search

twilio / twilio-voice-notification-app

Reference app built in ReactJS that demonstrates how to leverage Twilio Programmable Voice and Twilio SDKs to create a voice notification system.
Apache License 2.0
36 stars 25 forks source link

[Snyk] Fix for 14 vulnerabilities #103

Open twilio-product-security opened 1 year ago

twilio-product-security commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-IMMER-1540542		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Open Redirect
SNYK-JS-NODEFORGE-2330875		 Yes Proof of Concept
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-NODEFORGE-2331908		 Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337		 Yes No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339		 Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PROMPTS-1729737		 Yes Proof of Concept
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @svgr/webpack The new version differs by 197 commits.
  • af9a6cb v6.0.0
  • e9469c3 Merge pull request #629 from gregberge/rewriting-docs
  • eb3282b docs: rewriting
  • 6f832f0 Merge pull request #627 from gregberge/support-css-variables
  • cbdb47f fix: support CSS variables
  • 985444d chore: fix package-lock.json
  • a5effba v6.0.0-alpha.4
  • 3f071d6 Merge pull request #626 from gregberge/upgrade-deps
  • daf6a08 chore(deps): upgrade
  • 1c5f163 Merge pull request #625 from gregberge/icon-size
  • 483560d chore: fix package-lock.json
  • 3c0b779 feat: allow to specify icon size
  • 6ba16a3 Merge pull request #624 from gregberge/various-things
  • f61c8ba chore: fix ref following refactoring
  • 261e1b5 v6.0.0-alpha.3
  • fe5c117 Merge pull request #623 from gregberge/webpack
  • 9a4cbce docs(examples): update examples
  • 1a8cc98 fix(webpack): fix webpack 5 behaviour with url-loader
  • a857bb1 feat: support mask-type property (#621)
  • 5966714 fix(template): make it possible to use type in template (#619)
  • 9ea5da4 refactor(core): use exportName transform (#616)
  • 8a1b0aa docs(readme): Fixing CRA link (#618)
  • 00a1d4b chore: fix package-lock.json
  • f729efa v6.0.0-alpha.2
See the full diff
Package name: html-webpack-plugin The new version differs by 93 commits.
  • 873d75b chore(release): 5.5.0
  • ddeb774 chore: update examples
  • 1e42625 feat: Support type=module via scriptLoading option
  • 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
  • 79be779 [chore] changes actions to run on pull_requests
  • b7e5859 [chore] fixes CI to avoid race conditions
  • 48131d3 chore(release): 5.4.0
  • 16a841a [chore] rebuild examples
  • 3bb7c17 Update index.js
  • e38ac97 Update index.js
  • f08bd02 [chore] updates fixtures
  • d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
  • 2f5de7a Remove archived plugin
  • 8f8f7c5 chore(release): 5.3.2
  • 053c6e6 chore: update snapshot tests for webpack 5.4.0
  • 9c7fba0 Fix security vulnerabilities
  • b98fbeb Fix security vulnerabilities
  • 25cdfc7 Added inject-body-webpack-plugin to readme
  • 0e4c1fb Update README to document actual behavior
  • 0a6568d chore(release): 5.3.1
  • 82d0ee8 fix: remove loader-utils from plugin core
  • 6f39192 chore(release): 5.3.0
  • d654f5b feat: allow to modify the interpolation options in webpack config
  • 41d7a50 feat: drop loader-utils dependency
See the full diff
Package name: webpack-dev-server The new version differs by 250 commits.
  • 5280ee7 docs: fix typo
  • d834582 chore(release): 4.7.3
  • 7b8c85b chore(deps): update `selfsigned` (#4170)
  • d598325 chore: fix lint
  • c1907f1 refactor: remove redundant `if` statements (#4158)
  • e535f25 ci: debug (#4144)
  • 75999bb chore(release): 4.7.2
  • 90a96f7 ci: fix (#4143)
  • f6bc644 fix: compatible with `onAfterSetupMiddleware`
  • 317e4b9 docs: fix testing instructions (#4133)
  • ff4550e test: remove redundant test cases related to 3rd party code (#4131)
  • 0dd1ee6 test: add e2e tests for `setupExitSignals` option (#4130)
  • afe4975 chore(release): 4.1.7
  • 4e5d8ea fix: droped `url` package (#4132)
  • b0c98f0 chore(release): 4.7.0
  • 3138213 chore(deps): update (#4127)
  • 8f02c3f feat: added types
  • f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (#4126)
  • 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (#4125)
  • f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (#4121)
  • c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (#4124)
  • 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (#4122)
  • f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (#4120)
  • c13aa56 feat: added the `setupMiddlewares` option (#4068)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

๐Ÿ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

๐Ÿฆ‰ Regular Expression Denial of Service (ReDoS) ๐Ÿฆ‰ Regular Expression Denial of Service (ReDoS) ๐Ÿฆ‰ Regular Expression Denial of Service (ReDoS) ๐Ÿฆ‰ More lessons are available in Snyk Learn