[Snyk] Fix for 1 vulnerabilities #812

snyk-bot · 2022-11-05T17:39:16Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/data-objects/progress-bars/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 231 commits.

7857d8f chore(release): 4.0.0
5604205 feat: support `file:` protocol
5303db2 chore(deps): update (Beef up contribution guide microsoft/FluidFramework#1131)
9aa0549 chore(deps): update
a54c955 test: imports
5b45d87 test: support in `@ import` at-rule
83515fa refactor: code
1c20b1e fix: parsing
7f49a0a feat: `@ value` supports importing `url()` (Vltava - Dynamic Component Discovery via Registry microsoft/FluidFramework#1126)
791fff3 refactor: named export (bug fixes in creation driver microsoft/FluidFramework#1125)
01e8c76 refactor: change function arguments of the `import` option (Loader refactoring microsoft/FluidFramework#1124)
c153fe6 refactor: improve schema options (Expose component "type" on returned ComponentContext microsoft/FluidFramework#1123)
58b4b98 test: unresolved (Upgrade @types/react in newly added package microsoft/FluidFramework#1122)
d2f6bd2 refactor: getLocalIdent function (fix eslint version in local-web-host package microsoft/FluidFramework#1121)
069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (Pin eslint-plugin-import to v2.20.0 microsoft/FluidFramework#1120)
fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (Small tweaks to experimental contribution README microsoft/FluidFramework#1119)
3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (Fix lint in server monorepo microsoft/FluidFramework#1118)
0080f88 refactor: default values `modules` and `module.auto` are true (Fix server build break microsoft/FluidFramework#1117)
e1c55e4 refactor: rename the `onlyLocals` option (Include api-extractor output in docs Dockerfile microsoft/FluidFramework#1116)
ac5f413 refactor: code
a5c1b5f test: code coverange (Update common packages docs build tasks microsoft/FluidFramework#1114)
908ecee refactor: `esModule` option is `true` by default (clean:docs task seems to be causing problems in CI microsoft/FluidFramework#1111)
7cca035 test: coverange (Make docs a PWA microsoft/FluidFramework#1112)
bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: file-loader

The new version differs by 28 commits.

e44eb73 chore(release): 6.0.0
ad39022 chore(deps): update (Bump moment from 2.28.0 to 2.29.2 in /server/headless-agent #369)
e1fe27c docs: update README.md ([Snyk] Security upgrade node from 12.16.3-alpine to 12.22.11-alpine #368)
c2aded7 chore(release): 5.1.0
cd8698b feat: support the `query` template for the `name` option ([Snyk] Security upgrade node from 12.16.3-slim to 12.22.11-slim #366)
5703c58 chore(deps): update ([Snyk] Security upgrade node from 12.20.1-slim to 12.22.11-slim #365)
521bff2 chore: remove duplicate prettier config file (Bump minimist from 1.2.5 to 1.2.6 in /common/lib/common-utils #357)
5ffac2e refactor: added description on esModule ([Snyk] Security upgrade node from 10.16.0-slim to 10.24.0-slim #358)
190829e docs: fix the description of the `esModule` option ([Snyk] Security upgrade node from 12.20.1-stretch to 12.22.11-stretch #348)
f1b071c chore(release): 5.0.2
6431101 chore: add the `funding` field in `package.json` ([Snyk] Security upgrade node from 12.16.3-alpine to 12.22.7-alpine #347)
90302cd chore(release): 5.0.1
31d6589 fix: name of `esModule` option in source code ([Snyk] Security upgrade node from 12.20.1-stretch to 12-stretch #346)
2a18cba chore(release): 5.0.0
98a6c1d refactor: next ([Snyk] Security upgrade node from 12.16.3-alpine to 12.22-alpine #345)
0df6c8d chore(release): 4.3.0
a2f5faf refactor: code ([Snyk] Security upgrade alpine from 3.12 to 3.15 #344)
9b9cd8d feat: new options flag to output ES2015 modules ([Snyk] Security upgrade node from 12.20.1-stretch to 12.22.9-stretch #340)
ba0fd4c chore(release): 4.2.0
642ee74 docs: improve readme ([Snyk] Security upgrade node from 10.16.0-slim to 10.24-slim #341)
c136f44 feat: `postTransformPublicPath` option ([Snyk] Security upgrade node from 12.20.1-stretch to 12.22.0-stretch #334)
d441daa chore(release): 4.1.0
705eed4 feat: improved validation error messages ([Snyk] Security upgrade node from 12.20.1-slim to 12.22.8-slim #339)
d016daa chore(release): 4.0.0

See the full diff

Package name: ts-loader

The new version differs by 50 commits.

268bc69 chore(deps): upgrade most production deps (Jsonable: Replace interfaces w/recursive type decls microsoft/FluidFramework#1237)
e160564 Add a cache to file path mapping (Add Serializable to runtime-definitions microsoft/FluidFramework#1228)
14fa3f8 Add documentation about performance profiling (Separation of concerns between IComponentHTMLView and IComponentHTMLVisual microsoft/FluidFramework#1230)
3cc78b8 Fix typo in README.md (error in DeltaManager.connect() instead of assert microsoft/FluidFramework#1229)
8f2a509 Add documentation for the useCaseSensitiveFileNames option (Matrix: Rev Tiny-Calc microsoft/FluidFramework#1227)
566e6ce Instead of checking date, check time thats more accurate to see if something has changed (Add telemetry for blob usage microsoft/FluidFramework#1217)
172ebeb Feature/typescript 4 1 (Vltava - Data Binding using MatchMaker microsoft/FluidFramework#1213)
0816fe9 Add peer dependencies for Yarn PnP (remove commits from containerRuntime.snapshot() microsoft/FluidFramework#1209)
4909d99 Fixed missing errors in watch mode in webpack5 (Update createComponent in externalComponentLoader.ts to use the current component's path instead of WaterParkLoaderName microsoft/FluidFramework#1208)
3f73e98 Fix failed builds when using thread-loader (Investigate/move common-utils hashing browser/server bifurcation from inline to through the package.json microsoft/FluidFramework#1207)
e90f8ad Fix memory leak when using multiple webpack instances (DI paradigm using ContainerRuntime scope microsoft/FluidFramework#1205)
95050eb Speeds up project reference build and doesnt store the result in memory (Change hostRuntime in ComponentContext to be of type IHostRuntime microsoft/FluidFramework#1202)
f99c7c4 doc: escape pipe in table (Temporarily disable API docs and fix docs PWA microsoft/FluidFramework#1201)
0b4a86d Replace afterCompile to stop webpack 5 warning (Provide a ContainerRuntime Scope through instantiateComponent flow microsoft/FluidFramework#1200)
6d8d601 Fixed deprecation warnings on webpack@5. (Vltava - Anchor Supports Default component creation via ConsensusQueue microsoft/FluidFramework#1195)
cafc933 Fix installation link on README.md (IContainerRuntime*.get*DataStoreRuntime: Supply optional AbortSignal for cases where we wait microsoft/FluidFramework#1192)
f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (Remove postProcess back-compat support microsoft/FluidFramework#1182)
0767bce add github action status badge (Bug fix for initial tenant creation when storage is not yet defined microsoft/FluidFramework#1190)
db5ea55 Feature/upgrade testpack to ts4 (Consensus Data Structures need to accept input while not attached microsoft/FluidFramework#1189)
95b6fe8 Uses existing instance if config file is same as already built solution (Simplify server compose file microsoft/FluidFramework#1177)
b38678a Update minimum compiler version to 3.6.3 (Deprecate createSubComponent for a singular createComponent call in IComponentContext microsoft/FluidFramework#1188)
f8eba53 Add documentation and example code for projectReferences (Handle "FatalError" PUSH errors microsoft/FluidFramework#1184)
46d9761 Update docs to show transpileOnly does not affect project references (Remove back-compat support to loader <= 0.8 microsoft/FluidFramework#1175)
0e64ceb Fix getOptionsHash when two options has different props but same values. (Fix multiple rendering of progress bar microsoft/FluidFramework#1170)

See the full diff

Package name: url-loader

The new version differs by 6 commits.

8828d64 chore(release): 4.0.0
fc8721f chore(deps): migrate on `mime-types` package ([Snyk] Security upgrade node from 10.16.0-slim to 10.23.0-slim #209)
f13757a chore(deps): update ([Snyk] Security upgrade node from 12.20.1-stretch to erbium #208)
a2f127d fix: description on the `esModule` option ([Snyk] Security upgrade node from 12.20.1-stretch to 12.22.5-stretch #204)
4301f87 chore(release): 3.0.0
3f0bbc5 refactor: next ([Snyk] Security upgrade node from 12.16.3-slim to 12.20.1-slim #198)

See the full diff

Package name: webpack

The new version differs by 250 commits.

610f368 5.0.0
5ce65c1 update examples
bbe1230 Merge pull request Fix isLatest calculation in CI and move tool to new CLI microsoft/FluidFramework#11628 from webpack/bugfix/real-content-hash
75ecff2 5.0.0-rc.6
bfc35d6 Merge pull request Unify MergeTree Walks into Single Interative Function microsoft/FluidFramework#11603 from MayaWolf/master
76e8cbd Merge pull request Processing of execution-time performance test results microsoft/FluidFramework#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
36bcfaa Merge pull request Automation: Main Next Integrate microsoft/FluidFramework#11621 from webpack/bugfix/11619
9130d10 fix called variables with ProvidePlugin
3e42105 Merge pull request TreeDDS changeset format: remove AttachGroup construct microsoft/FluidFramework#11620 from webpack/bugfix/11617
4709719 skip connections copied to concatenated module
57b493f 5.0.0-rc.5
1658e2f Merge pull request remove t9s skip in containerDirtyFlag microsoft/FluidFramework#11618 from webpack/bugfix/11615
a8fb45d fixes crash in SideEffectsFlagPlugin
84b196d emit error instead of crashing when unexpected problem occurs
5573fed Merge pull request Update deployment details with updated helm chart versions and values microsoft/FluidFramework#11601 from Hornwitser/improve-suggested-polyfill-config
9b5cce9 Merge pull request Tree DDS EditManager fixes and tests microsoft/FluidFramework#11609 from snitin315/export-types
37c495c export type RuleSetUseItem
39faf34 export type RuleSetUse
e5fd246 export type RuleSetConditionAbsolute
660baad export RuleSetCondition types
13e3ca5 Merge pull request Tree: edit flow diagrams for readme microsoft/FluidFramework#11602 from webpack/bugfix/shared-runtime-chunk
9c0587e Merge pull request Automation: Main Next Integrate microsoft/FluidFramework#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
502d166 Merge pull request Remove references to deleted file in YAML pipelines microsoft/FluidFramework#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

