search

forwardemail / font-awesome-assets

:lipstick: Convert any of @FortAwesome's Font-Awesome icons to an asset, such as an <svg> tag or a Base64-encoded PNG/SVG <img> tag! It supports Retina devices and custom tag attributes too!
https://lad.js.org
MIT License
130 stars 18 forks source link

[Snyk] Security upgrade cheerio from 0.22.0 to 1.0.0 #9

Open titanism opened 1 month ago

titanism commented 1 month ago

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		   696  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/cheerio-select@2.1.0 None 0 62.6 kB feedic
npm/cheerio@1.0.0 None 0 1.25 MB feedic
npm/core-util-is@1.0.3 None 0 4.98 kB isaacs
npm/css-select@5.1.0 None 0 224 kB feedic
npm/css-what@6.1.0 None 0 66 kB feedic
npm/dom-serializer@2.0.0 None 0 28.8 kB feedic
npm/domelementtype@2.3.0 None 0 11.4 kB feedic
npm/domhandler@5.0.3 None 0 75.3 kB feedic
npm/domutils@3.1.0 network 0 162 kB feedic
npm/encoding-sniffer@0.2.0 None 0 167 kB feedic
npm/entities@4.5.0 None 0 413 kB feedic
npm/htmlparser2@9.1.0 None 0 254 kB feedic
npm/iconv-lite@0.6.3 None 0 349 kB ashtuchkin
npm/isarray@1.0.0 None 0 3.89 kB juliangruber
npm/nth-check@2.1.1 None 0 42.6 kB feedic
npm/parse5-htmlparser2-tree-adapter@7.0.0 None 0 19.1 kB feedic
npm/parse5-parser-stream@7.1.2 None 0 15.9 kB feedic
npm/parse5@7.1.2 None 0 702 kB feedic
npm/process-nextick-args@2.0.1 None 0 3.17 kB cwmma
npm/readable-stream@2.3.7 environment 0 87.7 kB matteo.collina
npm/string_decoder@1.1.1 None 0 15.3 kB matteo.collina
npm/undici@6.19.7 environment, network 0 1.13 MB matteo.collina
npm/whatwg-encoding@3.1.1 None 0 13.3 kB domenic
npm/whatwg-mimetype@4.0.0 None 0 16.7 kB domenic

🚮 Removed packages: npm/cheerio@0.22.0, npm/core-util-is@1.0.2, npm/css-select@1.2.0, npm/css-what@2.1.3, npm/dom-serializer@0.1.1, npm/domelementtype@1.3.1, npm/domhandler@2.4.2, npm/domutils@1.7.0, npm/entities@1.1.2, npm/htmlparser2@3.10.1, npm/iconv-lite@0.4.24, npm/lodash.assignin@4.2.0, npm/lodash.bind@4.2.1, npm/lodash.defaults@4.2.0, npm/lodash.filter@4.6.0, npm/lodash.flatten@4.4.0, npm/lodash.foreach@4.5.0, npm/lodash.map@4.6.0, npm/lodash.merge@4.6.2, npm/lodash.pick@4.4.0, npm/lodash.reduce@4.6.0, npm/lodash.reject@4.6.0, npm/lodash.some@4.6.0, npm/nth-check@1.0.2, npm/parse5@1.5.1, npm/readable-stream@3.6.0, npm/string_decoder@1.3.0, npm/whatwg-encoding@1.0.5

View full report↗︎