Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #475

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #475

wants to merge 1 commit into from

Conversation

titanism
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • template/package.json
    • template/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3		 Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 Yes No Known Exploit
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@mrmlnc/[email protected] filesystem 0 53.9 kB mrmlnc
npm/@types/[email protected] None 0 6.13 kB types
npm/@types/[email protected] None 0 30.7 kB types
npm/@types/[email protected] None 0 3 kB types
npm/@types/[email protected] None 0 8.07 kB types
npm/@types/[email protected] None 0 745 kB types
npm/@typescript-eslint/[email protected] None 0 426 kB jameshenry
npm/@typescript-eslint/[email protected] None 0 988 kB jameshenry
npm/@typescript-eslint/[email protected] None 0 123 kB jameshenry
npm/@typescript-eslint/[email protected] environment, filesystem 0 474 kB jameshenry
npm/@typescript-eslint/[email protected] None 0 24.2 kB jameshenry
npm/[email protected] None 0 4.93 kB dubban
npm/[email protected] None 0 1.23 MB ljharb
npm/[email protected] None 0 14.7 kB ljharb
npm/[email protected] None 0 49.8 kB indutny
npm/[email protected] Transitive: environment +2 84.3 kB goto-bus-stop
npm/[email protected] None +1 54.1 kB kaicataldo
npm/[email protected] None 0 99.8 kB fanatid
npm/[email protected] None +2 42.9 kB cwmma
npm/[email protected] None 0 6.45 kB cwmma
npm/[email protected] None 0 6.27 kB cwmma
npm/[email protected] None 0 3.68 kB cwmma
npm/[email protected] None +2 25.5 kB cwmma
npm/[email protected] None 0 192 kB dignifiedquire
npm/[email protected] None 0 3.1 kB sindresorhus
npm/[email protected] None 0 4.83 kB dcousens
npm/[email protected] network 0 4.5 kB bendrucker
npm/[email protected] None 0 7.83 kB limulus
npm/[email protected] None 0 8.54 kB samverschueren
npm/[email protected] None 0 3.87 kB iansu
npm/[email protected] None 0 10.3 kB goto-bus-stop
npm/[email protected] None 0 7.46 kB juliangruber
npm/[email protected] None 0 5.1 kB jonschlinkert
npm/[email protected] None 0 15 kB sindresorhus
npm/[email protected] None +1 105 kB cwmma
npm/[email protected] None 0 53.5 kB cwmma
npm/[email protected] None 0 2.96 kB sindresorhus
npm/[email protected] None +1 40.2 kB indutny
npm/[email protected] None 0 17.3 kB cwmma
npm/[email protected] None 0 16.8 kB bevryme
npm/[email protected] None 0 118 kB indutny
npm/[email protected] None 0 8.25 kB jfmengels
npm/[email protected] None 0 41 kB sokra
npm/[email protected] environment 0 8.47 kB sindresorhus
npm/[email protected] None 0 24.4 kB jfmengels
npm/[email protected] None 0 21.9 kB sindresorhus
npm/[email protected] environment +3 114 kB sindresorhus
npm/[email protected] None 0 6.8 kB ljharb
npm/[email protected] filesystem 0 25.5 kB ljharb
npm/[email protected] None 0 25 kB ljharb
npm/[email protected] None 0 68.4 kB novemberborn
npm/[email protected] None 0 158 kB mysticatea
npm/[email protected] None 0 41.8 kB mysticatea
npm/[email protected] environment, filesystem, unsafe +1 994 kB ljharb
npm/[email protected] None 0 11.9 kB dustinspecker
npm/[email protected] filesystem 0 269 kB mysticatea
npm/[email protected] None 0 51.4 kB bpscott
npm/[email protected] None 0 40.2 kB xjamundx
npm/[email protected] None +3 356 kB sindresorhus
npm/[email protected] None 0 128 kB stefanbuck
npm/[email protected] None 0 41.3 kB futpib
npm/[email protected] None 0 20.1 kB twada
npm/[email protected] None 0 77.6 kB goto-bus-stop
npm/[email protected] filesystem 0 5.27 kB jsdnxx
npm/[email protected] None 0 3.5 kB dustinspecker
npm/[email protected] None 0 17.6 kB nickfitzgerald
npm/[email protected] None 0 6.08 kB fanatid
npm/[email protected] None 0 41.7 kB indutny
npm/[email protected] None 0 25 kB indutny
npm/[email protected] network 0 2.79 kB feross
npm/[email protected] filesystem 0 4.53 kB sindresorhus
npm/[email protected] None 0 14.9 kB phated
npm/[email protected] None 0 8.55 kB jonschlinkert
npm/[email protected] filesystem 0 3.15 kB sindresorhus
npm/[email protected] None 0 5.2 kB dustinspecker
npm/[email protected] None 0 2.79 kB dustinspecker
npm/[email protected] None 0 6.01 kB jonschlinkert
npm/[email protected] None 0 3.2 kB dustinspecker
npm/[email protected] None 0 9.04 kB dustinspecker
npm/[email protected] None 0 6.59 kB jonschlinkert
npm/[email protected] None 0 15.7 kB ljharb
npm/[email protected] None 0 6.51 kB jonschlinkert
npm/[email protected] environment, filesystem 0 3.76 kB sindresorhus
npm/[email protected] None 0 2.66 kB sindresorhus
npm/[email protected] None +1 29.9 kB sindresorhus
npm/[email protected] None 0 26.5 kB jdalton
npm/[email protected] None 0 12.9 kB jdalton
npm/[email protected] None 0 7.67 kB cwmma
npm/[email protected] None 0 24.8 kB sokra
npm/[email protected] None 0 13.7 kB stroncium
npm/[email protected] None 0 6.84 kB indutny
npm/[email protected] None 0 4.76 kB indutny
npm/[email protected] None 0 16.4 kB korynunn
npm/[email protected] network, unsafe +2 297 kB sokra
npm/[email protected] None 0 8.03 kB dustinspecker
npm/[email protected] None 0 20.1 kB ljharb
npm/[email protected] None 0 7.25 kB sindresorhus
npm/[email protected] environment, filesystem, shell 0 40.8 kB sindresorhus
npm/[email protected] None 0 2.74 kB coderpuppy
npm/[email protected] None 0 6.14 kB sindresorhus
npm/[email protected] None 0 788 kB vitaly
npm/[email protected] None 0 27 kB goto-bus-stop
npm/[email protected] None 0 6.26 kB es128
npm/[email protected] None 0 13.4 kB cwmma

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@titanism @snyk-bot