fb50f76 chore(release): publish new version
2c75aeb chore: new version of the packages
0d05c30 chore(release): publish %s
3f9e151 chore: fix lerna config
2c1e34c tests(generator): enhance init generator tests (Vltava - DateEvent Data-Binding With MatchMaker microsoft/FluidFramework#1236)
6ee61b9 Fix loader-generator and plugin-generator tests (Hotfix summary to not do full summary on first open [0.13] microsoft/FluidFramework#1250)
52956a2 Fixing the typos and grammatical errors in Readme files (More informative error messages for when we can't instantiate components microsoft/FluidFramework#1246)
7faaed2 chore: update Bug_report & Feature_request Templates (Upgrade sort-package-json and enforce it in lint microsoft/FluidFramework#1256)
7a5b33d feat(webpack-cli): added mode argument (Use registry to check for available components in spaces/componentToolbar microsoft/FluidFramework#1253)
3715756 tests(webpack-cli): add test case for defaults flag (Update monitoring script and add propose code feature. microsoft/FluidFramework#1254)
a7cba2f chore: project maintanance and typescript fix (Add Support Weak Handles for Components and DDS microsoft/FluidFramework#1247)
7748472 chore: ignore package-lock.json and remove its references (Re-enable API docs builds with perf improvements microsoft/FluidFramework#1252)
a014aa7 docs: fix supported arguments & commands link in README (Address issue around isFirstContainerForService / hashing blobs microsoft/FluidFramework#1244)
06129a1 feat(webpack-cli): add progress bar for progress flag (Initial basic support for OneDrive Consumer in odsp driver microsoft/FluidFramework#1238)
6cc6a49 chore: post refactor CLI (Jsonable: Replace interfaces w/recursive type decls microsoft/FluidFramework#1237)
358651e chore: move cli under lerna package (Issue #1217 - blob telemetry microsoft/FluidFramework#1225)
2dc495a fix(init): fix webpack config scaffold (add FatalError microsoft/FluidFramework#1231)
1ab62d2 tests(generator): add tests for plugin generator (Move local-test-server to server repo - Part 2 microsoft/FluidFramework#1235)
d2dd0c1 tests(sourcemap): fix flaky stats statement (Update Vltava to new npm run start modes microsoft/FluidFramework#1232)
f6dc680 tests(loader-generator): add tests for loader generator (Container runtime scopes microsoft/FluidFramework#1234)
35d1381 tests(generator): enable init generator test (Move local-test-server to server repo - Part 2 microsoft/FluidFramework#1233)
66cdcb6 chore(generator): remove transpiled tests (error in DeltaManager.connect() instead of assert microsoft/FluidFramework#1229)
f29a170 fix(init): fix the invalid package name (Add Serializable to runtime-definitions microsoft/FluidFramework#1228)
8c3a66d chore(cli): updated changelog of v3 (Issue #1222 - Op latency telemetry is missing microsoft/FluidFramework#1224)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-1569399 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-2426305 - https://snyk.io/vuln/SNYK-DEBIAN9-PYTHON27-1063180 - https://snyk.io/vuln/SNYK-DEBIAN9-PYTHON35-1063181 - https://snyk.io/vuln/SNYK-DEBIAN9-PYTHON35-1570179

…uce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827

…2398bbbda0acf54

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-LIBGCRYPT20-1582895 - https://snyk.io/vuln/SNYK-DEBIAN9-LZ4-1277599 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293

…0d201d1987679c3

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE311-APKTOOLS-1534687 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1089242 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569447 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569451 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569451

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-CURL-466505 - https://snyk.io/vuln/SNYK-DEBIAN9-CURL-466508 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-1075328 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-1569399 - https://snyk.io/vuln/SNYK-DEBIAN9-OPENSSL-2426305

…19d898463e6601f [Snyk] Security upgrade node from 10.16.0-slim to 10.23.2-slim

…8a2a69cc617742c [Snyk] Security upgrade node from 12.16.3-alpine to 12-alpine

…bb5daf316bc56b2 [Snyk] Security upgrade node from 12.20.1-slim to 12.22.5-slims

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-LIBGCRYPT20-1582895 - https://snyk.io/vuln/SNYK-DEBIAN9-LZ4-1277599 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293

…323e51657c35682

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-LIBGCRYPT20-1582895 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-SHADOW-306269 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293 - https://snyk.io/vuln/SNYK-DEBIAN9-ZLIB-2433935

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-DPKG-2847943 - https://snyk.io/vuln/SNYK-DEBIAN9-SYSTEMD-546478 - https://snyk.io/vuln/SNYK-DEBIAN9-SYSTEMD-546478 - https://snyk.io/vuln/SNYK-DEBIAN9-TAR-312293 - https://snyk.io/vuln/SNYK-DEBIAN9-ZLIB-2433935

…394abf529e2ccb8

…2ae99b2fe3a03c7

…kage-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

…c2b3d49b9af9b1c [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) --- updated-dependencies: - dependency-name: async dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…ols/generator-fluid/async-2.6.4 Bump async from 2.6.3 to 2.6.4 in /tools/generator-fluid

…ge-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

…a6f9238f71f1791 [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

…vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

…f02838bee4b0375 [Snyk] Security upgrade @fluidframework/server-services from 0.1019.0 to 0.1025.0

…code/assets/js/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880

…541b7e58ba6b846 [Snyk] Security upgrade jquery from 2.2.4 to 3.5.0

Snyk has created this PR to upgrade @fluid-experimental/get-container from 0.37.4 to 1.2.0. See this package in npm: https://www.npmjs.com/package/@fluid-experimental/get-container See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/50c6f3a2-09ce-47f2-9837-9c253a13a437?utm_source=github&utm_medium=referral&page=upgrade-pr

…1028.2000 Snyk has created this PR to upgrade @fluidframework/protocol-definitions from 0.1021.0 to 0.1028.2000. See this package in npm: https://www.npmjs.com/package/@fluidframework/protocol-definitions See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/469c9422-75d2-4b99-bd32-52dfa4324e8b?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade @fluidframework/common-utils from 0.28.0 to 0.32.1. See this package in npm: https://www.npmjs.com/package/@fluidframework/common-utils See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/469c9422-75d2-4b99-bd32-52dfa4324e8b?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade jwt-decode from 2.2.0 to 3.1.2. See this package in npm: https://www.npmjs.com/package/jwt-decode See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/469c9422-75d2-4b99-bd32-52dfa4324e8b?utm_source=github&utm_medium=referral&page=upgrade-pr

…54b3e15cd19638527da

…f56f1ffb227c9ccd520

Bumps [moment](https://github.com/moment/moment) from 2.25.3 to 2.29.4. - [Release notes](https://github.com/moment/moment/releases) - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.25.3...2.29.4) --- updated-dependencies: - dependency-name: moment dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…e3c4062dc881eef25d7

…ols/getkeys/moment-2.29.4 Bump moment from 2.25.3 to 2.29.4 in /tools/getkeys

…756618387a9e73ec24b [Snyk] Upgrade @fluid-experimental/get-container from 0.37.4 to 1.2.0

…vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NANOID-2332193

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NANOID-2332193

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EJS-1049328 - https://snyk.io/vuln/SNYK-JS-EJS-2803307 - https://snyk.io/vuln/SNYK-JS-NANOID-2332193

…8c0e1dcf17961fd

…9f9c001a813ab2c

…d5a102e7bbb37d9

…c00aee25b6a85a9

…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341 - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640

…ae4c751c29922d6 [Snyk] Fix for 8 vulnerabilities

…rabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105

snyk-bot and others added 30 commits April 18, 2022 20:21

fix: server/routerlicious/packages/lambdas-driver/package.json to red…

669a86b

…uce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827

Merge pull request #376 from MarcelRaschke/snyk-fix-26527be55298fe319…

23beb8a

…2398bbbda0acf54

Merge pull request #375 from MarcelRaschke/snyk-fix-389a2b9249fa1ff98…

cb45784

…0d201d1987679c3

Merge pull request #398 from MarcelRaschke/snyk-fix-04a2211d23c90419e…

c7914cd

…19d898463e6601f [Snyk] Security upgrade node from 10.16.0-slim to 10.23.2-slim

Merge pull request #397 from MarcelRaschke/snyk-fix-57eae7f5301126230…

9c0cf09

…8a2a69cc617742c [Snyk] Security upgrade node from 12.16.3-alpine to 12-alpine

Merge pull request #392 from MarcelRaschke/snyk-fix-53c876438b110e2c6…

bb44044

…bb5daf316bc56b2 [Snyk] Security upgrade node from 12.20.1-slim to 12.22.5-slims

Merge pull request #403 from MarcelRaschke/snyk-fix-5406ea93256beebdc…

4651c14

…323e51657c35682

Merge pull request #416 from MarcelRaschke/snyk-fix-b588ba7c00a511109…

9b726b1

…394abf529e2ccb8

Merge pull request #411 from MarcelRaschke/snyk-fix-2180e61df0ab2b350…

78acf90

…2ae99b2fe3a03c7

fix: server/service-monitor/package.json & server/service-monitor/pac…

87ce08a

…kage-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

Merge pull request #421 from MarcelRaschke/snyk-fix-95c458c5469b3d863…

2f70af8

…c2b3d49b9af9b1c [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

Merge pull request #423 from MarcelRaschke/dependabot/npm_and_yarn/to…

6eb66cf

…ols/generator-fluid/async-2.6.4 Bump async from 2.6.3 to 2.6.4 in /tools/generator-fluid

