New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 6 vulnerabilities #23

Merged

Tshegofatso merged 1 commit into staging from snyk-fix-393db501e8f4243075f8b118537507e5

Sep 1, 2021

snyk-bot commented Sep 1, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-validator

The new version differs by 59 commits.

cd4136e 6.5.0
612e2d9 Don't modify requests if oneOf chain didn't succeed (Bonfire: Make a Person: expect(Object.keys(bob).length) to equal 3 instead of 6. freeCodeCamp/freeCodeCamp#877)
7595c94 chain: comment out isDate for now
8b604af chain: add missing methods to Validators interface
ab6ffe4 npm: upgrade validator to 13.0.0 (Input field missing to input your CodePen Link into. freeCodeCamp/freeCodeCamp#874)
29374cb 6.4.1
70af46e npm: audit fix dependencies
efbfe3a Only consider . to be special char for now
42819ae npm: update dependencies
7736384 Remove console.log
3814c0a Fix use of special chars in selectors
0c450a9 docs: fix... typo? (I have a blank page. cannot see the bonfire anymore. :< freeCodeCamp/freeCodeCamp#842)
246f2ea docs: improve wording in matchedData page (Add tests for confirm the ending bonfire freeCodeCamp/freeCodeCamp#846)
6123155 docs: improve wording in whole-body validation (Bonfire: Mutations: ['Mary', 'Maary'] freeCodeCamp/freeCodeCamp#845)
3124129 docs: fix typo in schema validation and improve wording (Fixes RegExp so it matches the class .blue-text freeCodeCamp/freeCodeCamp#844)
d85b368 docs: fix verb tense in the custom validator page (Completed Challenge without creating "CSS blue" class freeCodeCamp/freeCodeCamp#841)
19531ec docs: fix verb tense in the validationResult page (Field guides have infinite redirect loop freeCodeCamp/freeCodeCamp#847)
f868e23 docs: small fixes in the wildcard feature (Fixes RegExp so it matches the class .blue-text freeCodeCamp/freeCodeCamp#843)
31d73c2 npm: add build script
008a0ae docs: migrate usages of sanitize to check
4bbe421 6.4.0
acb2ad7 npm: run docs:build before git add on versioning
5e293cf Compile TS to ES2017 (Waypoint Lesson requires the removal of Monospace even though it stated the removal of a dead link in the lesson information. freeCodeCamp/freeCodeCamp#826)
0163461 npm: upgrade a few packages (Wikipedia link does not open in new tab. freeCodeCamp/freeCodeCamp#825)

See the full diff

Package name: sanitize-html

The new version differs by 42 commits.

fd3cb54 changelog credit
6012524 Merge pull request removed "white-space: pre-line" rule from pre.wrappable elements to p… freeCodeCamp/freeCodeCamp#460 from apostrophecms/iframe-validation-redux
5395e36 markdown
bff6d9f Merge pull request Fix formatting of Bonfire Solutions freeCodeCamp/freeCodeCamp#459 from Aspedm/main
1ecf30f pass eslint
54851d0 new and interesting iframe validation exploits
dafee4f Update README.md
b77e1d9 2.3.1
bdf7836 Merge pull request Added MDN links to Bonfire 19: Diff Two Arrays freeCodeCamp/freeCodeCamp#458 from apostrophecms/stop-idna-iframe-attacks
477b032 Updates README to specify node version (fix typo on line 97 of coursewwares.json freeCodeCamp/freeCodeCamp#457)
5804fa9 changelog
ca4b62a stop IDNA iframe attacks
7229906 Fleshes out changelog message
5d6c6e6 Updates the version number
af6e348 Fixes a typo in the changelog
251e14a Merge pull request Logging in from the News and Field Guide pages doesn't redirect properly (using e-mail) freeCodeCamp/freeCodeCamp#429 from TrySound/upgrade-htmlparser2
102c623 Upgrade to v6
f07bf65 Upgrade htmlparser2
6a7b0ca bumps the version number (Bug in Tic-Tac-Toe Zipline freeCodeCamp/freeCodeCamp#446)
4be8a61 Adds acknowledgement to changelog. (Add a "New" flag to recently updated or added challenges freeCodeCamp/freeCodeCamp#445)
d59fdac Merge pull request Add step to basejump setups for SSH key freeCodeCamp/freeCodeCamp#444 from aHerbots/patch-1
34f00be Update CHANGELOG.md
5ae731e Update README.md
07d1523 Allow 'tel' links by default

See the full diff

Package name: validator

The new version differs by 250 commits.

24b3fd3 13.6.1
b986f3d fix: ReDOS in isEmail and isHSL (Challenge missing freeCodeCamp/freeCodeCamp#1651)
2a3a1c3 13.6.0
1fa0959 chore: add typeof utility (502 Bad Gateway freeCodeCamp/freeCodeCamp#1648)
cf403d0 fix(isMobilePhone): add Sierra Leone phone and fix Sri Lanka phone (Beta - Manipulating Objects freeCodeCamp/freeCodeCamp#1558)
3f70b8e feat(isPassportNumber, isIBAN, isMobilePhone): add Mozambique locale (Bonfire: Make a Person - Issue with paramater in test: bob.getFullName(); freeCodeCamp/freeCodeCamp#1604)
05ceb18 isURL(): Allow URLs to have only a username in the userinfo subcomponent (Bonfire: Where art thou - Change the word from "list" to "array" freeCodeCamp/freeCodeCamp#1644)
9ee1b6b fix(isMobilePhone): update china zh-CN locale (A list of Bonfires that have missing punctuation or mispellings freeCodeCamp/freeCodeCamp#1642)
b82f4f2 fix(docs): typo in README.md (Missing punctuation on "magical maths" instructions.. freeCodeCamp/freeCodeCamp#1640)
615547f feat(isMobilePhone): add Latvia lv-LV locale (Punctuation / Capitalisation on Working With Decimals freeCodeCamp/freeCodeCamp#1638)
d006e08 fix(isMobilePhone): add support for new networks codes in GH (Beta: Waypoint: Create a Bootstrap Headline - typo freeCodeCamp/freeCodeCamp#1635)
c33fca6 fix(isISIN): optimization (Arguments Optional Unexpected Token Illegal freeCodeCamp/freeCodeCamp#1633)
2ef84e4 fix(isIP): validator patterns for IPv4 and IPv6 RegExp formats (Wiki pages for each lesson? freeCodeCamp/freeCodeCamp#1632)
67a200d feat(isPostalCode): add KR locale (Waypoint: Make Images Mobile Responsive - where to add img freeCodeCamp/freeCodeCamp#1628)
b65ddc5 fix: fix A-z ranges (Update test case for Waypoint to 'container-fluid'. freeCodeCamp/freeCodeCamp#1625)
39830a9 feat: IR passport and identityCard, respect .gitignore files (Fixed a few typos in javascript-basic freeCodeCamp/freeCodeCamp#1595)
5d6db63 feat(isIPRange): add support for IP version 4 or 6 (Updated Roman Numeral Challenge link freeCodeCamp/freeCodeCamp#1594)
a31c116 fix: update isMobilePhone validation for en-SG (added test for object for steamroller bonfire freeCodeCamp/freeCodeCamp#1573)
63b6162 chore: add gitter chatroom badge (Fixing issue #1488 freeCodeCamp/freeCodeCamp#1592)
bb0dba6 feat(isPassportNumber): add MY locale (Beta site UX GitHub login freeCodeCamp/freeCodeCamp#1574)
7989e5b feat(isLicensePlate): add support for pt-BR locale (Beta - Basic Javascript - #27 - Looping with For freeCodeCamp/freeCodeCamp#1588)
3c771e8 feat(pt-BR): tax id, passport and license plates (Updated test case comment in 'fluid containers' freeCodeCamp/freeCodeCamp#1613)
418df05 fix(isMobilePhone): prevent allowing landline numbers in es-CO (Second goal for this Waypoint need edited freeCodeCamp/freeCodeCamp#1623)
6262f62 chore: improving code coverage to 100% branches (Title Case A Sentence - all tests pass but the code is still wrong freeCodeCamp/freeCodeCamp#1624)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json to reduce vulnerabilities

5a4a5c5

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602

Tshegofatso merged commit 732298e into staging

Tshegofatso deleted the snyk-fix-393db501e8f4243075f8b118537507e5 branch

September 1, 2021 15:03

Repository owner locked as resolved and limited conversation to collaborators

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet