[Snyk] Fix for 8 vulnerabilities - Githubissues

twilio / twilio-voice-notification-app

Reference app built in ReactJS that demonstrates how to leverage Twilio Programmable Voice and Twilio SDKs to create a voice notification system.

Apache License 2.0

36 stars 25 forks source link

[Snyk] Fix for 8 vulnerabilities #104

Open twilio-product-security opened 1 year ago

twilio-product-security commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- e2e/package.json
- e2e/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Insecure Configuration SNYK-JS-CYPRESS-1255446	Yes	Proof of Concept
	521/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: junit-report-merger

The new version differs by 55 commits.

e8c96d5 2.0.0
ce91dc4 fix(closes #59): switch to xmlbuilder2 (#63)
1a2c6e2 Merge pull request #62 from bhovhannes/renovate/prettier-2.x
bf067e5 chore(deps): update dependency prettier to v2.2.1
5fc27f8 Merge pull request #60 from bhovhannes/renovate/husky-4.x
04d70b9 chore(deps): update dependency husky to v4.3.5
84c5be4 chore: remove obsolete npm script
c249775 1.0.0
edc215b Merge pull request #58 from bhovhannes/renovate/prettier-2.x
b8e3102 chore(deps): update dependency prettier to v2.2.0
1a74ed6 Merge pull request #57 from bhovhannes/renovate/lint-staged-10.x
a38f60d chore(deps): update dependency lint-staged to v10.5.2
b562b34 Merge pull request #56 from bhovhannes/modernization
ffd9ef8 refactor: rename variable effectiveOptions -> normalizedOptions
9ca9fdb refactor: make code shorter
4c172ad chore: add codecov badge
9292b1a feat: add cli and update readme
1a0f5a2 chore: update lockfile
192793d fix: update yaml
3fd77ef feat: glob support, returning promises in addition to callbacks
338bbed Merge pull request #55 from bhovhannes/renovate/xmldom-0.x
6807537 fix(deps): update dependency xmldom to ^0.4.0
2c7f94e chore(deps): update dependency mocha to v6.2.3
034e4aa Merge pull request #52 from bhovhannes/renovate/xmldom-0.x

See the full diff

Package name: mocha

The new version differs by 129 commits.

cc51b8f build(v9.2.0): release
dea3115 build(v9.2.0): update CHANGELOG [ci skip]
1825645 chore: update dependencies (#4818)
bc0fda2 chore: update some devDependencies (#4816)
8b089a2 feat(parallel): assign each worker a worker-id (#4813)
9fbf3ae chore: run Netlify deploy on Node v16 (#4778) [ci skip]
f297790 chore: switch 'linkify-changelog.js' to ESM (#4812) [ci skip]
0a1b7f8 build(v9.1.4): release
a04d050 build(v9.1.4): update CHANGELOG [ci skip]
baa12fd fix: wrong error thrown if loader is used (#4807)
60fafa4 Update copyright year in LICENSE (#4804)
3b4cc05 chore(devDeps): remove 'cross-spawn' (#4779)
a99d40c chore(ci): add Node v17 to test matrix (#4777)
ac43029 chore(devDeps): update 'prettier' (#4776)
9c9fcb5 chore: update some devDependencies (#4775)
28b4824 build(v9.1.3): release
3dcc2d9 build(v9.1.3): update CHANGELOG [ci skip]
012d79d fix(browser): enable 'bdd' import for bundlers (#4769)
111467f fix(integration): revert deprecation of 'EVENT_SUITE_ADD_*' events (#4764)
0ea732c fix(website): improve backers sprite image (#4756)
18a1055 build(v9.1.2): release
011a5a4 fix: regex in 'update-authors.js'
06f3f63 build(v9.1.2): update CHANGELOG [ci skip]
a87461c chore(deps): remove 'wide-align' (#4754)

See the full diff

Package name: mochawesome

The new version differs by 54 commits.

1b9c68d release v7.0.0
4f18093 Merge pull request #362 from adamgruber/greenkeep
bc356a7 Update nodejs.yml
1a11184 Update changelog
33dbf01 Update mochawesome-report-generator
0b4b612 Update chalk
09f9f1d Update strip-ansi dependency
84e02ba release v6.3.1
e5a8c50 Merge pull request #357 from kolbasik/hotfix/issue-356
439ae5c Ignore retriedTest serialization to avoid circular issues
f478f70 release v6.3.0
9c2d2cd Update npm-publish.yml
2332642 Create npm-publish.yml
9834346 Update nodejs.yml
b853d50 Merge pull request #353 from kolbasik/parallel
bcf52e0 Make full dump of root suite on EVENT_SUITE_END
bb23ed8 Use 'npm ci' instead of 'npm install'
74c2034 Changing the processing of parallel events
b600095 Calculate skipped totals while cleaning suites (#348)
2f501e6 Update nodejs.yml
18d6ac5 README: add note about typescript types
c896191 release v6.2.2
a5d0e26 Greenkeeping (#342)
341fcb5 release v6.2.1

See the full diff

Package name: mochawesome-report-generator

The new version differs by 38 commits.

5ba3a8b release v6.0.0
fa95f95 Merge pull request #178 from adamgruber/greenkeep-deps
88c9c93 Merge branch 'master' into greenkeep-deps
0e24d6f Update nodejs.yml
6a30473 Update lodash.isfunction
08e21a2 Update fsu
1667a79 Update nodejs.yml
43b8991 Fix copyright year in help output
066702e Update yargs
b4f9109 Update validator
c18ed12 Update fs-extra
d447aa1 Update dateformat
53719dc Update chalk
4fe7524 Update nodejs.yml
e5cdbf9 Update nodejs.yml
29de865 Add more details to 'showHooks' option info
d6beb3b Add 'showHooks' options to readme
d3bf430 Allow skipped/pending tests with context to be expanded (#169)
f1521f0 Replace uglifyjs with terser
df9fa43 release v5.2.0
f943324 Upgrade dep opener due to security issue (#159)
02c7116 Update nodejs.yml
f48f079 README: Fix timestamp documentation
b2582e2 Revise code-climate config

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn