search

htmlhint / HTMLHint

⚙️ The static code analysis tool you need for your HTML
https://htmlhint.com
MIT License
3.09k stars 382 forks source link

[Snyk] Fix for 2 vulnerabilities #1279

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 798/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JS-ETA-2936803		 No Proof of Concept
medium severity 556/1000
Why? Recently disclosed, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-JS-ETA-3261240		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @docusaurus/core The new version differs by 12 commits.
  • cf12f21 v2.3.1
  • cc767ed fix(theme-common): fix issue in tab scroll position restoration on tab click (#8628)
  • ed13d5c chore: add "pr: dependencies" to lerna changelog labels (#8622)
  • 484774c trigger ci
  • 692bbda fix(theme-common): localStorage utils dispatch too many storage events leading to infinite loop (#8619)
  • ce8e55b fix(theme-common): prepare usage of useSyncExternalStore compatibility with React 18 (#8618)
  • 883983c fix(theme-classic): allow rendering single tab item (#8593)
  • 2bdd27a fix(utils): handle CRLF when parsing MDX imports (#8606)
  • 4761c8c chore(theme-translations): complete zh translations (#8614)
  • 990e553 fix(preset-classic): install the right plugin for googleTagManager (#8597)
  • 4cd2c65 chore(deps): bump eta from 1.12.3 to 2.0.0 (#8610)
  • c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (#8585)
See the full diff
Package name: @docusaurus/preset-classic The new version differs by 12 commits.
  • cf12f21 v2.3.1
  • cc767ed fix(theme-common): fix issue in tab scroll position restoration on tab click (#8628)
  • ed13d5c chore: add "pr: dependencies" to lerna changelog labels (#8622)
  • 484774c trigger ci
  • 692bbda fix(theme-common): localStorage utils dispatch too many storage events leading to infinite loop (#8619)
  • ce8e55b fix(theme-common): prepare usage of useSyncExternalStore compatibility with React 18 (#8618)
  • 883983c fix(theme-classic): allow rendering single tab item (#8593)
  • 2bdd27a fix(utils): handle CRLF when parsing MDX imports (#8606)
  • 4761c8c chore(theme-translations): complete zh translations (#8614)
  • 990e553 fix(preset-classic): install the right plugin for googleTagManager (#8597)
  • 4cd2c65 chore(deps): bump eta from 1.12.3 to 2.0.0 (#8610)
  • c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (#8585)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE) 🦉 Cross-site Scripting (XSS)

coliff commented 1 year ago

I think the Snyk integration can be removed as GitHub takes care of these things now.

nschonni commented 1 year ago

I disabled it through the UI, but I wasn't sure if some other part was being used, so I didn't fully remove it