search

turkdevops / grafana

The tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More
https://grafana.com
Apache License 2.0
1 stars 0 forks source link

Bump @braintree/sanitize-url from 6.0.0 to 6.0.1 #762

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps @braintree/sanitize-url from 6.0.0 to 6.0.1.

Changelog

Sourced from @​braintree/sanitize-url's changelog.

6.0.1

  • Fix issue where urls in the form javascript:alert('xss'); were not properly sanitized
  • Fix issue where urls in the form javasc	ript:alert('XSS'); were not properly sanitized
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/grafana/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 191 security issues in this pull request:

Mode: paranoid | Total findings: 191 | Considered vulnerability: 191

Vulnerable Libraries (191)
Severity | Details ----- | -------- High | [pkg:npm/path-parse@1.0.6@1.0.6](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/lodash@4.17.15@4.17.15](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/lodash-es@4.17.15@4.17.15](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.17.20,4.17.20* High | [pkg:npm/ini@1.3.5@1.3.5](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.3.6* High | [pkg:npm/ansi-regex@3.0.0@3.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/ws@6.2.1@6.2.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* High | [pkg:npm/clean-css@3.4.28@3.4.28](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/websocket-extensions@0.1.3@0.1.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.1.4* N/A | [pkg:npm/handlebars@4.4.3@4.4.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.4.5* High | [pkg:npm/json5@0.5.1@0.5.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/terser@4.3.9@4.3.9](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/postcss@6.0.23@6.0.23](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *8.2.13,7.0.36* Medium | [pkg:npm/react@16.12.0@16.12.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/execa@1.0.0@1.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/telejson@3.3.0@3.3.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/nodemon@2.0.12@2.0.12](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/validator@8.2.0@8.2.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/async@3.2.0@3.2.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* High | [pkg:npm/ssri@7.1.0@7.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* High | [pkg:npm/css-what@2.1.3@2.1.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Low | [pkg:npm/polished@3.4.1@3.4.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/jsdom@11.12.0@11.12.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *16.5.0* Medium | [pkg:npm/terser@4.6.3@4.6.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/acorn@4.0.13@4.0.13](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/acorn@6.3.0@6.3.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *5.7.4,6.4.1,7.1.1* High | [pkg:npm/loader-utils@0.2.17@0.2.17](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/shelljs@0.8.3@0.8.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.8.5* High | [pkg:npm/acorn@3.3.0@3.3.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/http-cache-semantics@4.1.0@4.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.1.1,4.1.1* High | [pkg:npm/http-proxy@1.18.0@1.18.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/react-dev-utils@9.1.0@9.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/merge@1.2.1@1.2.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *2.1.1* Critical | [pkg:npm/ejs@2.7.1@2.7.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.1.7* High | [pkg:npm/html-minifier@2.1.7@2.1.7](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/typescript@3.7.5@3.7.5](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim-newlines@1.0.0@1.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* High | [pkg:npm/cacheable-request@6.1.0@6.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *10.2.7* Medium | [pkg:npm/postcss@5.2.18@5.2.18](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *8.2.13,7.0.36* High | [pkg:npm/nth-check@1.0.2@1.0.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *2.0.1* High | [pkg:npm/typescript@3.7.2@3.7.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/underscore@1.7.0@1.7.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/yargs-parser@4.2.1@4.2.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/uglify-js@2.6.4@2.6.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/y18n@4.0.0@4.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.2.2,4.0.1,5.0.5* High | [pkg:npm/json-stable-stringify@1.0.1@1.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/scss-tokenizer@0.2.3@0.2.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/markdown-to-jsx@6.10.3@6.10.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/clean-css@4.2.1@4.2.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/async@2.6.3@2.6.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* Critical | [pkg:npm/set-value@2.0.1@2.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim-newlines@2.0.0@2.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* High | [pkg:npm/phantomjs-prebuilt@2.1.16@2.1.16](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/acorn@5.7.3@5.7.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *5.7.4,6.4.1,7.1.1* N/A | [pkg:npm/nested-object-assign@1.0.3@1.0.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.0.4* N/A | [pkg:npm/dot-prop@4.2.0@4.2.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ejs@2.7.4@2.7.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/yargs-parser@13.1.1@13.1.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/ssri@6.0.1@6.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* High | [pkg:npm/decode-uri-component@0.2.0@0.2.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/yargs-parser@10.1.0@10.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/postcss@7.0.26@7.0.26](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *8.2.13,7.0.36* High | [pkg:npm/html-minifier@4.0.0@4.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@4.1.0@4.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/ajv@6.10.2@6.10.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.12.3* Critical | [pkg:npm/simple-git@1.126.0@1.126.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/tree-kill@1.2.1@1.2.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/qs@6.9.0@6.9.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.17.3,6.10.3,6.9.7,6.8.3,6.7.3,6.6.1,6.5.3,6.4.1,6.3.3,6.2.4* Critical | [pkg:npm/parse-path@4.0.1@4.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/opener@1.5.1@1.5.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/yargs-parser@11.1.1@11.1.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@4.8.6@4.8.6](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.16.5* Critical | [pkg:npm/qs@6.7.0@6.7.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ua-parser-js@0.7.20@0.7.20](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/minimist@1.2.5@1.2.5](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.2.6* N/A | [pkg:npm/lodash@3.10.1@3.10.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.17.5* Low | [pkg:npm/request@2.88.0@2.88.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/flat@4.1.0@4.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/terser@3.17.0@3.17.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.8.1,5.14.2* Critical | [pkg:npm/yup@0.26.10@0.26.10](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/lodash.template@4.5.0@4.5.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@5.1.0@5.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *5.1.2* Medium | [pkg:npm/https-proxy-agent@2.2.2@2.2.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/is-my-json-valid@2.20.0@2.20.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@9.6.0@9.6.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/streamroller@0.4.1@0.4.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/uglify-js@2.8.29@2.8.29](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/json-schema@0.2.3@0.2.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.4.0* High | [pkg:npm/simple-get@3.1.0@3.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.0.1,3.1.1,2.8.2* High | [pkg:npm/minimist@0.0.10@0.0.10](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/acorn@7.1.0@7.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/react@16.10.2@16.10.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/immer@1.10.0@1.10.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *8.0.1* Medium | [pkg:npm/postcss@7.0.18@7.0.18](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *8.2.13,7.0.36* Medium | [pkg:npm/browserslist@4.7.0@4.7.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.16.5* High | [pkg:npm/ansi-regex@5.0.0@5.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/color-string@1.5.3@1.5.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.5.5* High | [pkg:npm/angular@1.8.0@1.8.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/underscore.string@3.3.5@3.3.5](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/node-forge@0.9.0@0.9.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.10.0* Medium | [pkg:npm/bl@3.0.0@3.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.2.3,2.2.1,3.0.1,4.0.3* High | [pkg:npm/npm@6.14.6@6.14.6](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/d3-color@1.4.0@1.4.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/html-minifier@3.5.21@3.5.21](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/follow-redirects@1.5.10@1.5.10](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.14.7* High | [pkg:npm/shelljs@0.6.1@0.6.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.8.5* High | [pkg:npm/glob-parent@2.0.0@2.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/y18n@3.2.1@3.2.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.2.2,4.0.1,5.0.5* Medium | [pkg:npm/eslint@2.13.1@2.13.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/tmpl@1.0.4@1.0.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.0.5* High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.0.5* Medium | [pkg:npm/core-js@3.3.2@3.3.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/jsonpointer@4.0.1@4.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ansi-html@0.0.7@0.0.7](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/ramda@0.24.1@0.24.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/request@2.88.2@2.88.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/dot-prop@3.0.0@3.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/pug@2.0.4@2.0.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.0.1,2.0.3,3.0.2* High | [pkg:npm/trim@0.0.1@0.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.0.3* Medium | [pkg:npm/axios@0.19.0@0.19.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ajv@6.11.0@6.11.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.12.3* N/A | [pkg:npm/immer@4.0.2@4.0.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *8.0.1* Critical | [pkg:npm/uglify-js@3.4.10@3.4.10](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/is-svg@3.0.0@3.