guardrails[bot]
commented
1 year ago :warning: We detected 30 security issues in this pull request:
Mode: paranoid | Total findings: 30 | Considered vulnerability: 30
Vulnerable Libraries (30)
Severity | Details ----- | -------- High | [pkg:npm/ansi-regex@4.1.0@4.1.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* High | [pkg:npm/minimist@1.2.0@1.2.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/https-proxy-agent@2.2.4@2.2.4](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *3.1.0* Critical | [pkg:npm/loader-utils@1.2.3@1.2.3](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *2.0.3* High | [pkg:npm/typescript@4.1.3@4.1.3](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/execa@1.0.0@1.0.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/ws@6.2.1@6.2.1](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Critical | [pkg:npm/minimist@1.2.5@1.2.5](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *1.2.6* Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/socket.io@4.5.3@4.5.3](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/node-fetch@2.6.1@2.6.1](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** High | [pkg:npm/json5@1.0.1@1.0.1](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *2.2.2* N/A | [pkg:npm/ansi-html@0.0.7@0.0.7](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/ua-parser-js@0.7.31@0.7.31](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** High | [pkg:npm/express@4.18.2@4.18.2](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** High | [pkg:npm/json5@2.2.0@2.2.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *2.2.2* High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *5.1.2* Critical | [pkg:npm/qs@6.7.0@6.7.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/loader-utils@2.0.0@2.0.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *2.0.3* Medium | [pkg:npm/kind-of@6.0.2@6.0.2](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/npm-packlist@1.4.1@1.4.1](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** High | [pkg:npm/underscore@1.9.1@1.9.1](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/uglify-js@2.8.29@2.8.29](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** High | [pkg:npm/decode-uri-component@0.2.0@0.2.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** High | [pkg:npm/minimist@0.0.8@0.0.8](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/node-fetch@1.7.3@1.7.3](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/npm-bundled@1.0.6@1.0.6](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/node-forge@0.9.0@0.9.0](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) upgrade to: *0.10.0* Critical | [pkg:npm/set-value@2.0.1@2.0.1](https://github.com/turkdevops/pusher-js/blob/33f1f4c23b1a46ce1998c57094efe498d007e919/package-lock.json) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.3
SNYK-JS-WEBPACK-3358798
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: webpack
The new version differs by 250 commits.- 5d64468 Merge pull request #16792 from webpack/update-version
- 67af5ec chore(release): 5.76.0
- 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
- b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
- c98e9e0 Merge pull request #16493 from piwysocki/patch-1
- 5f34acf feat: Add `target` to `LoaderContext` type
- b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
- 63ea82d Merge branch 'webpack:main' into patch-1
- 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
- 1acd635 Merge pull request #16613 from jakebailey/ts-logo
- 302eb37 Merge pull request #16614 from jakebailey/html5-logo
- cfdb1df Improve performance of hashRegExp lookup
- 4d561a6 Add test for behaviour of filesystem-cached assets with loaders
- dfaa3b4 lint: remove trailing comma
- dcc3e71 Serialize code generator data to support generated assets
- b67626c Merge pull request #16491 from lvivski/main
- d957cdf Fix formatting
- 6011163 Fix formatting
- ea5e864 Fix HTML5 logo in README
- 2112f9b Replace TypeScript logo in README
- 5513dd6 Merge branch 'webpack:main' into patch-1
- 4b4ca3b Merge pull request #16500 from Jack-Works/avoid-cross-realm-object
- 4f39c9f fix: type error
- c922ee1 chore: revert breaking change
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.