search

mmboldori / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

[Snyk] Upgrade sanitize-html from 1.4.2 to 1.27.5 #2

Open mmboldori opened 2 years ago

mmboldori commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade sanitize-html from 1.4.2 to 1.27.5.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=sanitize-html&from_version=1.4.2&to_version=1.27.5&pr_id=e3d94f1d-faa0-4320-bfef-0f4547529ed3&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **57 versions** ahead of your current version. - The recommended version was released **2 years ago**, on 2020-09-23. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-LODASH-73638](https://snyk.io/vuln/SNYK-JS-LODASH-73638) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept | Prototype Pollution
[SNYK-JS-LODASH-608086](https://snyk.io/vuln/SNYK-JS-LODASH-608086) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept | Prototype Pollution
[SNYK-JS-LODASH-450202](https://snyk.io/vuln/SNYK-JS-LODASH-450202) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept | Command Injection
[SNYK-JS-LODASH-1040724](https://snyk.io/vuln/SNYK-JS-LODASH-1040724) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept | Cross-site Scripting (XSS)
[npm:sanitize-html:20161026](https://snyk.io/vuln/npm:sanitize-html:20161026) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Mature | Cross-site Scripting (XSS)
[npm:sanitize-html:20160801](https://snyk.io/vuln/npm:sanitize-html:20160801) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | No Known Exploit | Cross-site Scripting (XSS)
[npm:sanitize-html:20141024](https://snyk.io/vuln/npm:sanitize-html:20141024) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | No Known Exploit | Prototype Pollution
[npm:lodash:20180130](https://snyk.io/vuln/npm:lodash:20180130) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-73639](https://snyk.io/vuln/SNYK-JS-LODASH-73639) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-1018905](https://snyk.io/vuln/SNYK-JS-LODASH-1018905) | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: sanitize-html
  • 1.27.5 - 2020-09-23
  • 1.27.4 - 2020-08-26
  • 1.27.3 - 2020-08-12
  • 1.27.2 - 2020-07-29
  • 1.27.1 - 2020-07-15
  • 1.27.0 - 2020-06-17
  • 1.26.0 - 2020-06-03
  • 1.25.0 - 2020-05-29
  • 1.24.0 - 2020-05-20
  • 1.23.0 - 2020-04-09
  • 1.22.1 - 2020-03-12
  • 1.22.0 - 2020-02-23
  • 1.21.1 - 2020-01-17
  • 1.21.0 - 2020-01-17
  • 1.20.1 - 2019-04-25
  • 1.20.0 - 2018-12-17
  • 1.19.3 - 2018-12-05
  • 1.19.2 - 2018-12-03
  • 1.19.1 - 2018-09-28
  • 1.19.0 - 2018-09-12
  • 1.18.5 - 2018-09-05
  • 1.18.4 - 2018-08-02
  • 1.18.3 - 2018-08-01
  • 1.18.2 - 2018-02-20
  • 1.18.1 - 2018-02-20
  • 1.18.0 - 2018-02-20
  • 1.17.0 - 2018-01-15
  • 1.16.3 - 2017-12-12
  • 1.16.2 - 2017-12-12
  • 1.16.1 - 2017-11-21
  • 1.16.0 - 2017-11-21
  • 1.15.0 - 2017-10-30
  • 1.14.3 - 2017-10-30
  • 1.14.2 - 2017-10-30
  • 1.14.1 - 2017-01-13
  • 1.14.0 - 2017-01-13
  • 1.13.0 - 2016-07-19
  • 1.12.0 - 2016-06-16
  • 1.11.4 - 2016-03-28
  • 1.11.3 - 2016-01-13
  • 1.11.2 - 2015-12-01
  • 1.11.1 - 2015-10-13
  • 1.11.0 - 2015-10-08
  • 1.10.1 - 2015-09-28
  • 1.10.0 - 2015-08-31
  • 1.9.0 - 2015-08-18
  • 1.8.0 - 2015-08-10
  • 1.7.2 - 2015-07-22
  • 1.7.1 - 2015-07-21
  • 1.7.0 - 2015-06-03
  • 1.6.1 - 2015-02-18
  • 1.6.0 - 2015-02-13
  • 1.5.3 - 2015-02-06
  • 1.5.2 - 2015-01-26
  • 1.5.1 - 2015-01-11
  • 1.5.0 - 2015-01-07
  • 1.4.3 - 2014-10-14
  • 1.4.2 - 2014-09-26
from sanitize-html GitHub release notes
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/mmboldori/project/cdf6dd02-46f7-4805-9b0f-f8f6aa5f2dfd?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/mmboldori/project/cdf6dd02-46f7-4805-9b0f-f8f6aa5f2dfd/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/mmboldori/project/cdf6dd02-46f7-4805-9b0f-f8f6aa5f2dfd/settings/integration?pkg=sanitize-html&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication