This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- frontend/package.json
- frontend/package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (\*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **124/1000** **Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 5, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | Uncontrolled resource consumption [SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | No Known Exploit
 | **124/1000** **Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 5, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | Inefficient Regular Expression Complexity [SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit
(\*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: eslint-config-love
The new version differs by 171 commits.
d5432d9 Merge pull request #1554 from mightyiam/renovate/lodash-4.x
224da47 chore(deps): update dependency @ types/lodash to v4.17.4
64ad51b Merge pull request #1553 from mightyiam/renovate/lodash-4.x
3fcc94c chore(deps): update dependency @ types/lodash to v4.17.3
05ec8e2 Merge pull request #1552 from mightyiam/renovate/node-20.x
604a864 chore(deps): update dependency @ types/node to v20.12.12
ad66dee Merge pull request #1551 from mightyiam/renovate/@ typescript-eslint-packages
7853875 chore(deps): update @ typescript-eslint packages to v7.9.0
83fb765 Merge pull request #1550 from mightyiam/renovate/semantic-release-23.x
463d6df chore(deps): update dependency semantic-release to v23.1.1
0308690 Merge pull request #1549 from mightyiam/renovate/semantic-release-23.x
aef0f6e chore(deps): update dependency semantic-release to v23.1.0
973af9c Merge pull request #1548 from mightyiam/renovate/semver-7.x
0d937cd chore(deps): update dependency semver to v7.6.2
c9bbac1 Merge pull request #1547 from mightyiam/renovate/node-20.x
4c08855 chore(deps): update dependency @ types/node to v20.12.11
8e1f38d Merge pull request #1546 from mightyiam/renovate/semver-7.x
cf28b7b chore(deps): update dependency semver to v7.6.1
79f9c97 Merge pull request #1545 from mightyiam/renovate/node-20.x
24b14df chore(deps): update dependency @ types/node to v20.12.10
f46af16 Merge pull request #1544 from mightyiam/renovate/type-fest-4.x
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
---
**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._
For more information:
π§ [View latest project report](https://app.snyk.io/org/bcgov/project/8f74a576-ecc5-4065-a784-fc6785fbad3b?utm_source=github&utm_medium=referral&page=fix-pr)
π [Adjust project settings](https://app.snyk.io/org/bcgov/project/8f74a576-ecc5-4065-a784-fc6785fbad3b?utm_source=github&utm_medium=referral&page=fix-pr/settings)
π [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"eslint-config-love","from":"43.1.0","to":"48.0.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BRACES-6838727","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:36:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:42:05 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Inefficient Regular Expression Complexity"}],"prId":"07fff302-b2d2-4000-886d-1fdce14c7c1d","prPublicId":"07fff302-b2d2-4000-886d-1fdce14c7c1d","packageManager":"npm","priorityScoreList":[124,124],"projectPublicId":"8f74a576-ecc5-4065-a784-fc6785fbad3b","projectUrl":"https://app.snyk.io/org/bcgov/project/8f74a576-ecc5-4065-a784-fc6785fbad3b?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"vulns":["SNYK-JS-BRACES-6838727","SNYK-JS-MICROMATCH-6838728"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
---
**Note:** _This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our [documentation.](https://docs.snyk.io/scan-using-snyk/snyk-open-source/automatic-and-manual-prs-with-snyk-open-source/customize-pr-templates-closed-beta)_
**Learn how to fix vulnerabilities with free interactive lessons:**
π¦ [Uncontrolled resource consumption](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
---
Thanks for the PR!
Deployments, as required, will be available below:
- [Frontend](https://quickstart-openshift-1980-frontend.apps.silver.devops.gov.bc.ca)
- [Backend](https://quickstart-openshift-1980-frontend.apps.silver.devops.gov.bc.ca/api)
Please create PRs in draft mode. Mark as ready to enable:
- [Analysis Workflow](https://github.com/bcgov/quickstart-openshift/actions/workflows/analysis.yml)
After merge, new images are deployed in:
- [Merge Workflow](https://github.com/bcgov/quickstart-openshift/actions/workflows/merge.yml)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - frontend/package.json - frontend/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (\*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **124/1000****Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 5, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | No Known Exploit  | **124/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 5, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | Inefficient Regular Expression Complexity
[SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit (\*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: eslint-config-love
The new version differs by 171 commits.- a439124 chore(release): 48.0.0 [skip ci]
- 3d49618 Merge pull request #1555 from mightyiam/flat_
- a0571e7 feat: flat config
- d5432d9 Merge pull request #1554 from mightyiam/renovate/lodash-4.x
- 224da47 chore(deps): update dependency @ types/lodash to v4.17.4
- 64ad51b Merge pull request #1553 from mightyiam/renovate/lodash-4.x
- 3fcc94c chore(deps): update dependency @ types/lodash to v4.17.3
- 05ec8e2 Merge pull request #1552 from mightyiam/renovate/node-20.x
- 604a864 chore(deps): update dependency @ types/node to v20.12.12
- ad66dee Merge pull request #1551 from mightyiam/renovate/@ typescript-eslint-packages
- 7853875 chore(deps): update @ typescript-eslint packages to v7.9.0
- 83fb765 Merge pull request #1550 from mightyiam/renovate/semantic-release-23.x
- 463d6df chore(deps): update dependency semantic-release to v23.1.1
- 0308690 Merge pull request #1549 from mightyiam/renovate/semantic-release-23.x
- aef0f6e chore(deps): update dependency semantic-release to v23.1.0
- 973af9c Merge pull request #1548 from mightyiam/renovate/semver-7.x
- 0d937cd chore(deps): update dependency semver to v7.6.2
- c9bbac1 Merge pull request #1547 from mightyiam/renovate/node-20.x
- 4c08855 chore(deps): update dependency @ types/node to v20.12.11
- 8e1f38d Merge pull request #1546 from mightyiam/renovate/semver-7.x
- cf28b7b chore(deps): update dependency semver to v7.6.1
- 79f9c97 Merge pull request #1545 from mightyiam/renovate/node-20.x
- 24b14df chore(deps): update dependency @ types/node to v20.12.10
- f46af16 Merge pull request #1544 from mightyiam/renovate/type-fest-4.x
See the full diff