keepid / keepid_client

Keep.id Client application built with TypeScript and React.js
Apache License 2.0
8 stars 4 forks source link

[Snyk] Fix for 1 vulnerabilities #485

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-D3COLOR-1076592
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nivo/core The new version differs by 250 commits.
  • 56db9cb v0.81.0
  • 6d94660 fix: Relax constraints on `@ react-spring/web` (#2280)
  • f987fa6 Bugfix/website/bar add legends fix (#2282)
  • 408d46f Add mouse events to line slices
  • 4240e36 bugfix: fix CustomLayerProps lineGenerator type by removing unnecessary Array type
  • aacd7ed chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1
  • 62ded37 fix(jest): update jest config for d3-color
  • 0224904 chore(deps): bump d3-color from 2.0.0 to 3.1.0
  • 3c2d615 chore(deps): bump loader-utils from 1.4.0 to 1.4.2
  • fdc9ab1 chore(deps): bump qs from 6.5.2 to 6.5.3
  • 7d802cc chore(deps): bump ua-parser-js from 0.7.31 to 0.7.33
  • b35ef90 Run lint
  • 0cdfedf Check if ResizeObserver is defined instead of checking window object
  • 1d8dcf4 chore(deps): bump socket.io-parser from 4.0.4 to 4.0.5
  • c6f2e92 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2
  • 4bb3a06 chore(deps): bump express from 4.17.1 to 4.17.3
  • c2ef241 chore(deps): bump json5 from 1.0.1 to 1.0.2
  • 91a775f chore(deps): bump luxon from 1.28.0 to 1.28.1
  • 3e639a2 fix(website): minor docs fix for specifying color (#2139)
  • e1d8555 fix(website): remove orient prop from axisBottom and axisLeft
  • 4ccb8df fix(canvas): fix getRelativeCursor for non SVG implementations
  • df352b8 v0.80.0
  • fb6cc9f chore(deps): update yarn.lock
  • 95a81d5 fix(bar): align d3-shape version with other packages (#2076)
See the full diff
Package name: @nivo/pie The new version differs by 250 commits.
  • 56db9cb v0.81.0
  • 6d94660 fix: Relax constraints on `@ react-spring/web` (#2280)
  • f987fa6 Bugfix/website/bar add legends fix (#2282)
  • 408d46f Add mouse events to line slices
  • 4240e36 bugfix: fix CustomLayerProps lineGenerator type by removing unnecessary Array type
  • aacd7ed chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1
  • 62ded37 fix(jest): update jest config for d3-color
  • 0224904 chore(deps): bump d3-color from 2.0.0 to 3.1.0
  • 3c2d615 chore(deps): bump loader-utils from 1.4.0 to 1.4.2
  • fdc9ab1 chore(deps): bump qs from 6.5.2 to 6.5.3
  • 7d802cc chore(deps): bump ua-parser-js from 0.7.31 to 0.7.33
  • b35ef90 Run lint
  • 0cdfedf Check if ResizeObserver is defined instead of checking window object
  • 1d8dcf4 chore(deps): bump socket.io-parser from 4.0.4 to 4.0.5
  • c6f2e92 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2
  • 4bb3a06 chore(deps): bump express from 4.17.1 to 4.17.3
  • c2ef241 chore(deps): bump json5 from 1.0.1 to 1.0.2
  • 91a775f chore(deps): bump luxon from 1.28.0 to 1.28.1
  • 3e639a2 fix(website): minor docs fix for specifying color (#2139)
  • e1d8555 fix(website): remove orient prop from axisBottom and axisLeft
  • 4ccb8df fix(canvas): fix getRelativeCursor for non SVG implementations
  • df352b8 v0.80.0
  • fb6cc9f chore(deps): update yarn.lock
  • 95a81d5 fix(bar): align d3-shape version with other packages (#2076)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)