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.2.2* High | [pkg:npm/json5@1.0.1@1.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *2.2.2* Critical | [pkg:npm/serialize-javascript@1.9.1@1.9.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/npm-bundled@1.0.6@1.0.6](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/yargs-parser@15.0.0@15.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/prismjs@1.27.0@1.27.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/sockjs@0.3.19@0.3.19](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.3.20* Medium | [pkg:npm/trim-off-newlines@1.0.1@1.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.0.3* Medium | [pkg:npm/scss-tokenizer@0.3.0@0.3.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/parse-url@5.0.1@5.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/core-js@3.6.4@3.6.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/deep-object-diff@1.1.0@1.1.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/follow-redirects@1.14.4@1.14.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.14.7* High | [pkg:npm/debug@0.7.4@0.7.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/node-notifier@5.4.3@5.4.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *8.0.1* Medium | [pkg:npm/got@6.7.1@6.7.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/execa@0.7.0@0.7.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/thenify@3.3.0@3.3.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/minimist@1.1.3@1.1.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.2.1,1.2.3* Medium | [pkg:npm/marked@0.3.19@0.3.19](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *0.6.2* Low | [pkg:npm/elliptic@6.5.1@6.5.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ws@5.2.2@5.2.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Medium | [pkg:npm/nwsapi@2.1.4@2.1.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/minimist@0.0.8@0.0.8](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/moment@2.24.0@2.24.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *2.29.4,2.29.4* Medium | [pkg:npm/bl@1.2.2@1.2.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.2.3,2.2.1,3.0.1,4.0.3* N/A | [pkg:npm/npm-user-validate@1.0.0@1.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.0.1* Medium | [pkg:npm/highlight.js@9.13.1@9.13.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *9.18.2,10.1.2* High | [pkg:npm/fb-watchman@2.0.0@2.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/async@2.6.1@2.6.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/execa@0.10.0@0.10.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/minimist@1.2.0@1.2.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/xss@1.0.3@1.0.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/cypress@3.7.0@3.7.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/angular-sanitize@1.6.6@1.6.6](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@4.8.4@4.8.4](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.16.5* Critical | [pkg:npm/front-matter@2.1.2@2.1.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/http-cache-semantics@3.8.1@3.8.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/serialize-javascript@2.1.2@2.1.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/express@4.17.1@4.17.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/log4js@1.1.1@1.1.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *6.4.0* High | [pkg:npm/braces@1.8.5@1.8.5](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/property-expr@1.5.1@1.5.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/tar@4.4.13@4.4.13](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.4.18,5.0.10,6.1.9* Critical | [pkg:npm/qs@6.5.2@6.5.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/kind-of@6.0.2@6.0.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/pug-code-gen@2.0.2@2.0.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/shell-quote@1.7.2@1.7.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.7.3* Medium | [pkg:npm/node-fetch@2.6.0@2.6.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/prismjs@1.17.1@1.17.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *1.21.0* High | [pkg:npm/prompts@2.2.1@2.2.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/git-up@4.0.1@4.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/node-fetch@1.7.3@1.7.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/core-js@1.2.7@1.2.7](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.1.0* High | [pkg:npm/flatbuffers@1.11.0@1.11.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ajv@4.11.8@4.11.8](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/dns-packet@1.3.1@1.3.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/mocha@7.0.1@7.0.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@4.7.1@4.7.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *4.16.5* High | [pkg:npm/minimatch@3.0.3@3.0.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.0.5* High | [pkg:npm/ramda@0.21.0@0.21.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@2.1.1@2.1.1](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *2.2.2* Medium | [pkg:npm/core-js@2.6.10@2.6.10](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/loader-utils@1.2.3@1.2.3](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *2.0.3* High | [pkg:npm/merge-deep@3.0.2@3.0.2](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/simple-git@3.15.0@3.15.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) upgrade to: *3.16.0* Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/grafana/blob/dc6798612e1e20a325b2bec3c189ccb7ade3ea10/yarn.lock) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.