Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: , , react, react-dom, semver, , , clsx, , , cross-fetch, file-loader, lunr, next, raw-loader, react-syntax-highlighter, url-loader #478

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: , , react, react-dom, semver, , , clsx, , , cross-fetch, file-loader, lunr, next, raw-loader, react-syntax-highlighter, url-loader #478

wants to merge 1 commit into from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented Sep 7, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@material-ui/core
from 4.10.2 to 4.12.4 | 12 versions ahead of your current version | 2 years ago
on 2022-04-03
@material-ui/icons
from 4.9.1 to 4.11.3 | 2 versions ahead of your current version | 2 years ago
on 2022-04-03
react
from 17.0.1 to 17.0.2 | 1 version ahead of your current version | 3 years ago
on 2021-03-22
react-dom
from 17.0.1 to 17.0.2 | 1 version ahead of your current version | 3 years ago
on 2021-03-22
semver
from 7.3.5 to 7.6.3 | 13 versions ahead of your current version | 2 months ago
on 2024-07-16
@layer0/next
from 4.12.0 to 4.20.0 | 878 versions ahead of your current version | a year ago
on 2023-08-31
@layer0/rum
from 2.1.0 to 2.1.3 | 3 versions ahead of your current version | 3 years ago
on 2021-06-23
clsx
from 1.1.1 to 1.2.1 | 2 versions ahead of your current version | 2 years ago
on 2022-07-06
@material-ui/styles
from 4.10.0 to 4.11.5 | 7 versions ahead of your current version | 2 years ago
on 2022-04-03
@svgr/webpack
from 5.4.0 to 5.5.0 | 1 version ahead of your current version | 4 years ago
on 2020-11-15
cross-fetch
from 3.0.6 to 3.1.8 | 14 versions ahead of your current version | a year ago
on 2023-07-02
file-loader
from 6.0.0 to 6.2.0 | 3 versions ahead of your current version | 4 years ago
on 2020-10-27
lunr
from 2.3.8 to 2.3.9 | 1 version ahead of your current version | 4 years ago
on 2020-08-19
next
from 10.0.7 to 10.2.3 | 91 versions ahead of your current version | 3 years ago
on 2021-05-24
raw-loader
from 4.0.1 to 4.0.2 | 1 version ahead of your current version | 4 years ago
on 2020-10-09
react-syntax-highlighter
from 15.4.4 to 15.5.0 | 2 versions ahead of your current version | 2 years ago
on 2022-03-14
url-loader
from 4.1.0 to 4.1.1 | 1 version ahead of your current version | 4 years ago
on 2020-10-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 586 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 586 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 586 Proof of Concept
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683		 586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 586 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-PRISMJS-2404333		 586 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-PRISMJS-2404333		 586 No Known Exploit
medium severity Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109		 586 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 586 Proof of Concept
critical severity Heap-based Buffer Overflow
SNYK-JS-SHARP-5922108		 586 Mature
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 586 Proof of Concept
Release notes
Package name: @material-ui/core
  • 4.12.4 - 2022-04-03
  • 4.12.3 - 2021-07-30
  • 4.12.2 - 2021-07-19
  • 4.12.1 - 2021-07-07
  • 4.12.0 - 2021-07-06
  • 4.11.4 - 2021-04-27
  • 4.11.3 - 2021-01-24
  • 4.11.3-deprecations.1 - 2021-01-25
  • 4.11.3-deprecations.0 - 2021-01-24
  • 4.11.2 - 2020-12-02
  • 4.11.1 - 2020-11-24
  • 4.11.0 - 2020-06-30
  • 4.10.2 - 2020-06-11
from @material-ui/core GitHub release notes
Package name: @material-ui/icons
  • 4.11.3 - 2022-04-03
  • 4.11.2 - 2020-12-02
  • 4.9.1 - 2020-02-02
from @material-ui/icons GitHub release notes
Package name: react from react GitHub release notes
Package name: react-dom from react-dom GitHub release notes
Package name: semver from semver GitHub release notes
Package name: clsx
  • 1.2.1 - 2022-07-06

    Patches

    • Ensure CommonJS and UMD entrypoints have the named clsx export too

    Chores

    Full Changelog: v1.2.0...v1.2.1

  • 1.2.0 - 2022-07-02

    Features

    • Add named clsx export alias (#43, #44): 56ab81f
      Thank you @ danikaze~!

      This is purely an alias for the default export so that TypeScript users can avoid the esModuleInterop setting. In other words, the follow import statements are effectively identical, but the latter is preferred by TypeScript:

      import clsx from 'clsx';
// or
import { clsx } from 'clsx';

      Important: Just to reiterate, both still work!

    Chores

    Full Changelog: v1.1.1...v1.2.0

  • 1.1.1 - 2020-05-30

    Note: This is a performance-related patch only!
    Across all benchmarks, this version of clsx is ~1M ops/sec faster than clsx@1.1.0.
    ...It also happens to be 1 byte (gzip) smaller 😅🎉

    Patches

    • fix: Remove needless spacer on string/number condition: ff11464
    • fix: Remove unnecessary recursive caller for object keys: f43dd23
    • perf: Guard all toVal calls with truthy assertions: 4fa8811, 019ec02
    • perf: Reorder typeof checks for common case: 08a5a7f

    Chores

    Benchmarks

    Run on Node.js v10.13.0.
    You may find updated browser benchmarks here.

    The snippet below is comparing clsx@1.1.1 (this version) to the previous version, and to classnames for ballpark comparison. All candidates are functionally identical!

    # Strings
    classnames x 3,992,284 ops/sec ±1.64% (94 runs sampled)
    clsx@1.1.0 x 11,253,372 ops/sec ±0.35% (96 runs sampled)
    clsx@1.1.1 x 12,784,134 ops/sec ±0.42% (97 runs sampled)

    Objects

    classnames x 3,772,978 ops/sec ±0.46% (96 runs sampled)
    clsx@1.1.0 x 7,288,178 ops/sec ±0.31% (96 runs sampled)
    clsx@1.1.1 x 9,412,010 ops/sec ±0.42% (95 runs sampled)

    Arrays

    classnames x 1,665,275 ops/sec ±1.83% (93 runs sampled)
    clsx@1.1.0 x 8,340,174 ops/sec ±0.53% (96 runs sampled)
    clsx@1.1.1 x 9,141,916 ops/sec ±0.42% (95 runs sampled)

    Nested Arrays

    classnames x 1,164,706 ops/sec ±1.60% (95 runs sampled)
    clsx@1.1.0 x 6,284,485 ops/sec ±0.58% (90 runs sampled)
    clsx@1.1.1 x 7,165,151 ops/sec ±0.47% (91 runs sampled)

    Nested Arrays w/ Objects

    classnames x 1,597,180 ops/sec ±1.49% (93 runs sampled)
    clsx@1.1.0 x 6,345,248 ops/sec ±0.21% (95 runs sampled)
    clsx@1.1.1 x 7,651,411 ops/sec ±0.56% (95 runs sampled)

    Mixed

    classnames x 2,129,199 ops/sec ±1.46% (94 runs sampled)
    clsx@1.1.0 x 6,557,515 ops/sec ±0.73% (91 runs sampled)
    clsx@1.1.1 x 8,119,210 ops/sec ±0.42% (93 runs sampled)

    Mixed (Bad Data)

    classnames x 1,166,577 ops/sec ±0.84% (94 runs sampled)
    clsx@1.1.0 x 2,018,654 ops/sec ±0.15% (98 runs sampled)
    clsx@1.1.1 x 2,238,939 ops/sec ±0.34% (95 runs sampled)




from clsx GitHub release notes

Package name: @material-ui/styles
  • 4.11.5 - 2022-04-03
  • 4.11.4 - 2021-04-27
  • 4.11.3 - 2021-01-24
  • 4.11.3-deprecations.1 - 2021-01-25
  • 4.11.3-deprecations.0 - 2021-01-24
  • 4.11.2 - 2020-12-02
  • 4.11.1 - 2020-11-24
  • 4.10.0 - 2020-05-23
from @material-ui/styles GitHub release notes
Package name: @svgr/webpack from @svgr/webpack GitHub release notes
Package name: cross-fetch
  • 3.1.8 - 2023-07-02

    What's Changed

    • Restored caret range to node-fetch version for automatic feature and fix updates.

    Full Changelog: v3.1.7...v3.1.8

  • 3.1.7 - 2023-07-01

    What's Changed

    • Updated node-fetch version to 2.6.12

    Full Changelog: v3.1.6...v3.1.7

  • 3.1.7-test.0 - 2023-06-11
  • 3.1.6 - 2023-05-14
  • 3.1.5 - 2022-01-20
  • 3.1.4 - 2021-04-02
  • 3.1.4-alpha.0 - 2021-04-01
  • 3.1.3 - 2021-03-30
  • 3.1.3-alpha.6 - 2021-03-28
  • 3.1.3-alpha.5 - 2021-03-28
  • 3.1.3-alpha.4 - 2021-03-28
  • 3.1.2 - 2021-03-19
  • 3.1.1 - 2021-03-18
  • 3.1.0 - 2021-03-13
  • 3.0.6 - 2020-09-11
from cross-fetch GitHub release notes
Package name: file-loader
  • 6.2.0 - 2020-10-27

    6.2.0 (2020-10-27)

    Features

    • added the sourceFilename property to asset info with original filename (#393) (654e0d6)

    Bug Fixes

    • immutable flag when the name option have hash in query string (#392) (381d8bd)
  • 6.1.1 - 2020-10-09

    6.1.1 (2020-10-09)

    Chore

    • update schema-utils
  • 6.1.0 -

@snyk-bot
fix: upgrade multiple dependencies with Snyk
5fd5b32 
Snyk has created this PR to upgrade:
  - @material-ui/core from 4.10.2 to 4.12.4.
    See this package in npm: https://www.npmjs.com/package/@material-ui/core
  - @material-ui/icons from 4.9.1 to 4.11.3.
    See this package in npm: https://www.npmjs.com/package/@material-ui/icons
  - react from 17.0.1 to 17.0.2.
    See this package in npm: https://www.npmjs.com/package/react
  - react-dom from 17.0.1 to 17.0.2.
    See this package in npm: https://www.npmjs.com/package/react-dom
  - semver from 7.3.5 to 7.6.3.
    See this package in npm: https://www.npmjs.com/package/semver
  - @layer0/next from 4.12.0 to 4.20.0.
    See this package in npm: https://www.npmjs.com/package/@layer0/next
  - @layer0/rum from 2.1.0 to 2.1.3.
    See this package in npm: https://www.npmjs.com/package/@layer0/rum
  - clsx from 1.1.1 to 1.2.1.
    See this package in npm: https://www.npmjs.com/package/clsx
  - @material-ui/styles from 4.10.0 to 4.11.5.
    See this package in npm: https://www.npmjs.com/package/@material-ui/styles
  - @svgr/webpack from 5.4.0 to 5.5.0.
    See this package in npm: https://www.npmjs.com/package/@svgr/webpack
  - cross-fetch from 3.0.6 to 3.1.8.
    See this package in npm: https://www.npmjs.com/package/cross-fetch
  - file-loader from 6.0.0 to 6.2.0.
    See this package in npm: https://www.npmjs.com/package/file-loader
  - lunr from 2.3.8 to 2.3.9.
    See this package in npm: https://www.npmjs.com/package/lunr
  - next from 10.0.7 to 10.2.3.
    See this package in npm: https://www.npmjs.com/package/next
  - raw-loader from 4.0.1 to 4.0.2.
    See this package in npm: https://www.npmjs.com/package/raw-loader
  - react-syntax-highlighter from 15.4.4 to 15.5.0.
    See this package in npm: https://www.npmjs.com/package/react-syntax-highlighter
  - url-loader from 4.1.0 to 4.1.1.
    See this package in npm: https://www.npmjs.com/package/url-loader

See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/55e75de6-ef48-432a-bb3c-a1a2fabaeca1?utm_source=github&utm_medium=referral&page=upgrade-pr
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 7, 2024

Preview: https://layer0-docs-xdn-docs-snyk-upgrade-9e8df5464d059f4d0dc1b3bbb6c5bf86.layer0-docs.layer0-perma.link/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

@svgr/cli generated exports incomplete / truncated Option ext ignored
2 participants
@NOUIY @snyk-bot