search

jshuaf / Aquaforces

The land of the free
0 stars 0 forks source link

[Snyk] Fix for 1 vulnerabilities #151

Open jshuaf opened 1 year ago

jshuaf commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: babel-loader The new version differs by 41 commits.
  • 1a76476 7.0.0
  • 7307226 Point changelog to releases
  • 174cb10 Merge branch '7.0'
  • 2204871 Add prettier (#409)
  • dbec80d Make sure .babelrc is a file, not a directory (#427)
  • aa485e4 Use bash codecov (#440)
  • 16522b6 yarn.lock
  • 660922b Update ava to the latest version πŸš€ (#434)
  • 5d248b5 Update cross-env to the latest version πŸš€ (#431)
  • 74ff2e6 Updated documentation to match webpack v2 changes. (#438)
  • ed8711d Add note about webpack versions
  • a7342de 7.0.0-beta.1
  • fb8c271 Merge branch 'fix-options' into 7.0
  • 1ed7ff5 Merge branch 'master' into 7.0
  • e20f6b6 Changelog for 6.4.1 (#424)
  • 87e4e85 target node 4 in preset env (#423)
  • 05a31c5 7.0.0-alpha.3
  • ad77367 Ensure options are always an object (#413)
  • e8aa302 Ensure options are always an object
  • b9209e7 7.0.0-alpha.2
  • 3f51915 Update yarn.lock
  • c18b16a Fix merge conflict
  • 906ab55 Merge branch 'master' into 7.0
  • 70c8c4a Merge branch 'master' into 7.0
See the full diff
Package name: webpack The new version differs by 250 commits.
  • bf4ec9c 3.0.0
  • 9feda63 Merge pull request #5028 from webpack/feature/externalize_uglify_plugin
  • 49d6e38 Merge pull request #5086 from webpack/ci/node-8
  • 3dcb133 OSX test on node.js 8
  • f4b8785 Merge pull request #5012 from webpack/TheLarkInn-patch-1
  • d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
  • 3da4f3e Merge pull request #5085 from jbellenger/jbellenger/rawmodule-hash
  • 8c9dc14 fix RawModule hashing
  • c2c5d73 Update README.md
  • 316d4b9 Merge pull request #5084 from timse/remove-duplicate-code
  • ae18552 update test case with changed hash due to less clutter in dependencies
  • fc20348 unite iteration through modules into one loop
  • 083843e remove code that pushes arrays of dependencies into dependencies
  • ab636b0 Merge pull request #5075 from andreipfeiffer/master
  • 3b3449c Refactor: use const for non reassignable identifier
  • 2ba0499 3.0.0-rc.2
  • 1769fa2 Merge pull request #5064 from webpack/feature/scope-hoisting-multi-entry
  • a73646a Merge pull request #5060 from mikesherov/reason-chunks-as-set
  • 28f826a consistent order
  • 8a30188 use Set for ModuleReason chunk rewriting
  • 5d4ba56 Allow scope hoisting to process modules in multiple chunks
  • d6a7594 harmony modules without exports have no exports instead of unknown
  • 3ae782d Merge pull request #5049 from KTruong888/ES6_refactoring_multicompiler
  • 18cdba8 4099_ES6 refactor lib/MultiCompiler.js
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/jshuaf/project/35bbf94c-d63d-4d53-8322-52e675caed1b?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/jshuaf/project/35bbf94c-d63d-4d53-8322-52e675caed1b?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"eb9573c8-eeff-43bf-aff7-f37bbb387d45","prPublicId":"eb9573c8-eeff-43bf-aff7-f37bbb387d45","dependencies":[{"name":"babel-loader","from":"6.4.1","to":"7.0.0"},{"name":"webpack","from":"1.15.0","to":"3.0.0"}],"packageManager":"npm","projectPublicId":"35bbf94c-d63d-4d53-8322-52e675caed1b","projectUrl":"https://app.snyk.io/org/jshuaf/project/35bbf94c-d63d-4d53-8322-52e675caed1b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-LOADERUTILS-3105943"],"upgrade":["SNYK-JS-LOADERUTILS-3105943"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[551]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)