[Snyk] Security upgrade next from 13.0.6 to 14.2.15

[karencapiiro]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• website/package.json
• website/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Missing Authorization SNYK-JS-NEXT-8520073	149

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Missing Authorization

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/next@14.2.15	environment, filesystem, network, shell, unsafe	+23	452 MB	vercel-release-bot
pypi/psycopg2-binary@2.9.5	environment, eval, filesystem, network, shell, unsafe	+60	131 MB	piro
pypi/pydantic@1.9.1	environment, eval, filesystem, unsafe	+2	108 MB	dmontagu, samuelcolvin
pypi/python-dotenv@0.21.0	environment, eval, filesystem, shell Transitive: network, unsafe	+46	250 MB	bbc, theskumar
pypi/pytz@2022.7	environment, filesystem, unsafe	0	1.04 MB	stub
pypi/requests@2.28.1	environment, eval, filesystem, network, shell, unsafe	+54	27.3 MB	Lukasa, graffatcolmingov, nateprewitt
pypi/schedule@1.1.0	None	0	80 kB	dbader, sijmenhuizenga
pypi/scipy@1.8.1	environment, eval, filesystem, network, shell, unsafe	+46	1.54 GB	matthew.brett, pv, rgommers, ...3 more
pypi/sqlalchemy@1.4.41	environment, eval, filesystem, network, shell, unsafe	0	51.1 MB	CaselIT
pypi/sqlmodel@0.0.8	environment, eval, network	0	92.3 kB	tiangolo
pypi/starlette@0.22.0	environment, filesystem, network	0	234 kB	Kludex, tomchristie
pypi/typer@0.7.0	environment, filesystem, shell Transitive: eval, network, unsafe	+142	1.47 GB	tiangolo
pypi/uvicorn@0.20.0	environment, filesystem, network	0	182 kB	tomchristie

🚮 Removed packages: npm/next@13.0.6

View full report↗︎

[rafikmojr]

Checkmarx One – Scan Summary & Details – cc7d4d75-7d3d-41cf-bd66-40c2ac5e1660

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-21538	Npm-cross-spawn-7.0.3	Vulnerable Package
	CVE-2024-4068	Npm-braces-3.0.2	Vulnerable Package
	CVE-2024-47874	Python-starlette-0.22.0	Vulnerable Package
	Reflected_XSS	/website/src/pages/api/update_task.ts: 42	Attack Vector
	Reflected_XSS	/website/src/pages/api/new_task/[task_type].ts: 28	Attack Vector
	CVE-2024-28176	Npm-jose-4.11.1	Vulnerable Package
	CVE-2024-28849	Npm-follow-redirects-1.15.2	Vulnerable Package
	CVE-2024-34064	Python-Jinja2-3.1.2	Vulnerable Package
	CVE-2024-35195	Python-requests-2.28.1	Vulnerable Package
	CVE-2024-4067	Npm-micromatch-4.0.5	Vulnerable Package
	CVE-2024-47764	Npm-cookie-0.5.0	Vulnerable Package
	Missing_CSP_Header	/website/src/pages/api/new_task/[task_type].ts: 71	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CVE-2023-46298	Npm-next-13.0.6
	Cx89601373-08db	Npm-debug-2.6.9
	Cx89601373-08db	Npm-debug-3.2.7
	Cxab55612e-3a56	Npm-braces-3.0.2
	Cxca84a1c2-1f12	Npm-micromatch-4.0.5
	Reflected_XSS	/website/src/pages/api/new_task/[task_type].ts: 28
	Reflected_XSS	/website/src/pages/api/update_task.ts: 25
	Reflected_XSS	/website/src/pages/api/new_task/[task_type].ts: 15
	CVE-2023-44270	Npm-postcss-8.4.20
	CVE-2023-44270	Npm-postcss-8.4.14
	Host Namespace is Shared	/docker-compose.yaml: 11
	Host Namespace is Shared	/docker-compose.yaml: 5
	Host Namespace is Shared	/docker-compose.yaml: 11
	Host Namespace is Shared	/docker-compose.yaml: 50
	Host Namespace is Shared	/docker-compose.yaml: 19
	Host Namespace is Shared	/docker-compose.yaml: 19
	Host Namespace is Shared	/docker-compose.yaml: 18
	Host Namespace is Shared	/docker-compose.yaml: 27
	Host Namespace is Shared	/docker-compose.yaml: 18
	Host Namespace is Shared	/docker-compose.yaml: 26
	Host Namespace is Shared	/docker-compose.yaml: 27
	Host Namespace is Shared	/docker-compose.yaml: 4
	Host Namespace is Shared	/docker-compose.yaml: 5
	Networks Not Set	/docker-compose.yaml: 27
	Networks Not Set	/docker-compose.yaml: 11
	Networks Not Set	/docker-compose.yaml: 5
	Networks Not Set	/docker-compose.yaml: 18
	Networks Not Set	/docker-compose.yaml: 4
	Networks Not Set	/docker-compose.yaml: 19
	Networks Not Set	/docker-compose.yaml: 5
	Networks Not Set	/docker-compose.yaml: 26
	Networks Not Set	/docker-compose.yaml: 27
	Networks Not Set	/docker-compose.yaml: 18
	Networks Not Set	/docker-compose.yaml: 50
	Networks Not Set	/docker-compose.yaml: 11
	Networks Not Set	/docker-compose.yaml: 19
	Missing_CSP_Header	/website/src/lib/poster.ts: 4