
  • 0d05c30 chore(release): publish %s
  • 3f9e151 chore: fix lerna config
  • 2c1e34c tests(generator): enhance init generator tests (#1236)
  • 6ee61b9 Fix loader-generator and plugin-generator tests (#1250)
  • 52956a2 Fixing the typos and grammatical errors in Readme files (#1246)
  • 7faaed2 chore: update Bug_report & Feature_request Templates (#1256)
  • 7a5b33d feat(webpack-cli): added mode argument (#1253)
  • 3715756 tests(webpack-cli): add test case for defaults flag (#1254)
  • a7cba2f chore: project maintanance and typescript fix (#1247)
  • 7748472 chore: ignore package-lock.json and remove its references (#1252)
  • a014aa7 docs: fix supported arguments & commands link in README (#1244)
  • 06129a1 feat(webpack-cli): add progress bar for progress flag (#1238)
  • 6cc6a49 chore: post refactor CLI (#1237)
  • 358651e chore: move cli under lerna package (#1225)
  • 2dc495a fix(init): fix webpack config scaffold (#1231)
  • 1ab62d2 tests(generator): add tests for plugin generator (#1235)
  • d2dd0c1 tests(sourcemap): fix flaky stats statement (#1232)
  • f6dc680 tests(loader-generator): add tests for loader generator (#1234)
  • 35d1381 tests(generator): enable init generator test (#1233)
  • 66cdcb6 chore(generator): remove transpiled tests (#1229)
  • f29a170 fix(init): fix the invalid package name (#1228)
  • 8c3a66d chore(cli): updated changelog of v3 (#1224)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"fc9de4cc-fd31-464c-9f3b-20c9548b3101","prPublicId":"fc9de4cc-fd31-464c-9f3b-20c9548b3101","dependencies":[{"name":"concurrently","from":"4.0.1","to":"6.2.2"},{"name":"eslint","from":"5.4.0","to":"7.0.0"},{"name":"eslint-plugin-import","from":"2.14.0","to":"2.25.0"},{"name":"node-sass","from":"4.9.3","to":"6.0.1"},{"name":"sass-loader","from":"7.1.0","to":"8.0.1"},{"name":"webpack-cli","from":"3.1.0","to":"4.0.0"}],"packageManager":"npm","projectPublicId":"54f4ee92-998c-4470-8c24-77a260feb55b","projectUrl":"https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)