Open snyk-bot opened 2 years ago
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ANSIREGEX-1583908
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
SNYK-JS-AXIOS-1038255
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-AXIOS-1579269
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-AXIOS-174505
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-COLORSTRING-1082939
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-LODASH-1018905
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
SNYK-JS-LODASH-1040724
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-LODASH-450202
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
SNYK-JS-LODASH-567746
Why? Has a fix available, CVSS 9.8
SNYK-JS-LODASH-590103
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-LODASH-608086
Why? Has a fix available, CVSS 7.5
SNYK-JS-MERGE-1040469
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-MERGE-1042987
Why? Has a fix available, CVSS 5.9
SNYK-JS-NODEFETCH-674311
Why? Has a fix available, CVSS 8.1
SNYK-JS-SHELLQUOTE-1766506
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-WS-1296835
Why? Has a fix available, CVSS 5.4
SNYK-JS-XMLDOM-1084960
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-YARGSPARSER-560381
Why? Has a fix available, CVSS 5.1
npm:mem:20180117
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @expo/vector-icons
The new version differs by 19 commits.- ea45070 Release 10.0.0
- aabefa9 Initial attempt at FontAwesome5 support
- 399efdc Add devDependencies to fix typechecking
- 7dc954f Merge pull request #84 from expo/@ evanbacon/typescript/migration
- 3bd77af Added yarn-error.log to the gitignore
- dd4c4ad Updated FontAwesome5
- 90e5902 Added build folder back
- 290fea4 Update README.md
- 4665009 Updated website
- b4e07ab Updated fonts
- b8903e4 Added upper level imports
- f3f7614 Updated to fully support web
- 32a88a9 removed build
- 1d47d6d Converted to TypeScript
- f60615e Merge pull request #83 from expo/@ evanbacon/es-imports
- 491f1d9 Merge pull request #82 from expo/@ evanbacon/react-native-import
- b1639e9 Updated all font files to use import instead of require
- b355184 Updated react-native import to work with web treeshaking
- fb3dde5 Release 9.0.0
See the full diffPackage name: axios
The new version differs by 250 commits.- e367be5 [Releasing] 0.21.3
- 83ae383 Correctly add response interceptors to interceptor chain (#4013)
- c0c8761 [Updating] changelog to include links to issues and contributors
- 619bb46 [Releasing] v0.21.2
- 82c9455 Create SECURITY.md (#3981)
- 5b45711 Security fix for ReDoS (#3980)
- 5bc9ea2 Update ECOSYSTEM.md (#3817)
- e72813a Fixing README.md (#3818)
- e10a027 Fix README typo under Request Config (#3825)
- e091491 Update README.md (#3936)
- b42fbad Removed un-needed bracket
- 520c8dc Updating CI status badge (#3953)
- 4fbeecb Adding CI on Github Actions. (#3938)
- e9965bf Fixing the sauce labs tests (#3813)
- dbc634c Remove charset in tests (#3807)
- 3958e9f Add explanation of cancel token (#3803)
- 69949a6 Adding custom return type support to interceptor (#3783)
- 49509f6 Create FUNDING.yml (#3796)
- 199c8aa Adding parseInt to config.timeout (#3781)
- 94fc4ea Adding isAxiosError typeguard documentation (#3767)
- 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
- a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
- 59fa614 [Updated] follow-redirects to the latest version (#3771)
- 7821ed2 Feat/json improvements (#3763)
See the full diffPackage name: react-native
The new version differs by 250 commits.- ace025d [0.64.0] Bump version numbers
- 728d55a Fixing the git attrs for all the people and all the files and all future 🙌
- 8a6ac1f chore: Update React.podspec to require cocoapods >= 1.10.1
- 138fdbc fix: restore refresh control fix
- 7f3f80f Fix RefreshControl layout when removed from window (#31024)
- 1aa4f47 [0.64.0-rc.4] Bump version numbers
- 48a97d7 chore: fix conflict in Podfile.lock
- e7e4b00 fix: disable fabric
- 14db556 fix: React Native CodeGen integration for 0.64-stable (#31027)
- 4b68734 Generalize node search logic
- 7159bcb Update flipper in RNTester and template (#31010)
- e846740 [0.64.0-rc.3] Bump version numbers
- c023a40 chore: bump codegen script
- 7004cac Invoke `node` directly in generate-specs.sh (#30781)
- 5ada078 Make codegen more reliable on iOS (#30792)
- 937ced3 Optionally override codegen script defaults via envvars
- e5888de Add use_react_native_codegen!
- 0636c45 Use Fabric builds in iOS tests (#30639)
- 224c85a Update iOS Fabric-related files to compile on OSS (#29810)
- 7ec38b9 Avoid eating clicks/taps into ScrollView when using physical keyboard (#30374)
- 052447c Remove dependency on Folly in TurboModuleUtils.h (#30672)
- 70ba9ac Expose the testID to black-box testing frameworks on Android (#29610)
- 1eb7d4a [0.64.0-rc.2] Bump version numbers
- 4481d09 Fix infinite loop in KeyboardAvoidingView
See the full diffPackage name: react-native-svg
The new version differs by 250 commits.- 8d7e9d3 6.1.0
- 1c12e4b Align SDK and gradle with react-native init
- be81454 Fix strokeWidth hitArea units calculation
- 26b9bf4 Merge pull request #586 from msand/numberPercentageRegEx
- e66a0fd Merge pull request #577 from simonbuchan/ts-export-props
- 5c58674 Merge pull request #588 from dlowder-salesforce/master
- f8c5b6b TextSpecificProps are optional.
- 27f0245 Fix tvOS compile issue (BezierElement.m)
- 85c1a23 Support exponential syntax in number and percentage regular expression.
- ba641f7 Update README.md
- 815b842 Extract font/text related typings from props.js, ReadonlyArray<>
- 52ec33e More fixes:
- 1fee877 Update README.md
- 8e9fa87 Merge pull request #582 from react-native-community/gradle3
- 4ef100c Bump version.
- a77d104 Fix linting and gradle 3.0.1 compatibility
- 7e6de5f Update README.md
- e37433c Fix some existing type definitions:
- ed1ab61 Add exports for prop types, additional type fixes.
- 5e05c21 Update README.md
- 22a43c8 Bump version.
- 60fdf93 Merge pull request #575 from glacjay/patch-1
- a10d06c Merge pull request #558 from msand/tailormade_distance_along_path
- 218b4cf fix an "out of range" error
See the full diffWith a Snyk patch:
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
SNYK-JS-LODASH-567746
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic