search

turkdevops / sourcegraph

Universal code search (self-hosted)
https://sourcegraph.com
Other
1 stars 0 forks source link

[Snyk] Security upgrade webpack from 5.24.1 to 5.76.0 #419

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 808/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.3		 Sandbox Bypass
SNYK-JS-WEBPACK-3358798		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Learn about vulnerability in an interactive lesson of Snyk Learn.

guardrails[bot] commented 1 year ago

:warning: We detected 172 security issues in this pull request:

Mode: paranoid | Total findings: 172 | Considered vulnerability: 172

Vulnerable Libraries (172)
Severity | Details ----- | -------- High | [pkg:npm/y18n@5.0.5@5.0.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/json-bigint@0.3.0@0.3.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.0.0* Medium | [pkg:npm/bl@1.2.2@1.2.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.2.3,2.2.1,3.0.1,4.0.3* High | [pkg:npm/http-cache-semantics@4.0.3@4.0.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.1.1,4.1.1* High | [pkg:npm/ssri@8.0.0@8.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* High | [pkg:npm/y18n@4.0.0@4.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.2.2,4.0.1,5.0.5* High | [pkg:npm/fb-watchman@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/json-stable-stringify@1.0.1@1.0.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ws@6.1.2@6.1.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/cacheable-request@7.0.1@7.0.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *10.2.7* N/A | [pkg:npm/node-forge@0.9.0@0.9.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.10.0* High | [pkg:npm/lodash-es@4.17.15@4.17.15](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.17.20,4.17.20* High | [pkg:npm/acorn@3.3.0@3.3.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.0.5* High | [pkg:npm/ssri@6.0.1@6.0.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *6.0.2,7.1.1,8.0.1* Medium | [pkg:npm/ajv@6.12.0@6.12.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *6.12.3* Medium | [pkg:npm/request@2.88.0@2.88.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/dns-packet@1.3.1@1.3.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ws@7.4.0@7.4.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* High | [pkg:npm/mocha@8.2.1@8.2.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/postcss@7.0.27@7.0.27](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/execa@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/async@2.5.0@2.5.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* High | [pkg:npm/ansi-regex@3.0.0@3.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Medium | [pkg:npm/nanoid@3.1.20@3.1.20](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.1.31* N/A | [pkg:npm/axios@0.15.3@0.15.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.21.1* High | [pkg:npm/typescript@4.0.3@4.0.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/codemirror@5.58.3@5.58.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/core-js@2.6.11@2.6.11](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/unset-value@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/qs@6.5.2@6.5.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/lodash@4.17.20@4.17.20](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/set-value@0.4.3@0.4.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* Medium | [pkg:npm/nanoid@3.1.12@3.1.12](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.1.31* High | [pkg:npm/json-merge-patch@0.2.3@0.2.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/path-parse@1.0.6@1.0.6](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/follow-redirects@1.12.1@1.12.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.14.7* Critical | [pkg:npm/set-value@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.0.1,3.0.1* Medium | [pkg:npm/engine.io@4.1.1@4.1.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/bl@4.0.2@4.0.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.2.3,2.2.1,3.0.1,4.0.3* Critical | [pkg:npm/shell-quote@1.6.1@1.6.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.7.3* Medium | [pkg:npm/node-notifier@6.0.0@6.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *8.0.1* High | [pkg:npm/telejson@5.0.2@5.0.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ajv@4.11.8@4.11.8](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/bunyan@1.8.12@1.8.12](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *5.1.2* Medium | [pkg:npm/serialize-javascript@2.1.2@2.1.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/axios@0.19.0@0.19.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/marked@1.2.7@1.2.7](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.0.0* High | [pkg:npm/mixin-deep@1.3.1@1.3.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/websocket-extensions@0.1.3@0.1.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.1.4* High | [pkg:npm/normalize-url@4.3.0@4.3.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.5.1,5.3.1,6.0.1* High | [pkg:npm/stylelint@13.8.0@13.8.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/@graphql-tools/git-loader@6.2.5@6.2.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *6.2.6* N/A | [pkg:npm/hosted-git-info@3.0.7@3.0.7](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/webpack@4.44.2@4.44.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/minimist@1.2.5@1.2.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.2.6* Medium | [pkg:npm/eslint@3.19.0@3.19.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/is-my-json-valid@2.20.0@2.20.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/lodash.template@4.4.0@4.4.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/glob-parent@3.1.0@3.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *5.1.2* Medium | [pkg:npm/bundlesize@0.18.0@0.18.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/ansi-html@0.0.7@0.0.7](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/y18n@3.2.1@3.2.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.2.2,4.0.1,5.0.5* High | [pkg:npm/css-what@2.1.2@2.1.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.1.3* Medium | [pkg:npm/ws@7.4.5@7.4.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* High | [pkg:npm/core-js@3.8.2@3.8.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/jsonpointer@4.0.1@4.0.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim@0.0.1@0.0.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.0.3* Critical | [pkg:npm/loader-utils@2.0.0@2.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.0.3* High | [pkg:npm/flat@5.0.2@5.0.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Low | [pkg:npm/polished@3.6.7@3.6.7](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/istanbul-reports@3.0.2@3.0.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@1.0.1@1.0.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.2.2* High | [pkg:npm/http-proxy@1.17.0@1.17.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ws@7.2.3@7.2.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Critical | [pkg:npm/loader-utils@1.4.0@1.4.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.0.3* High | [pkg:npm/dicer@0.3.0@0.3.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/eventsource@1.0.7@1.0.7](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.1.1,2.0.2* High | [pkg:npm/jake@10.8.2@10.8.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/thenify@3.3.0@3.3.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/ramda@0.21.0@0.21.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/json5@2.1.2@2.1.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.2.2* Medium | [pkg:npm/browserslist@4.16.1@4.16.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.16.5* Medium | [pkg:npm/adm-zip@0.4.13@0.4.13](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/is-svg@3.0.0@3.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.2.2* Medium | [pkg:npm/nwsapi@2.2.0@2.2.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/tar@4.4.13@4.4.13](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.4.18,5.0.10,6.1.9* High | [pkg:npm/minimist@0.0.8@0.0.8](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.1.0* N/A | [pkg:npm/hosted-git-info@2.8.5@2.8.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ws@6.2.1@6.2.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *7.4.6,6.2.2,5.2.3* Medium | [pkg:npm/https-proxy-agent@2.2.4@2.2.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/async@3.2.0@3.2.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* High | [pkg:npm/sanitize-html@1.26.0@1.26.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/clean-css@4.2.3@4.2.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Low | [pkg:npm/node-fetch@2.6.1@2.6.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/color-string@1.5.4@1.5.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.5.5* Low | [pkg:npm/elliptic@6.4.1@6.4.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/socket.io-parser@4.0.4@4.0.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.0.5,4.2.1* Medium | [pkg:npm/request@2.88.2@2.88.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/qs@6.7.0@6.7.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/filelist@1.0.1@1.0.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/busboy@0.3.1@0.3.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/postcss@8.2.4@8.2.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *7.0.36,8.2.10* High | [pkg:npm/decode-uri-component@0.2.0@0.2.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/shelljs@0.7.7@0.7.7](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.8.5* Medium | [pkg:npm/node-fetch@1.7.3@1.7.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/webcomponents.js@0.7.20@0.7.20](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/jsonwebtoken@8.5.1@8.5.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/follow-redirects@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.14.7* High | [pkg:npm/tar@6.0.2@6.0.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.4.18,5.0.10,6.1.9* Medium | [pkg:npm/ejs@2.7.4@2.7.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/yargs-parser@16.1.0@16.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *13.1.2,15.0.1,18.1.1,5.0.1* Medium | [pkg:npm/markdown-to-jsx@6.11.4@6.11.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ua-parser-js@0.7.20@0.7.20](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/tmpl@1.0.4@1.0.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.0.5* High | [pkg:npm/react-dev-utils@10.2.1@10.2.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/fast-json-patch@2.1.0@2.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.1.1* High | [pkg:npm/underscore@1.6.0@1.6.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/simple-get@2.8.1@2.8.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.0.1,3.1.1,2.8.2* High | [pkg:npm/glob-parent@5.1.0@5.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *5.1.2* High | [pkg:npm/typescript@4.1.3@4.1.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@9.6.0@9.6.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/@actions/core@1.2.6@1.2.6](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.9.1* Medium | [pkg:npm/npm-bundled@1.0.5@1.0.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/prismjs@1.22.0@1.22.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.23.0* Medium | [pkg:npm/react@16.14.0@16.14.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/acorn@5.7.3@5.7.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *5.7.4,6.4.1,7.1.1* Medium | [pkg:npm/cross-fetch@3.0.6@3.0.6](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.1.5,2.2.6* High | [pkg:npm/async@2.6.3@2.6.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.2.2,2.6.4* Medium | [pkg:npm/jsdom@15.2.1@15.2.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *16.5.0* High | [pkg:npm/ansi-regex@5.0.0@5.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* Critical | [pkg:npm/chrome-launcher@0.13.1@0.13.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.13.2* N/A | [pkg:npm/shelljs@0.8.4@0.8.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.8.5* Critical | [pkg:npm/socket.io@3.1.2@3.1.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@6.7.1@6.7.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/nth-check@1.0.2@1.0.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.0.1* High | [pkg:npm/trim-newlines@1.0.0@1.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* High | [pkg:npm/postcss@7.0.35@7.0.35](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** N/A | [pkg:npm/node-forge@0.10.0@0.10.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.0.0* Medium | [pkg:npm/jszip@2.6.1@2.6.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.7.0* High | [pkg:npm/pathval@1.1.0@1.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.1.1* High | [pkg:npm/ansi-regex@4.1.0@4.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* High | [pkg:npm/socket.io-parser@3.3.0@3.3.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.3.2,3.4.1* N/A | [pkg:npm/immer@1.10.0@1.10.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *8.0.1* High | [pkg:npm/graphiql@1.3.2@1.3.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.4.7* High | [pkg:npm/url-parse@1.4.7@1.4.7](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/d3-color@1.2.3@1.2.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/shell-quote@1.7.2@1.7.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.7.3* High | [pkg:npm/cacheable-request@6.1.0@6.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *10.2.7* High | [pkg:npm/node-forge@0.7.5@0.7.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.10.0* Medium | [pkg:npm/terser@5.3.8@5.3.8](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/follow-redirects@1.5.10@1.5.10](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *1.14.7* High | [pkg:npm/moment@2.24.0@2.24.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.29.2,2.29.2* Medium | [pkg:npm/object-path@0.11.5@0.11.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.11.6* High | [pkg:npm/yargs-parser@5.0.0@5.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/browserslist@4.10.0@4.10.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *4.16.5* Medium | [pkg:npm/core-js@3.6.4@3.6.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/terser@4.8.0@4.8.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/xmlhttprequest-ssl@1.5.5@1.5.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/ejs@3.1.5@3.1.5](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/json-schema@0.2.3@0.2.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *0.4.0* Critical | [pkg:npm/copy-props@2.0.4@2.0.4](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Critical | [pkg:npm/loader-utils@1.2.3@1.2.3](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *2.0.3* Critical | [pkg:npm/opener@1.5.1@1.5.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/markdown-it@10.0.0@10.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/prompts@2.3.2@2.3.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/deep-object-diff@1.1.0@1.1.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** High | [pkg:npm/trim-newlines@3.0.0@3.0.0](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *3.0.1,4.0.1* Critical | [pkg:npm/express@4.17.1@4.17.1](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) - **no patch available** Medium | [pkg:npm/got@11.5.2@11.5.2](https://github.com/turkdevops/sourcegraph/blob/32db0249deb82250f6bb87cd84c5ec859e0232b7/yarn.lock) (t) upgrade to: *12.1.0,11.8.5* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).

πŸ‘‰ Go to the dashboard for detailed results.

πŸ“₯ Happy? Share your feedback with us.