build(deps): bump ua-parser-js from 0.7.20 to 0.7.33

[dependabot[bot]]

Bumps ua-parser-js from 0.7.20 to 0.7.33.

Changelog

Sourced from ua-parser-js's changelog.

Version 0.7.33 / 1.0.33

• Add new browser : Cobalt
• Identify Macintosh as an Apple device
• Fix ReDoS vulnerability

Version 0.8

Version 0.8 was created by accident. This version is now deprecated and no longer maintained, please update to version 0.7 / 1.0.

Commits

• f2d0db0 Bump version 0.7.33
• a6140a1 Remove unsafe regex in trim() function
• a886604 Fix #605 - Identify Macintosh as Apple device
• b814bcd Merge pull request #606 from rileyjshaw/patch-1
• 7f71024 Fix documentation
• c239ac5 Merge pull request #604 from obecerra3/master
• 8d3c2d3 Add new browser: Cobalt
• d11fc47 Bump version 0.7.32
• b490110 Merge branch 'develop' of github.com:faisalman/ua-parser-js
• cb5da5e Merge pull request #600 from moekm/develop
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/sourcegraph/network/alerts).

[guardrails[bot]]

:warning: We detected 165 security issues in this pull request:

Mode: paranoid | Total findings: 165 | Considered vulnerability: 165

Vulnerable Libraries (165)

Severity | Details ----- | -------- Medium | [pkg:npm/highlight.js@10.1.1@10.1.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *9.18.2,10.1.2* High | [pkg:npm/shelljs@0.7.7@0.7.7](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.8.5* Medium | [pkg:npm/yargs-parser@16.1.0@16.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *13.1.2,15.0.1,18.1.1,5.0.1* Medium | [pkg:npm/jszip@2.7.0@2.7.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/async@3.2.0@3.2.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* Medium | [pkg:npm/browserslist@4.5.4@4.5.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.16.5* Medium | [pkg:npm/nwsapi@2.2.0@2.2.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/stylelint@13.6.1@13.6.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/jsdom@11.12.0@11.12.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *16.5.0* High | [pkg:npm/acorn@3.3.0@3.3.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/loader-utils@1.2.3@1.2.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.0.3* High | [pkg:npm/async@2.5.0@2.5.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* Critical | [pkg:npm/chrome-launcher@0.13.1@0.13.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *5.1.2* Critical | [pkg:npm/bunyan@1.8.12@1.8.12](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/is-my-json-valid@2.20.0@2.20.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/node-fetch@2.1.2@2.1.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/node-forge@0.9.0@0.9.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.10.0* High | [pkg:npm/y18n@3.2.1@3.2.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.2.2,4.0.1,5.0.5* High | [pkg:npm/follow-redirects@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.14.7* Critical | [pkg:npm/lodash@4.17.20@4.17.20](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/mixin-deep@1.3.1@1.3.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/engine.io@3.4.0@3.4.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.0.0* High | [pkg:npm/terser@5.0.0@5.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.8.1,5.14.2* High | [pkg:npm/simple-git@2.12.0@2.12.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.3.0* High | [pkg:npm/fb-watchman@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/underscore@1.6.0@1.6.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/npm-bundled@1.0.5@1.0.5](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/json-stable-stringify@1.0.1@1.0.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/tar@6.0.2@6.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.4.18,5.0.10,6.1.9* N/A | [pkg:npm/immer@1.10.0@1.10.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *8.0.1* High | [pkg:npm/xmlhttprequest-ssl@1.5.5@1.5.5](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/flat@4.1.0@4.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@4.12.0@4.12.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.16.5* Medium | [pkg:npm/jsdom@15.2.1@15.2.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *16.5.0* Critical | [pkg:npm/loader-utils@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.0.3* Medium | [pkg:npm/react@16.13.1@16.13.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@9.6.0@9.6.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/set-value@0.4.3@0.4.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* N/A | [pkg:npm/nested-object-assign@1.0.3@1.0.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.0.4* Critical | [pkg:npm/execa@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ansi-html@0.0.7@0.0.7](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/graphiql@1.0.3@1.0.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/deep-object-diff@1.1.0@1.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/ini@1.3.5@1.3.5](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.3.6* High | [pkg:npm/json5@1.0.2@1.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.2.2* Low | [pkg:npm/polished@3.4.0@3.4.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/prompts@2.3.2@2.3.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/markdown-it@10.0.0@10.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/jsonwebtoken@8.5.1@8.5.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *9.0.0* High | [pkg:npm/acorn@5.7.3@5.7.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *5.7.4,6.4.1,7.1.1* Critical | [pkg:npm/set-value@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* Medium | [pkg:npm/highlight.js@9.13.1@9.13.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *9.18.2,10.1.2* Critical | [pkg:npm/json-schema@0.2.3@0.2.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.4.0* N/A | [pkg:npm/yargs-parser@9.0.2@9.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/lodash.template@4.4.0@4.4.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/async@2.6.3@2.6.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* Medium | [pkg:npm/bundlesize@0.18.0@0.18.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim-newlines@3.0.0@3.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* High | [pkg:npm/follow-redirects@1.5.10@1.5.10](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.14.7* N/A | [pkg:npm/node-forge@0.7.5@0.7.5](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.0.0* High | [pkg:npm/jsonpointer@4.0.1@4.0.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/webcomponents.js@0.7.20@0.7.20](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/axios@0.19.0@0.19.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/execa@0.7.0@0.7.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/mocha@8.1.1@8.1.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/request@2.88.0@2.88.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/ssri@6.0.1@6.0.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* High | [pkg:npm/react-dev-utils@9.0.1@9.0.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/fast-json-patch@2.1.0@2.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.1.1* N/A | [pkg:npm/hosted-git-info@2.8.5@2.8.5](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/websocket-extensions@0.1.3@0.1.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.1.4* High | [pkg:npm/http-proxy@1.17.0@1.17.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/y18n@4.0.0@4.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.2.2,4.0.1,5.0.5* N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.1.0* High | [pkg:npm/ramda@0.21.0@0.21.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/cross-fetch@3.0.5@3.0.5](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.1.5,2.2.6* High | [pkg:npm/pathval@1.1.0@1.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.1.1* Medium | [pkg:npm/marked@0.3.19@0.3.19](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.6.2* Medium | [pkg:npm/marked@1.1.1@1.1.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.0.0* High | [pkg:npm/html-minifier@3.5.21@3.5.21](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/color-string@1.5.3@1.5.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.5.5* High | [pkg:npm/telejson@3.3.0@3.3.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/bl@4.0.2@4.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.2.3,2.2.1,3.0.1,4.0.3* High | [pkg:npm/url-parse@1.4.7@1.4.7](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/postcss@7.0.32@7.0.32](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim-newlines@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* Low | [pkg:npm/request@2.88.2@2.88.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Low | [pkg:npm/elliptic@6.4.1@6.4.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/cross-fetch@2.2.2@2.2.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.1.5,2.2.6* High | [pkg:npm/clean-css@4.2.1@4.2.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/nth-check@1.0.2@1.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.0.1* Critical | [pkg:npm/thenify@3.3.0@3.3.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/normalize-url@4.3.0@4.3.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.5.1,5.3.1,6.0.1* Medium | [pkg:npm/node-fetch@1.7.3@1.7.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ua-parser-js@0.7.33@0.7.33](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@5.0.0@5.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* High | [pkg:npm/sanitize-html@2.3.2@2.3.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/prismjs@1.16.0@1.16.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.23.0* High | [pkg:npm/tar@4.4.13@4.4.13](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.2.2,4.4.14,5.0.6,6.1.1* High | [pkg:npm/json-merge-patch@0.2.3@0.2.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@6.7.1@6.7.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ejs@2.7.4@2.7.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/d3-color@1.2.3@1.2.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/simple-get@2.8.1@2.8.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.0.1,3.1.1,2.8.2* High | [pkg:npm/ssri@8.0.0@8.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* N/A | [pkg:npm/dot-prop@4.2.0@4.2.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/minimist@0.0.8@0.0.8](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/json-bigint@0.3.0@0.3.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.0.0* High | [pkg:npm/path-parse@1.0.6@1.0.6](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ajv@5.5.2@5.5.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.12.3* Medium | [pkg:npm/node-fetch@2.6.0@2.6.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/eslint@3.19.0@3.19.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/socket.io-parser@3.3.0@3.3.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.3.2,3.4.1* Medium | [pkg:npm/istanbul-reports@3.0.2@3.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ajv@4.11.8@4.11.8](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/moment@2.24.0@2.24.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.29.4,2.29.4* High | [pkg:npm/axios@0.15.3@0.15.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.18.1* Medium | [pkg:npm/https-proxy-agent@2.2.4@2.2.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@2.1.2@2.1.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.2.2* High | [pkg:npm/opener@1.5.1@1.5.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/codemirror@5.55.0@5.55.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.0.5* Medium | [pkg:npm/ws@5.2.2@5.2.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Medium | [pkg:npm/adm-zip@0.4.13@0.4.13](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@4.1.0@4.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* High | [pkg:npm/socket.io-parser@3.4.0@3.4.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *3.3.2,3.4.1* Critical | [pkg:npm/shell-quote@1.6.1@1.6.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.7.3* High | [pkg:npm/npm@6.13.4@6.13.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *5.1.2* Medium | [pkg:npm/ajv@6.12.0@6.12.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.12.3* Medium | [pkg:npm/npm-registry-fetch@4.0.2@4.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.0.5,8.1.1* High | [pkg:npm/express@4.18.2@4.18.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/markdown-to-jsx@6.11.4@6.11.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/decode-uri-component@0.2.2@0.2.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/css-what@2.1.3@2.1.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@11.5.2@11.5.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *12.1.0,11.8.5* Medium | [pkg:npm/ws@6.2.1@6.2.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* High | [pkg:npm/shelljs@0.8.4@0.8.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.8.5* Medium | [pkg:npm/bl@1.2.2@1.2.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.2.3,2.2.1,3.0.1,4.0.3* N/A | [pkg:npm/ws@6.1.2@6.1.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/ajv@6.12.2@6.12.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/postcss@7.0.27@7.0.27](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/socket.io@2.3.0@2.3.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/loader-utils@1.4.0@1.4.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *2.0.3* High | [pkg:npm/tmpl@1.0.4@1.0.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.0.5* High | [pkg:npm/ssri@7.0.1@7.0.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* Medium | [pkg:npm/node-notifier@6.0.0@6.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *8.0.1* High | [pkg:npm/yargs-parser@5.0.0@5.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ws@7.2.3@7.2.3](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Medium | [pkg:npm/serialize-javascript@2.1.2@2.1.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/uglify-js@3.4.9@3.4.9](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/yargs-parser@4.2.1@4.2.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/merge-deep@3.0.2@3.0.2](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/axios@0.18.0@0.18.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/npm-user-validate@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *1.0.1* High | [pkg:npm/trim@0.0.1@0.0.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *0.0.3* High | [pkg:npm/@graphql-tools/git-loader@6.0.14@6.0.14](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.2.6* High | [pkg:npm/glob-parent@5.1.0@5.1.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/is-svg@3.0.0@3.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *4.2.2* Critical | [pkg:npm/copy-props@2.0.4@2.0.4](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/ansi-regex@3.0.0@3.0.0](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/dns-packet@1.3.1@1.3.1](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** High | [pkg:npm/typescript@3.9.7@3.9.7](https://github.com/turkdevops/sourcegraph/blob/6116b4a9f8d4833b3b12259fdc3d4cf02df8688e/yarn.lock) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.