guardrails[bot]
commented
1 year ago :warning: We detected 59 security issues in this pull request:
Mode: paranoid | Total findings: 59 | Considered vulnerability: 59
Vulnerable Libraries (59)
Severity | Details ----- | -------- High | [pkg:npm/json5@1.0.1@1.0.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *2.2.2* High | [pkg:npm/ansi-regex@5.0.0@5.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Critical | [pkg:npm/qs@6.7.0@6.7.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/shell-quote@1.7.2@1.7.2](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *1.7.3* High | [pkg:npm/immer@8.0.1@8.0.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *9.0.6* High | [pkg:npm/core-js@2.6.9@2.6.9](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/nth-check@2.0.0@2.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@2.1.3@2.1.3](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *2.2.2* High | [pkg:npm/lodash.template@4.5.0@4.5.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/prismjs@1.27.0@1.27.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/minimist@1.2.5@1.2.5](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *1.2.6* N/A | [pkg:npm/shelljs@0.8.4@0.8.4](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *0.8.5* Medium | [pkg:npm/got@8.3.2@8.3.2](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/remarkable@2.0.0@2.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/json-schema@0.2.3@0.2.3](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *0.4.0* High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/semver-regex@2.0.0@2.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *3.1.3,4.0.1* High | [pkg:npm/http-cache-semantics@3.8.1@3.8.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/execa@1.0.0@1.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *3.0.5* High | [pkg:npm/terser@5.7.1@5.7.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/file-type@6.2.0@6.2.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@7.1.0@7.1.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/cacheable-request@2.1.4@2.1.4](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *10.2.7* Medium | [pkg:npm/ajv@6.12.0@6.12.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *6.12.3* Critical | [pkg:npm/loader-utils@1.4.0@1.4.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *2.0.3* Critical | [pkg:npm/set-getter@0.1.1@0.1.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/is-svg@3.0.0@3.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *4.2.2* High | [pkg:npm/prompts@2.4.0@2.4.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/set-value@2.0.0@2.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* N/A | [pkg:npm/randomatic@1.1.7@1.1.7](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *3.0.0* Medium | [pkg:npm/browserslist@4.14.2@4.14.2](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *4.16.5* High | [pkg:npm/file-type@3.9.0@3.9.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/highlight.js@9.18.5@9.18.5](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *10.4.1,10.4.1* Medium | [pkg:npm/postcss@7.0.36@7.0.36](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim-newlines@1.0.0@1.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* High | [pkg:npm/file-type@5.2.0@5.2.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/file-type@8.1.0@8.1.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/autolinker@3.11.1@3.11.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/nth-check@1.0.2@1.0.2](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *2.0.1* Critical | [pkg:npm/execa@0.7.0@0.7.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/decode-uri-component@0.2.0@0.2.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/express@4.17.1@4.17.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/qs@6.5.2@6.5.2](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/css-what@2.1.3@2.1.3](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/react@16.14.0@16.14.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *3.1.0* Medium | [pkg:npm/kind-of@6.0.2@6.0.2](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@4.16.1@4.16.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *4.16.5* High | [pkg:npm/file-type@10.11.0@10.11.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/file-type@4.4.0@4.4.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/autolinker@0.28.1@0.28.1](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** High | [pkg:npm/async@2.6.3@2.6.3](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* Critical | [pkg:npm/loader-utils@2.0.0@2.0.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *2.0.3* High | [pkg:npm/remarkable@1.7.4@1.7.4](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/react@17.0.2@17.0.2](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/set-value@0.4.3@0.4.3](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* Medium | [pkg:npm/request@2.88.0@2.88.0](https://github.com/turkdevops/prettier/blob/732f3b894e76e26bd7e80abe01cf7b8a86c5d152/website/yarn.lock) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).
π Go to the dashboard for detailed results.
π₯ Happy? Share your feedback with us.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.3
SNYK-JS-WEBPACK-3358798
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Learn about vulnerability in an interactive lesson of Snyk Learn.