:warning: We detected 22 security issues in this pull request:
Hard-Coded Secrets (1)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Secret Keyword** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/user/config/install/user.mail.yml#L34 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword)
More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr).
---
Insecure Use of Regular Expressions (4)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Regex DOS (ReDOS)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/misc/position.es6.js#L30 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#security/detect-unsafe-regex)
Medium | Title: **Regex DOS (ReDOS)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/misc/position.js#L13 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#security/detect-unsafe-regex)
Medium | Title: **Regex DOS (ReDOS)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/scripts/js/ckeditor5-types-documentation.js#L30 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#security/detect-unsafe-regex)
Medium | Title: **Regex DOS (ReDOS)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/scripts/js/vendor-update.js#L34 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr#security/detect-unsafe-regex)
More info on how to fix Insecure Use of Regular Expressions in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr).
---
Information Disclosure (1)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Use of phpinfo()** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/system/src/Controller/SystemInfoController.php#L62 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/information-disclosure.html?utm_source=ghpr#phpinfo-use)
More info on how to fix Information Disclosure in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/information-disclosure.html?utm_source=ghpr).
---
Vulnerable Libraries (7)
Severity | Details
:-: | :--
N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/yarn.lock#L2792) (t) upgrade to: *3.1.0*
Medium | [pkg:npm/jquery-form@4.3.0@4.3.0](https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/yarn.lock#L4168) (t) - **no patch available**
High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/yarn.lock#L4649) (t) upgrade to: *3.0.5*
Critical | [pkg:npm/vm2@3.9.12@3.9.12](https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/yarn.lock#L6596) (t) upgrade to: *3.9.15*
N/A | [pkg:npm/jake@10.8.5@10.8.5](https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/yarn.lock#L4145) (t) - **no patch available**
Medium | [pkg:npm/node-fetch@2.6.7@2.6.7](https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/yarn.lock#L4822) (t) - **no patch available**
High | [pkg:npm/webpack@5.75.0@5.75.0](https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/yarn.lock#L6678) (t) upgrade to: *5.76.0*
More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).
---
Insecure Use of Dangerous Function (6)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/ckeditor5/js/ckeditor5.admin.es6.js#L328 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/ckeditor5/js/ckeditor5.admin.es6.js#L737 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/ckeditor5/js/ckeditor5.admin.js#L184 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/ckeditor5/js/ckeditor5.admin.js#L386 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/themes/olivero/js/second-level-navigation.es6.js#L81 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/themes/olivero/js/second-level-navigation.js#L38 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
More info on how to fix Insecure Use of Dangerous Function in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr).
---
Insecure Processing of Data (3)
Severity | Details | Docs
:-: | :-- | :-:
Low | Title: **Insecure HTTP redirect** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/.ht.router.php#L29 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_processing_of_data.html?utm_source=ghpr#http-redirect-gr)
Medium | Title: **Unescaped user input in HTML** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/ckeditor5/js/ckeditor5.es6.js#L652 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.lang.taint-frontend-html-injection)
Medium | Title: **Unescaped user input in HTML** https://github.com/pantheon-systems/drops-8/blob/c36d836fed694523bcb53966409e5663210cd7b0/core/modules/ckeditor5/js/ckeditor5.js#L291 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.lang.taint-frontend-html-injection)
More info on how to fix Insecure Processing of Data in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_processing_of_data.html?utm_source=ghpr) and [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr).
Update from Drupal 9.1.0 to Drupal 9.5.8.
This is experimental. Do not merge.