search

thumbtack / thumbprint

Thumbprint is the design system at Thumbtack.
https://thumbprint.design
Apache License 2.0
201 stars 27 forks source link

[Snyk] Fix for 8 vulnerabilities #1008

Open trams opened 5 days ago

trams commented 5 days ago

snyk-top-banner

Snyk has created this PR to fix 8 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning ``` Failed to update the yarn.lock, please update manually before merging. ```

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		   170  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		   162  
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137		   158  
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		   158  
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		   155  
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		   119  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		   67  
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		   21  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Cross-site Request Forgery (CSRF) 🦉 Path Traversal

netlify[bot] commented 5 days ago

Deploy Preview for thumbprint canceled.

Name Link
Latest commit 58708820c622949cad953bc84c4fe7760f2c6157
Latest deploy log https://app.netlify.com/sites/thumbprint/deploys/672d06fa944fad0008bf4b92
netlify[bot] commented 5 days ago

Deploy Preview for thumbprint-gatsby failed.

Name Link
Latest commit 58708820c622949cad953bc84c4fe7760f2c6157
Latest deploy log https://app.netlify.com/sites/thumbprint-gatsby/deploys/672d06fafa180800084c82ee