search

openstad / openstad-oauth2-server

MIT License
0 stars 8 forks source link

[Snyk] Fix for 3 vulnerabilities #55

Closed ToshKoevoets closed 2 years ago

ToshKoevoets commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 598/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.1		 Arbitrary Code Injection
SNYK-JS-EJS-1049328		 Yes Proof of Concept
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Validation Bypass
SNYK-JS-SANITIZEHTML-1070780		 Yes No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Access Restriction Bypass
SNYK-JS-SANITIZEHTML-1070786		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sanitize-html The new version differs by 98 commits.
  • fd3cb54 changelog credit
  • 6012524 Merge pull request #460 from apostrophecms/iframe-validation-redux
  • 5395e36 markdown
  • bff6d9f Merge pull request #459 from Aspedm/main
  • 1ecf30f pass eslint
  • 54851d0 new and interesting iframe validation exploits
  • dafee4f Update README.md
  • b77e1d9 2.3.1
  • bdf7836 Merge pull request #458 from apostrophecms/stop-idna-iframe-attacks
  • 477b032 Updates README to specify node version (#457)
  • 5804fa9 changelog
  • ca4b62a stop IDNA iframe attacks
  • 7229906 Fleshes out changelog message
  • 5d6c6e6 Updates the version number
  • af6e348 Fixes a typo in the changelog
  • 251e14a Merge pull request #429 from TrySound/upgrade-htmlparser2
  • 102c623 Upgrade to v6
  • f07bf65 Upgrade htmlparser2
  • 6a7b0ca bumps the version number (#446)
  • 4be8a61 Adds acknowledgement to changelog. (#445)
  • d59fdac Merge pull request #444 from aHerbots/patch-1
  • 34f00be Update CHANGELOG.md
  • 5ae731e Update README.md
  • 07d1523 Allow 'tel' links by default
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic