Skip to content

[Snyk] Fix for 2 vulnerabilities #475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #475

wants to merge 1 commit into from

Conversation

titanism
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • template/package.json
    • template/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3		 Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 Yes No Known Exploit
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@mrmlnc/readdir-enhanced@2.2.1 filesystem 0 53.9 kB mrmlnc
npm/@types/glob@7.1.3 None 0 6.13 kB types
npm/@types/json-schema@7.0.7 None 0 30.7 kB types
npm/@types/json5@0.0.29 None 0 3 kB types
npm/@types/minimatch@3.0.3 None 0 8.07 kB types
npm/@types/node@14.14.26 None 0 745 kB types
npm/@typescript-eslint/experimental-utils@4.15.0 None 0 426 kB jameshenry
npm/@typescript-eslint/scope-manager@4.15.0 None 0 988 kB jameshenry
npm/@typescript-eslint/types@4.15.0 None 0 123 kB jameshenry
npm/@typescript-eslint/typescript-estree@4.15.0 environment, filesystem 0 474 kB jameshenry
npm/@typescript-eslint/visitor-keys@4.15.0 None 0 24.2 kB jameshenry
npm/array-find@1.0.0 None 0 4.93 kB dubban
npm/array-includes@3.1.2 None 0 1.23 MB ljharb
npm/array.prototype.flat@1.2.4 None 0 14.7 kB ljharb
npm/asn1.js@5.4.1 None 0 49.8 kB indutny
npm/assert@1.5.0 Transitive: environment +2 84.3 kB goto-bus-stop
npm/babel-eslint@10.1.0 None +1 54.1 kB kaicataldo
npm/bn.js@5.1.3 None 0 99.8 kB fanatid
npm/browserify-aes@1.2.0 None +2 42.9 kB cwmma
npm/browserify-cipher@1.0.1 None 0 6.45 kB cwmma
npm/browserify-des@1.0.2 None 0 6.27 kB cwmma
npm/browserify-rsa@4.1.0 None 0 3.68 kB cwmma
npm/browserify-sign@4.2.1 None +2 25.5 kB cwmma
npm/browserify-zlib@0.2.0 None 0 192 kB dignifiedquire
npm/buf-compare@1.0.1 None 0 3.1 kB sindresorhus
npm/buffer-xor@1.0.3 None 0 4.83 kB dcousens
npm/builtin-status-codes@3.0.0 network 0 4.5 kB bendrucker
npm/call-me-maybe@1.0.1 None 0 7.83 kB limulus
npm/clean-regexp@1.0.0 None 0 8.54 kB samverschueren
npm/confusing-browser-globals@1.0.10 None 0 3.87 kB iansu
npm/console-browserify@1.2.0 None 0 10.3 kB goto-bus-stop
npm/constants-browserify@1.0.0 None 0 7.46 kB juliangruber
npm/contains-path@0.1.0 None 0 5.1 kB jonschlinkert
npm/core-assert@0.2.1 None 0 15 kB sindresorhus
npm/create-ecdh@4.0.4 None +1 105 kB cwmma
npm/crypto-browserify@3.12.0 None 0 53.5 kB cwmma
npm/deep-strict-equal@0.2.0 None 0 2.96 kB sindresorhus
npm/des.js@1.0.1 None +1 40.2 kB indutny
npm/diffie-hellman@5.0.3 None 0 17.3 kB cwmma
npm/domain-browser@1.2.0 None 0 16.8 kB bevryme
npm/elliptic@6.5.4 None 0 118 kB indutny
npm/enhance-visitors@1.0.0 None 0 8.25 kB jfmengels
npm/enhanced-resolve@0.9.1 None 0 41 kB sokra
npm/env-editor@0.4.2 environment 0 8.47 kB sindresorhus
npm/eslint-ast-utils@1.1.0 None 0 24.4 kB jfmengels
npm/eslint-config-xo-typescript@0.37.0 None 0 21.9 kB sindresorhus
npm/eslint-formatter-pretty@4.0.0 environment +3 114 kB sindresorhus
npm/eslint-import-resolver-node@0.3.4 None 0 6.8 kB ljharb
npm/eslint-import-resolver-webpack@0.13.0 filesystem 0 25.5 kB ljharb
npm/eslint-module-utils@2.6.0 None 0 25 kB ljharb
npm/eslint-plugin-ava@11.0.0 None 0 68.4 kB novemberborn
npm/eslint-plugin-es@3.0.1 None 0 158 kB mysticatea
npm/eslint-plugin-eslint-comments@3.2.0 None 0 41.8 kB mysticatea
npm/eslint-plugin-import@2.22.1 environment, filesystem, unsafe +1 994 kB ljharb
npm/eslint-plugin-no-use-extend-native@0.5.0 None 0 11.9 kB dustinspecker
npm/eslint-plugin-node@11.1.0 filesystem 0 269 kB mysticatea
npm/eslint-plugin-prettier@3.3.1 None 0 51.4 kB bpscott
npm/eslint-plugin-promise@4.3.1 None 0 40.2 kB xjamundx
npm/eslint-plugin-unicorn@25.0.1 None +3 356 kB sindresorhus
npm/eslint-rule-docs@1.1.220 None 0 128 kB stefanbuck
npm/eslint-template-visitor@2.2.2 None 0 41.3 kB futpib
npm/espurify@2.0.1 None 0 20.1 kB twada
npm/events@3.2.0 None 0 77.6 kB goto-bus-stop
npm/find-root@1.1.0 filesystem 0 5.27 kB jsdnxx
npm/get-set-props@0.1.0 None 0 3.5 kB dustinspecker
npm/glob-to-regexp@0.3.0 None 0 17.6 kB nickfitzgerald
npm/hash-base@3.1.0 None 0 6.08 kB fanatid
npm/hash.js@1.1.7 None 0 41.7 kB indutny
npm/hmac-drbg@1.0.1 None 0 25 kB indutny
npm/https-browserify@1.0.0 network 0 2.79 kB feross
npm/import-modules@2.1.0 filesystem 0 4.53 kB sindresorhus
npm/interpret@1.4.0 None 0 14.9 kB phated
npm/is-absolute@1.0.0 None 0 8.55 kB jonschlinkert
npm/is-docker@2.1.1 filesystem 0 3.15 kB sindresorhus
npm/is-get-set-prop@1.0.0 None 0 5.2 kB dustinspecker
npm/is-js-type@2.0.0 None 0 2.79 kB dustinspecker
npm/is-negated-glob@1.0.0 None 0 6.01 kB jonschlinkert
npm/is-obj-prop@1.0.0 None 0 3.2 kB dustinspecker
npm/is-proto-prop@2.0.0 None 0 9.04 kB dustinspecker
npm/is-relative@1.0.0 None 0 6.59 kB jonschlinkert
npm/is-string@1.0.5 None 0 15.7 kB ljharb
npm/is-unc-path@1.0.0 None 0 6.51 kB jonschlinkert
npm/is-wsl@2.2.0 environment, filesystem 0 3.76 kB sindresorhus
npm/js-types@1.0.0 None 0 2.66 kB sindresorhus
npm/line-column-path@2.0.0 None +1 29.9 kB sindresorhus
npm/lodash.get@4.4.2 None 0 26.5 kB jdalton
npm/lodash.zip@4.2.0 None 0 12.9 kB jdalton
npm/md5.js@1.3.5 None 0 7.67 kB cwmma
npm/memory-fs@0.2.0 None 0 24.8 kB sokra
npm/micro-spelling-correcter@1.1.1 None 0 13.7 kB stroncium
npm/miller-rabin@4.0.1 None 0 6.84 kB indutny
npm/minimalistic-crypto-utils@1.0.1 None 0 4.76 kB indutny
npm/multimap@1.1.0 None 0 16.4 kB korynunn
npm/node-libs-browser@2.2.1 network, unsafe +2 297 kB sokra
npm/obj-props@1.3.0 None 0 8.03 kB dustinspecker
npm/object.values@1.1.2 None 0 20.1 kB ljharb