fix: server/headless-agent/package.json & server/headless-agent/packa…

167ffa5

…ge-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

Merge pull request #425 from MarcelRaschke/snyk-fix-5ae6624a7c39b81f0…

7f23320

…a6f9238f71f1791 [Snyk] Security upgrade @fluidframework/server-services from 0.1012.2 to 0.1025.0

fix: server/historian/packages/historian-base/package.json to reduce …

808d4d6

…vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770

Merge pull request #426 from MarcelRaschke/snyk-fix-3fb626009b82a271a…

c5722cf

…f02838bee4b0375 [Snyk] Security upgrade @fluidframework/server-services from 0.1019.0 to 0.1025.0

fix: docs/themes/thxvscode/assets/js/package.json & docs/themes/thxvs…

f9ff4cb

…code/assets/js/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880

Merge pull request #428 from MarcelRaschke/snyk-fix-db0bbe786eb5cadab…

8d32260

…541b7e58ba6b846 [Snyk] Security upgrade jquery from 2.2.4 to 3.5.0

MarcelRaschke and others added 17 commits August 11, 2022 21:02

Merge pull request #455 from MarcelRaschke/snyk-upgrade-5024f92cabc23…

03fe938

…54b3e15cd19638527da

Merge pull request #454 from MarcelRaschke/snyk-upgrade-22fa689dd09c5…

d07aca9

…f56f1ffb227c9ccd520

Merge pull request #453 from MarcelRaschke/snyk-upgrade-8729f355a78fb…

130bce6

…e3c4062dc881eef25d7

Merge pull request #456 from MarcelRaschke/dependabot/npm_and_yarn/to…

c4d1049

…ols/getkeys/moment-2.29.4 Bump moment from 2.25.3 to 2.29.4 in /tools/getkeys

Merge pull request #443 from MarcelRaschke/snyk-upgrade-68a7b51eaf58b…

9a21790

…756618387a9e73ec24b [Snyk] Upgrade @fluid-experimental/get-container from 0.37.4 to 1.2.0

fix: server/historian/packages/historian-base/package.json to reduce …

999f417

…vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NANOID-2332193

fix: packages/dds/ink/package.json to reduce vulnerabilities

ac58adc

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NANOID-2332193

fix: packages/hosts/base-host/package.json to reduce vulnerabilities

be38b75

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EJS-1049328 - https://snyk.io/vuln/SNYK-JS-EJS-2803307 - https://snyk.io/vuln/SNYK-JS-NANOID-2332193

Merge pull request #510 from MarcelRaschke/snyk-fix-4c8c59a7a4c58124b…

8f040d8

…8c0e1dcf17961fd

Merge pull request #509 from MarcelRaschke/snyk-fix-b2ce38f9ce14e4bd1…

f438539

…9f9c001a813ab2c

Merge pull request #508 from MarcelRaschke/snyk-fix-575ebb1cea5b7f1f8…

5100bee

…d5a102e7bbb37d9

Merge pull request #507 from MarcelRaschke/snyk-fix-fe981c5384d9219cf…

005f77d

…c00aee25b6a85a9

Merge pull request #534 from MarcelRaschke/snyk-fix-3b4213b0488d8d819…

2722e67

…ae4c751c29922d6 [Snyk] Fix for 8 vulnerabilities

fix: examples/data-objects/progress-bars/package.json to reduce vulne…

998195a

…rabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105

MarcelRaschke force-pushed the main branch from 66491a4 to c274c25 Compare December 4, 2022 02:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities #812

[Snyk] Fix for 1 vulnerabilities #812

snyk-bot commented Nov 5, 2022

[Snyk] Fix for 1 vulnerabilities #812

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #812

Conversation

snyk-bot commented Nov 5, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: