Open svcsnyksanity opened 1 month ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/@sanity/icons@3.4.0 | None | 0 |
1.38 MB | sanity-io |
npm/@sanity/ui@2.8.10 | Transitive: environment | +33 |
12 MB | armandocerna, ash, atombender, ...59 more |
npm/@types/react@18.3.11 | None | +2 |
1.69 MB | types |
npm/sanity@3.62.0 | Transitive: environment, eval, filesystem, network, shell, unsafe | +813 |
852 MB | bjoerge |
🚮 Removed packages: npm/@sanity/icons@3.3.1, npm/@sanity/ui@2.8.8, npm/@types/react@18.3.3, npm/sanity@3.52.4
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 6.9
SNYK-JS-PATHTOREGEXP-7925106
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: sanity
The new version differs by 250 commits.Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)