npm/open-editor@3.0.0 None 0 7.25 kB sindresorhus
npm/open@7.4.0 environment, filesystem, shell 0 40.8 kB sindresorhus
npm/os-browserify@0.3.0 None 0 2.74 kB coderpuppy
npm/p-reduce@2.1.0 None 0 6.14 kB sindresorhus
npm/pako@1.0.11 None 0 788 kB vitaly
npm/path-browserify@0.0.1 None 0 27 kB goto-bus-stop
npm/path-dirname@1.0.2 None 0 6.26 kB es128
npm/pbkdf2@3.1.1 None 0 13.4 kB cwmma

🚮 Removed packages: npm/pinkie-promise@2.0.1, npm/pkg-conf@3.1.0, npm/pkg-dir@4.2.0, npm/pkg-up@2.0.0, npm/please-upgrade-node@3.2.0, npm/plur@4.0.0, npm/pluralize@8.0.0, npm/posix-character-classes@0.1.1, npm/prelude-ls@1.2.1, npm/prepend-http@1.0.4, npm/pretty-ms@7.0.1, npm/process-nextick-args@2.0.1, npm/process-on-spawn@1.0.0, npm/progress@2.0.3, npm/promise@7.3.1, npm/proto-list@1.2.4, npm/pseudomap@1.0.2, npm/pump@3.0.0, npm/punycode@2.1.1, npm/pupa@2.1.1, npm/q@1.5.1, npm/queue-microtask@1.2.2, npm/quick-lru@4.0.1, npm/read-pkg-up@2.0.0, npm/read-pkg@2.0.0, npm/readdirp@3.5.0, npm/redent@2.0.0, npm/regenerator-runtime@0.13.7, npm/regex-not@1.0.2, npm/regexp.prototype.flags@1.3.1, npm/regexpp@3.1.0, npm/registry-auth-token@3.4.0, npm/registry-url@3.1.0, npm/release-zalgo@1.0.0, npm/remark-cli@9.0.0, npm/remark-comment-config@6.0.0, npm/remark-contributors@5.0.1, npm/remark-gfm@1.0.0, npm/remark-heading-gap@4.0.0, npm/remark-license@4.0.1, npm/remark-lint-blockquote-indentation@2.0.1, npm/remark-lint-checkbox-character-style@3.0.0, npm/remark-lint-checkbox-content-indent@3.0.0, npm/remark-lint-code-block-style@2.0.1, npm/remark-lint-definition-case@2.0.1, npm/remark-lint-definition-spacing@2.0.1, npm/remark-lint-emphasis-marker@2.0.1, npm/remark-lint-fenced-code-flag@2.0.1, npm/remark-lint-fenced-code-marker@2.0.1, npm/remark-lint-file-extension@1.0.5, npm/remark-lint-final-definition@2.1.0, npm/remark-lint-final-newline@1.0.5, npm/remark-lint-first-heading-level@2.0.1, npm/remark-lint-hard-break-spaces@2.0.1, npm/remark-lint-heading-style@2.0.1, npm/remark-lint-list-item-bullet-indent@3.0.0, npm/remark-lint-list-item-indent@2.0.1, npm/remark-lint-no-auto-link-without-protocol@2.0.1, npm/remark-lint-no-blockquote-without-marker@4.0.0, npm/remark-lint-no-consecutive-blank-lines@3.0.0, npm/remark-lint-no-duplicate-definitions@2.0.1, npm/remark-lint-no-emphasis-as-heading@2.0.1, npm/remark-lint-no-file-name-articles@1.0.5, npm/remark-lint-no-file-name-consecutive-dashes@1.0.5, npm/remark-lint-no-file-name-irregular-characters@1.0.5, npm/remark-lint-no-file-name-mixed-case@1.0.5, npm/remark-lint-no-file-name-outer-dashes@1.0.6, npm/remark-lint-no-heading-content-indent@3.0.0, npm/remark-lint-no-heading-indent@3.0.0, npm/remark-lint-no-heading-punctuation@2.0.1, npm/remark-lint-no-inline-padding@3.0.0, npm/remark-lint-no-literal-urls@2.0.1, npm/remark-lint-no-missing-blank-lines@2.0.1, npm/remark-lint-no-multiple-toplevel-headings@2.0.1, npm/remark-lint-no-shell-dollars@2.0.2, npm/remark-lint-no-shortcut-reference-image@2.0.1, npm/remark-lint-no-shortcut-reference-link@2.0.1, npm/remark-lint-no-table-indentation@3.0.0, npm/remark-lint-no-tabs@2.0.1, npm/remark-lint-no-undefined-references@3.0.0, npm/remark-lint-no-unused-definitions@2.0.1, npm/remark-lint-ordered-list-marker-style@2.0.1, npm/remark-lint-ordered-list-marker-value@2.0.1, npm/remark-lint-rule-style@2.0.1, npm/remark-lint-strong-marker@2.0.1, npm/remark-lint-table-cell-padding@3.0.0, npm/remark-lint-table-pipe-alignment@2.0.1, npm/remark-lint-table-pipes@3.0.0, npm/remark-lint-unordered-list-marker-style@2.0.1, npm/remark-lint@8.0.0, npm/remark-message-control@6.0.0, npm/remark-parse@9.0.0, npm/remark-preset-github@4.0.1, npm/remark-preset-lint-recommended@5.0.0, npm/remark-retext@4.0.0, npm/remark-stringify@9.0.1, npm/remark-toc@7.1.0, npm/remark@13.0.0, npm/repeat-element@1.1.3, npm/repeat-string@1.6.1, npm/require-directory@2.1.1, npm/require-from-string@2.0.2, npm/require-main-filename@2.0.0, npm/requireindex@1.2.0, npm/resolve-cwd@3.0.0, npm/resolve-global@1.0.0, npm/resolve-url@0.2.1, npm/resolve@1.20.0, npm/responselike@1.0.2, npm/restore-cursor@2.0.0, npm/ret@0.1.15, npm/retext-contractions@3.0.0, npm/retext-diacritics@2.0.0, npm/retext-english@3.0.4, npm/retext-indefinite-article@1.1.7, npm/retext-preset-github@0.0.6, npm/retext-quotes@3.0.0, npm/retext-redundant-acronyms@2.0.0, npm/retext-repeated-words@2.0.0, npm/retext-sentence-spacing@3.0.0, npm/reusify@1.0.4, npm/rimraf@2.7.1, npm/run-async@2.4.1, npm/run-parallel@1.2.0, npm/rx-lite-aggregates@4.0.8, npm/rx-lite@4.0.8, npm/rxjs@6.6.3, npm/safe-buffer@5.2.1, npm/safe-regex@1.1.0, npm/safer-buffer@2.1.2, npm/sao@0.22.17, npm/seek-bzip@1.0.6, npm/semver-compare@1.0.0, npm/semver-diff@2.1.0, npm/semver@5.7.1, npm/serialize-error@7.0.1, npm/set-blocking@2.0.0, npm/set-value@2.0.1, npm/shebang-command@1.2.0, npm/shebang-regex@1.0.0, npm/slash@3.0.0, npm/slice-ansi@3.0.0, npm/sliced@1.0.1, npm/snapdragon-node@2.1.1, npm/snapdragon-util@3.0.1, npm/snapdragon@0.8.2, npm/source-map-resolve@0.5.3, npm/source-map-support@0.5.19, npm/source-map-url@0.4.1, npm/source-map@0.6.1, npm/spawn-wrap@2.0.0, npm/spdx-correct@3.1.1, npm/spdx-exceptions@2.3.0, npm/spdx-expression-parse@3.0.1, npm/spdx-license-ids@3.0.7, npm/spdx-license-list@3.0.1, npm/speakingurl@14.0.1, npm/split-string@3.1.0, npm/split2@3.2.2, npm/sprintf-js@1.0.3, npm/stack-utils@2.0.3, npm/static-extend@0.1.2, npm/stream-events@1.0.5, npm/string-argv@0.3.1, npm/string.prototype.matchall@4.0.3, npm/string.prototype.trimend@1.0.3, npm/string.prototype.trimstart@1.0.3, npm/string_decoder@1.1.1, npm/stringify-object@3.3.0, npm/strip-ansi@4.0.0, npm/strip-bom@3.0.0, npm/strip-dirs@2.1.0, npm/strip-eof@1.0.0, npm/strip-final-newline@2.0.0, npm/strip-indent@2.0.0, npm/strip-json-comments@2.0.1, npm/strip-outer@1.0.1, npm/stubs@3.0.0, npm/suffix@0.1.1, npm/superb@4.0.0, npm/supertap@2.0.0, npm/supports-color@5.5.0, npm/table@6.0.7, npm/tar-stream@1.6.2, npm/teeny-request@6.0.1, npm/temp-dir@2.0.0, npm/term-size@1.2.0, npm/test-exclude@6.0.0, npm/text-extensions@1.9.0, npm/text-table@0.2.0, npm/through2@4.0.2, npm/through@2.3.8, npm/tildify@1.2.0, npm/time-zone@1.0.0, npm/timed-out@4.0.1, npm/tmp@0.0.33, npm/to-buffer@1.1.1, npm/to-fast-properties@2.0.0, npm/to-object-path@0.3.0, npm/to-readable-stream@1.0.0, npm/to-regex-range@2.1.1, npm/to-vfile@6.1.0, npm/trim-newlines@3.0.0, npm/trim-off-newlines@1.0.1, npm/trim-repeated@1.0.0, npm/trough@1.0.5, npm/tslib@1.14.1, npm/tunnel-agent@0.6.0, npm/type-fest@0.20.2, npm/typedarray-to-buffer@3.1.5, npm/typedarray@0.0.6, npm/uglify-js@3.12.7, npm/unbzip2-stream@1.4.3, npm/unherit@1.1.3, npm/unified-args@8.1.0, npm/unified-engine@8.0.0, npm/unified-lint-rule@1.0.6, npm/unified-message-control@3.0.3, npm/unified@9.2.0, npm/union-value@1.0.1, npm/unique-random-array@2.0.0, npm/unique-random@2.1.0, npm/unique-string@1.0.0, npm/unist-builder@2.0.3, npm/unist-util-find-after@2.0.4, npm/unist-util-generated@1.1.6, npm/unist-util-inspect@5.0.1, npm/unist-util-is@4.0.4, npm/unist-util-modify-children@2.0.0, npm/unist-util-position@3.1.0, npm/unist-util-stringify-position@2.0.3, npm/unist-util-visit-children@1.1.4, npm/unist-util-visit-parents@3.1.1, npm/unist-util-visit@2.0.3, npm/universalify@0.1.2, npm/unset-value@1.0.0, npm/unzip-response@2.0.1, npm/update-notifier@2.5.0, npm/uppercamelcase@3.0.0, npm/uri-js@4.4.1, npm/urix@0.1.0, npm/url-parse-lax@1.0.0, npm/url-to-options@1.0.1, npm/urlgrey@0.4.4, npm/use@3.1.1, npm/user-home@2.0.0, npm/util-deprecate@1.0.2, npm/uuid@3.4.0, npm/v8-compile-cache@2.2.0, npm/validate-npm-package-license@3.0.4, npm/vfile-find-up@5.0.1, npm/vfile-location@3.2.0, npm/vfile-message@2.0.4, npm/vfile-reporter@6.0.2, npm/vfile-sort@2.2.2, npm/vfile-statistics@1.1.4, npm/vfile@4.2.1, npm/wcwidth@1.0.1, npm/well-known-symbols@2.0.0, npm/which-module@2.0.0, npm/which@1.3.1, npm/widest-line@2.0.1, npm/word-wrap@1.2.3, npm/wordwrap@1.0.0, npm/wrap-ansi@7.0.0, npm/wrapped@1.0.1, npm/wrappy@1.0.2, npm/write-file-atomic@2.4.3, npm/xdg-basedir@3.0.0, npm/xo@0.37.1, npm/xtend@4.0.2, npm/y18n@4.0.1, npm/yallist@2.1.2, npm/yaml@1.10.0, npm/yargs-parser@18.1.3, npm/yargs@15.4.1, npm/yarn-install@1.0.0, npm/yauzl@2.10.0, npm/yocto-queue@0.1.0, npm/zwitch@1.0.5

View full report↗︎
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@titanism @snyk-bot