[Snyk] Fix for 24 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- harmonia-webui/package.json
- harmonia-webui/package-lock.json
- harmonia-webui/.snyk
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept | |
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9 |
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255 |
No | Proof of Concept | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269 |
No | Proof of Concept | |
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035 |
Yes | No Known Exploit | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept | |
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-I18NEXT-1065979 |
No | No Known Exploit | |
459/1000 Why? Has a fix available, CVSS 4.9 |
Buffer Overflow SNYK-JS-I18NEXT-575536 |
No | No Known Exploit | |
561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8 |
Prototype Pollution SNYK-JS-I18NEXT-585930 |
No | Proof of Concept | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-IMMER-1019369 |
Yes | Proof of Concept | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept | |
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept | |
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Yes | Proof of Concept | |
704/1000 Why? Has a fix available, CVSS 9.8 |
Prototype Pollution SNYK-JS-LODASH-590103 |
Yes | No Known Exploit | |
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
Yes | Proof of Concept | |
589/1000 Why? Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032 |
Yes | No Known Exploit | |
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-OBJECTPATH-1017036 |
No | Proof of Concept | |
494/1000 Why? Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-OBJECTPATH-1569453 |
No | No Known Exploit | |
590/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-OBJECTPATH-1585658 |
No | No Known Exploit | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595 |
Yes | Proof of Concept | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640 |
Yes | Proof of Concept | |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Command Injection SNYK-JS-REACTDEVUTILS-1083268 |
Yes | Proof of Concept | |
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062 |
No | Proof of Concept | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JS-SOCKJS-575261 |
No | Proof of Concept | |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-YARGSPARSER-560381 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @testing-library/jest-dom
The new version differs by 17 commits.- 7921e4a feat: Enhance toHaveStyle to accept JS as css (#196)
- 3b3a3d3 docs: add benmonro as a contributor (#195)
- a053cdd docs: add JPBlancoDB as a contributor (#194)
- 69aee34 docs: add koala-lava as a contributor (#193)
- 5f3f9c7 docs: add jzarzeckis as a contributor (#192)
- 0d60a25 docs: add MichaelDeBoey as a contributor (#191)
- c9a8664 chore: Update dependencies (#190)
- e4d61c2 fix: toBeVisible ignoring Details element (#184)
- d87dfee Simplify README code usage examples (#188)
- 030da62 fix: Add @ types/testing-library__jest-dom dependency (#189)
- d13bb90 docs: Tiny typo (#181)
- c919520 docs: Remove lines about using fireEvent to gain focus or blur (#187)
- 760409a Merge pull request #183 from testing-library/next
- d68ccd7 Add matchers module in the package root
- c76f8c5 Remove extend-expect typings (#182)
- 27c1056 Add jest extensions on main module (#175)
- 8e14dc1 docs: Update examples using document.querySelector (#168)
Package name: axios
The new version differs by 115 commits.- e367be5 [Releasing] 0.21.3
- 83ae383 Correctly add response interceptors to interceptor chain (#4013)
- c0c8761 [Updating] changelog to include links to issues and contributors
- 619bb46 [Releasing] v0.21.2
- 82c9455 Create SECURITY.md (#3981)
- 5b45711 Security fix for ReDoS (#3980)
- 5bc9ea2 Update ECOSYSTEM.md (#3817)
- e72813a Fixing README.md (#3818)
- e10a027 Fix README typo under Request Config (#3825)
- e091491 Update README.md (#3936)
- b42fbad Removed un-needed bracket
- 520c8dc Updating CI status badge (#3953)
- 4fbeecb Adding CI on Github Actions. (#3938)
- e9965bf Fixing the sauce labs tests (#3813)
- dbc634c Remove charset in tests (#3807)
- 3958e9f Add explanation of cancel token (#3803)
- 69949a6 Adding custom return type support to interceptor (#3783)
- 49509f6 Create FUNDING.yml (#3796)
- 199c8aa Adding parseInt to config.timeout (#3781)
- 94fc4ea Adding isAxiosError typeguard documentation (#3767)
- 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
- a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
- 59fa614 [Updated] follow-redirects to the latest version (#3771)
- 7821ed2 Feat/json improvements (#3763)
Package name: i18next
The new version differs by 121 commits.- aeab3ca 19.8.5
- f58c423 new version
- 932f5f6 fix potential prototype pollution when backend plugin resolves a malicious language value
- 2dc8267 Merge pull request #1533 from pravi/update-rollup-plugin-babel
- dae2b32 chore: update build dependency (use @ rollup/plugin-babel)
- 4f9ef14 Merge pull request #1532 from pravi/update-node-resolve-plugin
- a90fb69 chore: update rollup and plugins
- ad88092 use fallbackLng as default lng
- ba564b3 19.8.4
- 1816290 prepare new release
- 1ed5a71 Updated FormatFunction signature to match codebase (#1520)
- 2516e89 Update config.yml
- 94dd384 Update config.yml
- 877e250 commit build result
- fa98508 Merge pull request #1518 from KristjanESPERANTO/patch-1
- 749519e Update URLs
- 03ef4ed 19.8.3
- ed6169f fix prototype pollution with constructor
- 5d808cd updated @ babel/runtime to ^7.12.0, runtime file extensions issue resolved (#1513)
- cb780ad 19.8.2
- d736006 allow nesting recursively with context (could theoretically generate infinite loop, prevented in #1480)
- 685aa0f 19.8.1
- b44f64c log optimizations for clone instances
- ba2613b 19.8.0
Package name: react-scripts
The new version differs by 138 commits.- ed95893 Publish
- 88ca4f6 Prepare 4.0.0 release
- d23d615 Update react dom in error overlay
- 95265c3 Update CHANGELOG
- 523b416 Add link to Open Collective (#9864)
- af616ab Update CHANGELOG
- 014ca01 Prepare 4.0.0 release
- 2b1161b Pass JSX runtime setting to Babel preset in Jest config (#9865)
- f2aef41 Prepare 4.0.0 alpha release
- 4bc639c Upgrade to React 17 (#9863)
- d61347d Use new JSX setting with TypeScript 4.1.0 (#9734)
- e63de79 New JSX Transform opt out (#9861)
- fe785b2 feat: Update all dependencies (#9857)
- 85ab02b feat: remove unused React imports (#9853)
- 329f392 feat: Update ESLint dependencies (#9856)
- 10fa972 feat(eslint-config-react-app): Add jest & testing-library rules (#8963)
- ed919b1 Make eslint-plugin-jest an optional peerDependency (#9670)
- 0a93e32 Fix refreshOverlayInterop module scope error (#9805)
- 7965594 Bump resolve-url-loader version (#9841)
- b1f8536 Add 3.4.4 to the changelog
- d07b7d0 Replace deprecated eslint-loader with eslint-webpack-plugin (#9751)
- 6f3e32e Upgrade Docusaurus to latest version (#9728)
- 1f2d387 fix: resolve new JSX runtime issues (#9788)
- 6a51dcd Add AVIF image support (#9611)
Snyk patch:
With aSeverity | Priority Score (*) | Issue | Exploit Maturity |
---|---|---|---|
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report