Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 12 vulnerabilities #137

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

alejandrosuarez
Copy link
Owner

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • docs/package.json
    • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 786/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.3
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
Yes Proof of Concept
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3
Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060
Yes No Known Exploit
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-LOADERUTILS-3043105
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943
Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Prototype Pollution
SNYK-JS-MINIMIST-2429795
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept
medium severity 489/1000
Why? Has a fix available, CVSS 5.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SIDEWAYFORMULA-3317169
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIM-1017038
Yes Proof of Concept
high severity 736/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.3
Sandbox Bypass
SNYK-JS-WEBPACK-3358798
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @docusaurus/core The new version differs by 250 commits.
  • 2ec4e07 v3.3.0
  • 8af29a7 refactor: apply lint autofix
  • 7319a1b prepare 3.3.0 release
  • 4159b25 docs: Fix `déja` to `déjà` in `swizzling.mdx` (#10096)
  • 10b76d8 chore(deps): bump ejs from 3.1.9 to 3.1.10 (#10097)
  • 3939413 docs: Fix dead Typesense links (#10093)
  • 7057ba4 feat: add createSitemapItems hook (#10083)
  • be9081a chore: Upgrade svgr / svgo / cssnano (#10092)
  • 2154dcc fix(theme): `<Tabs>` props should allow overriding defaults (#10091)
  • c967ea5 fix(theme): `<Admonition>` should render properly without heading/icon (#10080)
  • 3ee7760 fix(core): `docusaurus serve` redirects should include the site `/baseUrl/` prefix (#10090)
  • 0b49e6c chore(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.1 (#10089)
  • a6dbd92 chore(deps): bump preactjs/compressed-size-action from 2.5.0 to 2.6.0 (#10088)
  • ca33858 fix: handle React v18.3 warnings (#10079)
  • f1cb4ed docs: make `ThemedImage` example work out of the box (#10085)
  • e20b329 docs: add note regarding ts extension for config file. (#10082)
  • da2c0b4 chore: Upgrade to TypeScript 5.4 (#10076)
  • daba917 feat(core): add new site config option `siteConfig.markdown.anchors.maintainCase` (#10064)
  • 9418786 fix(theme-translations): add missing theme translations for pt-BR (#10070)
  • f88da6c refactor: extract base TS client config + upgrade TS + refactor TS setup (#10065)
  • e736dcb test(e2e): TypeCheck website/starter in min/max range of TS versions (#10063)
  • eb07e9d refactor(core): optimize App entrypoint, it should not re-render when navigating (#10060)
  • c746289 refactor(theme): simplify CSS solution to solve empty search container (#10061)
  • a612b4e feat(cli): docusaurus deploy should support a --target-dir option (#9767)

See the full diff

Package name: @docusaurus/preset-classic The new version differs by 250 commits.
  • cb5829f v3.5.0
  • a19d54f Merge remote-tracking branch 'origin/slorber/docusaurus-v3.5' into slorber/docusaurus-v3.5
  • ea49177 3.5 docs
  • 55a58ee changelog
  • 8f8f7f2 Merge branch 'main' into slorber/docusaurus-v3.5
  • a096bbc feat(blog): add `onUntruncatedBlogPosts` blog options (#10375)
  • 2611aa1 refactor: apply lint autofix
  • f9e5adb v3.5 blog post
  • c3af215 v3.5 blog post
  • af24976 v3.5 blog post
  • 2028ca4 v3.5 blog post
  • f43be85 fix(translations): fix wrong Estonian (et) translations and typos (#10344)
  • a2e30be fix(search): fix algolia search ignore ctrl + F in search input (#10342)
  • 44ddada fix(docs): the _category_.json description attribute should display on generated index pages (#10324)
  • 95ab9f8 feat(theme): show unlisted/draft banners in dev mode (#10376)
  • c58fcbd feat(ci): continuous releases for main and PRs with pkg.pr.new (#10369)
  • 087a329 fix(cli): Fix bad docusaurus CLI behavior on for --version, -V, --help, -h (#10368)
  • 7be1fea feat(blog): add feed xlst options to render beautiful RSS and Atom feeds (#9252)
  • 08a893a chore: add prettier-xml plugin (#10364)
  • f356e29 feat(blog): authors page (#10216)
  • 50f9fce docs: rename @ getcanary/docusaurus-pagefind in docs (#10361)
  • 347070b fix(translations): Fix and Improve Spanish translations (#10360)
  • 95990c6 docs: Add @ getcanary/docusaurus-pagefind in docs (#10345)
  • 40676cd chore(deps): update infima npm dependency to version 0.2.0-alpha.44 (#10343)

See the full diff

Package name: @docusaurus/theme-live-codeblock The new version differs by 250 commits.
  • ca8b463 v3.0.0
  • 2121b71 fix bad path
  • 0b3be15 version 3.0.0 docs
  • 9658a5b 3.0.0 changelog
  • 1089741 docs: archive v2 docs versions + create 2.x docs (#9472)
  • 495c793 chore: v3.0.0-rc.1 release (#9453)
  • 4a0bd92 docs: v3 upgrade guide should mention MDX v1 compat options (#9452)
  • 7e456ec feat(mdx-loader): upgrade to MDX v3 + (#9451)
  • 8d19054 fix(theme): fix useWindowSize React hydration issue (#9446)
  • d07567e chore: revert Lighthouse numberOfRuns due to bad/verbose reporting (#9448)
  • dd03a25 chore: Make Lighthouse CI run on local build (#9447)
  • c6762a2 feat(mdx-loader): Remark plugin to report unused MDX / Markdown directives (#9394)
  • 56cc8e8 chore(ci): fix missing screenshots on Argos (#9445)
  • f80e1bd refactor(blog-plugin): blog archive reverse ordering of posts (#9438)
  • 911dfb4 chore(deps): bump actions/setup-node from 3 to 4 (#9440)
  • e525794 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#9441)
  • aa958f0 fix(plugin-blog): blog archive should hide unlisted blog posts (#9437)
  • 2bb4fd0 chore(ci): use new Argos playwright integration (#9419)
  • f674e02 docs: update Kinsta deployment documentation (#9430)
  • 7ee2f75 chore: v3.0.0-rc.0 release (#9418)
  • 4e150d2 docs: add Docusaurus v3.0 upgrade guide (#9417)
  • 45f1a66 feat(core): support TypeScript + ESM configuration (#9317)
  • 336a44f chore: remove docusaurus-migrate (#9400)
  • ae31916 docs: fix typos in website/docs/i18n/i18n-git.mdx (#9396)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants