[Snyk] Fix for 17 vulnerabilities #482

snyk-bot · 2022-08-18T13:56:16Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/data-objects/monaco/package.json

Vulnerabilities that will be fixed

With an upgrade:

Issue	Breaking Change	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

Commit messages

Package name: css-loader

The new version differs by 67 commits.

634ab49 chore(release): 2.0.0
6ade2d0 refactor: remove unused file (Bump qs from 6.5.2 to 6.5.3 in /common/lib/common-utils #860)
e7525c9 test: nested url (Bump qs from 6.7.0 to 6.11.0 in /server/gitrest #859)
7259faa test: css hacks (Bump qs from 6.10.1 to 6.11.0 in /docs #858)
5e6034c feat: allow to filter import at-rules ([pull] main from microsoft:main #857)
5e702e7 feat: allow filtering urls (Bump minimatch and serve in /docs #856)
9642aa5 test: css stuff (Bump minimatch from 3.0.4 to 3.1.2 in /common/lib/common-utils #855)
3338656 fix: reduce number of require for url (Bump minimatch from 3.0.4 to 3.0.5 in /server/gitrest #854)
533abbe test: issue 636 (Bump minimatch from 3.0.4 to 3.1.2 in /server/routerlicious #853)
08c551c refactor: better warning on invalid url resolution (Bump decode-uri-component from 0.2.0 to 0.2.2 in /server/routerlicious #852)
b0aa159 test: issue [Snyk] Security upgrade mocha from 8.4.0 to 10.1.0 #589 (Bump minimatch and @fluidframework/mocha-test-setup in /tools/benchmark #851)
f599c70 fix: broken unucode characters (Bump nanoid and @fluidframework/mocha-test-setup in /tools/benchmark #850)
1e551f3 test: issue 286 (Bump decode-uri-component from 0.2.0 to 0.2.2 in /server/historian #849)
419d27b docs: improve readme (Bump engine.io from 6.2.0 to 6.2.1 in /server/tinylicious #848)
d94a698 refactor: webpack-default (Bump decode-uri-component from 0.2.0 to 0.2.2 in /tools/api-markdown-documenter #847)
b97d997 feat: schema options
453248f fix: support module resolution in composes (Bump decode-uri-component from 0.2.0 to 0.2.2 in /common/lib/common-definitions #845)
8a6ea10 refactor: postcss plugins (Bump engine.io and @fluidframework/server-services in /server/headless-agent #844)
fdcf687 fix: url resolving logic (Bump engine.io and @fluidframework/server-services in /server/service-monitor #843)
889dc7f feat: allow to disable css modules and disable their by default (Bump loader-utils from 1.4.0 to 1.4.2 in /server/headless-agent #842)
ee2d253 test: importLoaders option (bump minimatch from 3.0.4 to 3.1.2 in /server/service-monitor #841)
1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Bump minimatch and mocha in /common/lib/common-utils #840)
fe94ebc test: icss reserved keywords (Bump minimatch from 3.0.4 to 3.1.2 in /common/lib/common-definitions #839)
9eaba66 refactor: migrate on message api for postcss-icss-plugin (Bump minimatch from 3.0.4 to 3.1.2 in /common/build/eslint-config-fluid #838)

See the full diff

Package name: html-loader

The new version differs by 55 commits.

d7cccfa chore(release): 1.0.0
3c9a1d8 refactor: `attributes` option ([Snyk] Security upgrade node from 10.16.0-slim to 10.23-slim #265)
8c73761 feat: `preprocessor` option (Bump shelljs from 0.8.4 to 0.8.5 in /docs #263)
f2ce5b1 feat: improve errors
9923244 chore(deps): update ([Snyk] Security upgrade node from 12.20.1-stretch to erbium #260)
9835bde feat: supports `link:href` attribute for css ([Snyk] Security upgrade node from 10.16.0-slim to 10.23-slim #258)
7af2eff refactor: improve schema ([Snyk] Security upgrade node from 12.20.1-stretch to erbium #257)
98412f9 docs: `filter` sources ([Snyk] Security upgrade node from 10.16.0-slim to 10.23.1-slim #256)
ff0f44c feat: implement the `filter` option for filtering some of sources ([Snyk] Security upgrade node from 12.20.1-stretch to erbium-stretch #255)
1c24662 refactor: move the `root` option under the `attributes` option ([Snyk] Security upgrade node from 12.16.3-slim to 12.22.6-slim #254)
888b8fe docs: add footnote for `-attributes` ([Snyk] Security upgrade node from 12.16.3-slim to 12.22.5-slim #252)
3d2907e refactor: remove the `interpolate` option
bd979e2 refactor: remove the `interpolate` option
fcba4ec fix: handle only valid srcset tags ([Snyk] Security upgrade node from 12.20.1-slim to 12.22.5-slim #253)
9e5ce56 perf: improve source parse ([Snyk] Security upgrade node from 12.16.3-slim to 12.22.5-slim #251)
c9c8dad refactor: improve source parse ([Snyk] Security upgrade node from 12.20.1-slim to 12.22.5-slim #250)
079d623 fix: respect `#hash` in sources
a17df49 fix: reduce `import`/`require` count
d0b0150 fix: adding quotes when necessary for unquoted sources ([Snyk] Security upgrade node from 12.20.1-slim to 12.22.7-slim #247)
e3727ab test: minifier
0bbe29c feat: migrate on `htmlparse2`
b7af031 fix: escape `\u2028` and `\u2029` characters ([Snyk] Security upgrade lodash from 4.17.19 to 4.17.20 #244)
24b0427 fix: parser tags and attributes according spec ([Snyk] Security upgrade node from 12.16.3-alpine to 12.22.1-alpine #243)
3df909d feat: support `script:src` attributes

See the full diff

Package name: node-sass

The new version differs by 74 commits.

99242d7 7.0.1
77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (Added documentation for local-driver files microsoft/FluidFramework#3224)
c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (Add missing Use Node 12.x for the component goverance. microsoft/FluidFramework#3209)
918dcb3 Lint fix
0a21792 Set rejectUnauthorized to true by default (Add bundle analysis collection and publish steps microsoft/FluidFramework#3149)
e80d4af chore: Drop EOL Node 15 (Non-React view option for external-views microsoft/FluidFramework#3122)
d753397 feat: Add Node 17 support (Update the wiki documentation to drop "component" references and update directory paths microsoft/FluidFramework#3195)
dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
80d6c00 chore: Windows x86 on GitHub Actions (Collect/Brainstorm additional examples to showcase microsoft/FluidFramework#3041)
566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (container runtime blob manager microsoft/FluidFramework#3102)
7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (Setup the doc pipeline to redeploy the website on content or code change microsoft/FluidFramework#3156)
2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (Create PR only pipeline in our future public ADO instance microsoft/FluidFramework#3161)
fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
6200b21 docs: Double word "support" (Renaming aquaduct files and folders microsoft/FluidFramework#3159)
eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
c167004 6.0.1
911d4db remove mkdirp dep (Null attach snapshots microsoft/FluidFramework#3108)
30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
cfcbb2c chore: Use default Apline version from docker-node (Feature Detection and Delegation docs improvement microsoft/FluidFramework#3121)
886319b chore: Drop Node 10 support
c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

5280ee7 docs: fix typo
d834582 chore(release): 4.7.3
7b8c85b chore(deps): update `selfsigned` ([release/0.27] Bump 0.27 from 0.27.9 to 0.27.10. microsoft/FluidFramework#4170)
d598325 chore: fix lint
c1907f1 refactor: remove redundant `if` statements (Configure local test server to support op limits around summaries microsoft/FluidFramework#4158)
e535f25 ci: debug (Remove usages of assert in all code that ends up bundled in the browser microsoft/FluidFramework#4144)
75999bb chore(release): 4.7.2
90a96f7 ci: fix (socketDocumentId on connection errors microsoft/FluidFramework#4143)
f6bc644 fix: compatible with `onAfterSetupMiddleware`
317e4b9 docs: fix testing instructions (Removed token signing from insecureUrlResolver microsoft/FluidFramework#4133)
ff4550e test: remove redundant test cases related to 3rd party code (Fix parsing nested required dependencies in package lock file microsoft/FluidFramework#4131)
0dd1ee6 test: add e2e tests for `setupExitSignals` option ([release/0.26] Cherry-pick commit 136da80 AKA PR #4119 into 0.26. microsoft/FluidFramework#4130)
afe4975 chore(release): 4.1.7
4e5d8ea fix: droped `url` package ([release/0.26] Bump 0.26 from 0.26.9 to 0.26.10 microsoft/FluidFramework#4132)
b0c98f0 chore(release): 4.7.0
3138213 chore(deps): update (Unit tests for garbage collection microsoft/FluidFramework#4127)
8f02c3f feat: added types
f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (Local token provider for r11s driver microsoft/FluidFramework#4126)
37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (Update lock file to fix build break microsoft/FluidFramework#4125)
f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (Add assert to dep in pkgs that use it microsoft/FluidFramework#4121)
c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (Reduce bundle size analysis noise microsoft/FluidFramework#4124)
42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (Support Skipping Context Reload when New Code is Compatible with Old microsoft/FluidFramework#4122)
f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (revert strict as assert for exported code microsoft/FluidFramework#4120)
c13aa56 feat: added the `setupMiddlewares` option (When document is stuck with too many ops after summary, there is no way to summarize it ("read" default connection) microsoft/FluidFramework#4068)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution
🦉 Arbitrary File Overwrite
🦉 More lessons are available in Snyk Learn

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-1569399 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-2426305 - https://snyk.io/vuln/SNYK-DEBIAN9-PYTHON27-1063180 - https://snyk.io/vuln/SNYK-DEBIAN9-PYTHON35-1063181 - https://snyk.io/vuln/SNYK-DEBIAN9-PYTHON35-1570179

…uce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827

…2398bbbda0acf54

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-LIBGCRYPT20-1582895 - https://snyk.io/vuln/SNYK-DEBIAN9-LZ4-1277599 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293

…0d201d1987679c3

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE311-APKTOOLS-1534687 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1089242 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569447 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569451 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569451

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-CURL-466505 - https://snyk.io/vuln/SNYK-DEBIAN9-CURL-466508 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-1075328 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-1569399 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-2426305

…19d898463e6601f [Snyk] Security upgrade node from 10.16.0-slim to 10.23.2-slim

…8a2a69cc617742c [Snyk] Security upgrade node from 12.16.3-alpine to 12-alpine

…bb5daf316bc56b2 [Snyk] Security upgrade node from 12.20.1-slim to 12.22.5-slims

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-LIBGCRYPT20-1582895 - https://snyk.io/vuln/SNYK-DEBIAN9-LZ4-1277599 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293

…323e51657c35682

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-LIBGCRYPT20-1582895 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293 - https://snyk.io/vuln/SNYK-DEBIAN9-ZLIB-2433935

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-DPKG-2847943 - https://snyk.io/vuln/SNYK-DEBIAN9-SYSTEMD-546478 - https://snyk.io/vuln/SNYK-DEBIAN9-SYSTEMD-546478 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293 - https://snyk.io/vuln/SNYK-DEBIAN9-ZLIB-2433935

…394abf529e2ccb8

…2ae99b2fe3a03c7

…kage-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

…c2b3d49b9af9b1c [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) --- updated-dependencies: - dependency-name: async dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…ols/generator-fluid/async-2.6.4 Bump async from 2.6.3 to 2.6.4 in /tools/generator-fluid

…ge-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

…a6f9238f71f1791 [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

…vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

…f02838bee4b0375 [Snyk] Security upgrade @fluidframework/server-services from 0.1019.0 to 0.1025.0

…code/assets/js/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880

…541b7e58ba6b846 [Snyk] Security upgrade jquery from 2.2.4 to 3.5.0

Snyk has created this PR to upgrade @fluid-experimental/get-container from 0.37.4 to 1.2.0. See this package in npm: https://www.npmjs.com/package/@fluid-experimental/get-container See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/50c6f3a2-09ce-47f2-9837-9c253a13a437?utm_source=github&utm_medium=referral&page=upgrade-pr

…1028.2000 Snyk has created this PR to upgrade @fluidframework/protocol-definitions from 0.1021.0 to 0.1028.2000. See this package in npm: https://www.npmjs.com/package/@fluidframework/protocol-definitions See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/469c9422-75d2-4b99-bd32-52dfa4324e8b?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade @fluidframework/common-utils from 0.28.0 to 0.32.1. See this package in npm: https://www.npmjs.com/package/@fluidframework/common-utils See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/469c9422-75d2-4b99-bd32-52dfa4324e8b?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade jwt-decode from 2.2.0 to 3.1.2. See this package in npm: https://www.npmjs.com/package/jwt-decode See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/469c9422-75d2-4b99-bd32-52dfa4324e8b?utm_source=github&utm_medium=referral&page=upgrade-pr

…54b3e15cd19638527da

…f56f1ffb227c9ccd520

Bumps [moment](https://github.com/moment/moment) from 2.25.3 to 2.29.4. - [Release notes](https://github.com/moment/moment/releases) - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.25.3...2.29.4) --- updated-dependencies: - dependency-name: moment dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…e3c4062dc881eef25d7

…ols/getkeys/moment-2.29.4 Bump moment from 2.25.3 to 2.29.4 in /tools/getkeys

…756618387a9e73ec24b [Snyk] Upgrade @fluid-experimental/get-container from 0.37.4 to 1.2.0

snyk-bot and others added 30 commits April 18, 2022 20:21

fix: server/routerlicious/packages/lambdas-driver/package.json to red…

669a86b

…uce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827

Merge pull request #376 from MarcelRaschke/snyk-fix-26527be55298fe319…

23beb8a

…2398bbbda0acf54

Merge pull request #375 from MarcelRaschke/snyk-fix-389a2b9249fa1ff98…

cb45784

…0d201d1987679c3

Merge pull request #398 from MarcelRaschke/snyk-fix-04a2211d23c90419e…

c7914cd

…19d898463e6601f [Snyk] Security upgrade node from 10.16.0-slim to 10.23.2-slim

Merge pull request #397 from MarcelRaschke/snyk-fix-57eae7f5301126230…

9c0cf09

…8a2a69cc617742c [Snyk] Security upgrade node from 12.16.3-alpine to 12-alpine

Merge pull request #392 from MarcelRaschke/snyk-fix-53c876438b110e2c6…

bb44044

…bb5daf316bc56b2 [Snyk] Security upgrade node from 12.20.1-slim to 12.22.5-slims

Merge pull request #403 from MarcelRaschke/snyk-fix-5406ea93256beebdc…

4651c14

…323e51657c35682

Merge pull request #416 from MarcelRaschke/snyk-fix-b588ba7c00a511109…

9b726b1

…394abf529e2ccb8

Merge pull request #411 from MarcelRaschke/snyk-fix-2180e61df0ab2b350…

78acf90

…2ae99b2fe3a03c7

fix: server/service-monitor/package.json & server/service-monitor/pac…

87ce08a

…kage-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

Merge pull request #421 from MarcelRaschke/snyk-fix-95c458c5469b3d863…

2f70af8

…c2b3d49b9af9b1c [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

Merge pull request #423 from MarcelRaschke/dependabot/npm_and_yarn/to…

6eb66cf

…ols/generator-fluid/async-2.6.4 Bump async from 2.6.3 to 2.6.4 in /tools/generator-fluid

fix: server/headless-agent/package.json & server/headless-agent/packa…

167ffa5

…ge-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

Merge pull request #425 from MarcelRaschke/snyk-fix-5ae6624a7c39b81f0…

7f23320

…a6f9238f71f1791 [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

fix: server/historian/packages/historian-base/package.json to reduce …

808d4d6

…vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

Merge pull request #426 from MarcelRaschke/snyk-fix-3fb626009b82a271a…

c5722cf

…f02838bee4b0375 [Snyk] Security upgrade @fluidframework/server-services from 0.1019.0 to 0.1025.0

fix: docs/themes/thxvscode/assets/js/package.json & docs/themes/thxvs…

f9ff4cb

…code/assets/js/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880

Merge pull request #428 from MarcelRaschke/snyk-fix-db0bbe786eb5cadab…

8d32260

…541b7e58ba6b846 [Snyk] Security upgrade jquery from 2.2.4 to 3.5.0

MarcelRaschke and others added 7 commits August 11, 2022 21:02

Merge pull request #455 from MarcelRaschke/snyk-upgrade-5024f92cabc23…

03fe938

…54b3e15cd19638527da

Merge pull request #454 from MarcelRaschke/snyk-upgrade-22fa689dd09c5…

d07aca9

…f56f1ffb227c9ccd520

Merge pull request #453 from MarcelRaschke/snyk-upgrade-8729f355a78fb…

130bce6

…e3c4062dc881eef25d7

Merge pull request #456 from MarcelRaschke/dependabot/npm_and_yarn/to…

c4d1049

…ols/getkeys/moment-2.29.4 Bump moment from 2.25.3 to 2.29.4 in /tools/getkeys

Merge pull request #443 from MarcelRaschke/snyk-upgrade-68a7b51eaf58b…

9a21790

…756618387a9e73ec24b [Snyk] Upgrade @fluid-experimental/get-container from 0.37.4 to 1.2.0

MarcelRaschke force-pushed the main branch from 66491a4 to c274c25 Compare December 4, 2022 02:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 17 vulnerabilities #482

[Snyk] Fix for 17 vulnerabilities #482

snyk-bot commented Aug 18, 2022

[Snyk] Fix for 17 vulnerabilities #482

Are you sure you want to change the base?

[Snyk] Fix for 17 vulnerabilities #482

Conversation

snyk-bot commented Aug 18, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: