[Snyk] Fix for 5 vulnerabilities - Githubissues

twilio / twilio-voice-notification-app

Reference app built in ReactJS that demonstrates how to leverage Twilio Programmable Voice and Twilio SDKs to create a voice notification system.

Apache License 2.0

36 stars 26 forks source link

[Snyk] Fix for 5 vulnerabilities #91

Closed twilio-product-security closed 2 years ago

twilio-product-security commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- e2e/package.json
- e2e/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mochawesome

The new version differs by 54 commits.

1b9c68d release v7.0.0
4f18093 Merge pull request #362 from adamgruber/greenkeep
bc356a7 Update nodejs.yml
1a11184 Update changelog
33dbf01 Update mochawesome-report-generator
0b4b612 Update chalk
09f9f1d Update strip-ansi dependency
84e02ba release v6.3.1
e5a8c50 Merge pull request #357 from kolbasik/hotfix/issue-356
439ae5c Ignore retriedTest serialization to avoid circular issues
f478f70 release v6.3.0
9c2d2cd Update npm-publish.yml
2332642 Create npm-publish.yml
9834346 Update nodejs.yml
b853d50 Merge pull request #353 from kolbasik/parallel
bcf52e0 Make full dump of root suite on EVENT_SUITE_END
bb23ed8 Use 'npm ci' instead of 'npm install'
74c2034 Changing the processing of parallel events
b600095 Calculate skipped totals while cleaning suites (#348)
2f501e6 Update nodejs.yml
18d6ac5 README: add note about typescript types
c896191 release v6.2.2
a5d0e26 Greenkeeping (#342)
341fcb5 release v6.2.1

See the full diff

Package name: mochawesome-report-generator

The new version differs by 38 commits.

5ba3a8b release v6.0.0
fa95f95 Merge pull request #178 from adamgruber/greenkeep-deps
88c9c93 Merge branch 'master' into greenkeep-deps
0e24d6f Update nodejs.yml
6a30473 Update lodash.isfunction
08e21a2 Update fsu
1667a79 Update nodejs.yml
43b8991 Fix copyright year in help output
066702e Update yargs
b4f9109 Update validator
c18ed12 Update fs-extra
d447aa1 Update dateformat
53719dc Update chalk
4fe7524 Update nodejs.yml
e5cdbf9 Update nodejs.yml
29de865 Add more details to 'showHooks' option info
d6beb3b Add 'showHooks' options to readme
d3bf430 Allow skipped/pending tests with context to be expanded (#169)
f1521f0 Replace uglifyjs with terser
df9fa43 release v5.2.0
f943324 Upgrade dep opener due to security issue (#159)
02c7116 Update nodejs.yml
f48f079 README: Fix timestamp documentation
b2582e2 Revise code-climate config

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

ricardotwilio commented 2 years ago

Will update dependencies manually