[Snyk] Fix for 28 vulnerabilities

[dotam99]

Snyk has created this PR to fix 28 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	786
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Code Injection SNYK-JS-LODASH-1040724	681
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	646
	Prototype Pollution SNYK-JS-JSON5-3182856	641
	Arbitrary File Write SNYK-JS-TAR-1579147	639
	Arbitrary File Write SNYK-JS-TAR-1579152	639
	Arbitrary File Write SNYK-JS-TAR-1579155	639
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	624
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	624
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	589
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	589
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	586
	Information Exposure SNYK-JS-NODEFETCH-2342118	539
	Information Exposure SNYK-JS-NANOID-2332193	521
	Prototype Pollution SNYK-JS-MINIMIST-2429795	506
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479
	Improper Input Validation SNYK-JS-POSTCSS-5926692	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	410

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Code Injection
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@babel/core","from":"7.12.13","to":"7.23.2"},{"name":"@babel/plugin-transform-modules-commonjs","from":"7.12.13","to":"7.14.0"},{"name":"@babel/plugin-transform-runtime","from":"7.11.0","to":"7.12.10"},{"name":"@babel/preset-env","from":"7.12.13","to":"7.23.3"},{"name":"algoliasearch","from":"3.35.1","to":"4.0.0"},{"name":"babel-loader","from":"8.1.0","to":"9.1.3"},{"name":"copy-webpack-plugin","from":"6.4.1","to":"8.0.0"},{"name":"css-loader","from":"5.0.0","to":"6.9.0"},{"name":"got","from":"9.6.0","to":"12.6.0"},{"name":"linkinator","from":"2.13.1","to":"6.0.3"},{"name":"mini-css-extract-plugin","from":"1.4.1","to":"2.0.0"},{"name":"rehype-highlight","from":"3.1.0","to":"5.0.0"},{"name":"sass-loader","from":"9.0.2","to":"11.0.0"},{"name":"style-loader","from":"1.2.1","to":"3.0.0"},{"name":"webpack","from":"5.30.0","to":"5.90.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BROWSERSLIST-1090194","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BROWSERSLIST-1090194","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BROWSERSLIST-1090194","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-HIGHLIGHTJS-1048676","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HOSTEDGITINFO-1088355","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3042992","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3105943","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3042992","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3105943","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3042992","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3105943","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3042992","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3105943","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3042992","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3105943","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3042992","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-LOADERUTILS-3105943","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MINIMATCH-3050818","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-NANOID-2332193","priority_score":521,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4","score":200},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-NODEFETCH-2342118","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHPARSE-1077067","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHPARSE-1077067","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHPARSE-1077067","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-POSTCSS-5926692","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1536758","priority_score":410,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TERSER-2806366","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TRIMNEWLINES-1298042","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"}],"prId":"f0240c2f-4e6b-4523-be7c-46e1ee1baa09","prPublicId":"f0240c2f-4e6b-4523-be7c-46e1ee1baa09","packageManager":"npm","priorityScoreList":[696,786,586,479,586,586,641,479,589,479,586,681,479,506,521,539,586,479,696,624,624,410,639,639,639,646,479,589],"projectPublicId":"94efd8a9-0641-4a59-9968-d745c08a0e93","projectUrl":"https://app.snyk.io/org/mitev.daniel99/project/94efd8a9-0641-4a59-9968-d745c08a0e93?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-HIGHLIGHTJS-1048676","SNYK-JS-HOSTEDGITINFO-1088355","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-JSON5-3182856","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-MINIMATCH-3050818","SNYK-JS-MINIMIST-2429795","SNYK-JS-NANOID-2332193","SNYK-JS-NODEFETCH-2342118","SNYK-JS-PATHPARSE-1077067","SNYK-JS-POSTCSS-5926692","SNYK-JS-SEMVER-3247795","SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1536758","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-TAR-6476909","SNYK-JS-TERSER-2806366","SNYK-JS-TRIMNEWLINES-1298042"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-HIGHLIGHTJS-1048676","SNYK-JS-HOSTEDGITINFO-1088355","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-JSON5-3182856","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-MINIMATCH-3050818","SNYK-JS-MINIMIST-2429795","SNYK-JS-NANOID-2332193","SNYK-JS-NODEFETCH-2342118","SNYK-JS-PATHPARSE-1077067","SNYK-JS-POSTCSS-5926692","SNYK-JS-SEMVER-3247795","SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1536758","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-TAR-6476909","SNYK-JS-TERSER-2806366","SNYK-JS-TRIMNEWLINES-1298042"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

[guardrails]

⚠️ We detected 89 security issues in this pull request:

Mode: paranoid | Total findings: 89 | Considered vulnerability: 89

Insecure Access Control (6)

Severity	Details	Docs
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/external.js Line 6 in 742503d return res.redirect(301, externalSites[req.path])	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/handle-redirects.js Line 50 in 742503d return res.redirect(301, redirect)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/contextualizers/enterprise-release-notes.js Line 94 in 742503d return res.redirect(`https://enterprise.github.com/releases/${requestedVersion}.0/notes`)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/archived-enterprise-versions.js Line 24 in 742503d return res.redirect(301, req.baseUrl + req.path.replace(/^\/en/, ''))	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/archived-enterprise-versions.js Line 33 in 742503d return res.redirect(301, redirect)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/language-code-redirects.js Line 15 in 742503d return res.redirect(301, req.path.replace(redirectPattern, `/${language.code}`))	📚

More info on how to fix Insecure Access Control in JavaScript.

---

Insecure File Management (11)

Severity	Details	Docs
High	Title: Path Traversal from user input docs/middleware/contextualizers/rest.js Line 14 in 742503d '/developers/apps'	📚
High	Title: Path Traversal from user input docs/lib/rewrite-local-links.js Line 40 in 742503d newHref = path.join('/', languageCode, href)	📚
High	Title: Path Traversal from user input docs/lib/rewrite-local-links.js Line 47 in 742503d newHref = path.join('/', languageCode, href)	📚
High	Title: Path Traversal from user input docs/middleware/early-access-breadcrumbs.js Line 63 in 742503d const mapTopicOrArticlePath = path.posix.join(categoryPath, pathParts[2])	📚
High	Title: Path Traversal from user input docs/middleware/early-access-breadcrumbs.js Line 50 in 742503d const categoryPath = removeFPTFromPath(path.posix.join('/', 'en', req.context.currentVersion, 'early-access', pathParts[0], pathParts[1]))	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 35 in 742503d title: product.title	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 49 in 742503d const categoryPath = removeFPTFromPath(path.posix.join('/', req.context.currentLanguage, req.context.currentVersion, productPath, pathParts[1]))	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 21 in 742503d const productPath = path.posix.join('/', req.context.currentProduct)	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 34 in 742503d href: removeFPTFromPath(path.posix.join('/', req.context.currentLanguage, req.context.currentVersion, productPath)),	📚
High	Title: Path Traversal from user input docs/middleware/archived-enterprise-versions-assets.js Line 22 in 742503d const proxyPath = path.join('/', requestedVersion, assetPath)	📚
High	Title: Path Traversal from user input docs/lib/get-link-data.js Line 37 in 742503d const href = removeFPTFromPath(path.join('/', context.currentLanguage, version, linkPath))	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Processing of Data (6)

Severity	Details	Docs
High	Title: Insecure Deserialization (js-yaml) docs/tests/unit/actions-workflows.js Line 11 in 742503d const data = yaml.load(fs.readFileSync(fullpath, 'utf8'), { fullpath })	📚
High	Title: Insecure Deserialization (js-yaml) docs/tests/helpers/crowdin-config.js Line 7 in 742503d return yaml.load(fs.readFileSync(filename, 'utf8'), { filename })	📚
Medium	Title: Tainted input passed to Express response docs/middleware/dev-toc.js Line 8 in 742503d return res.send(await liquid.parseAndRender(layouts['dev-toc'], req.context))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/loaderio-verification.js Line 5 in 742503d return res.send(req.path.replace(/\//g, ''))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/enterprise-server-releases.js Line 12 in 742503d return res.send(await liquid.parseAndRender(layouts['enterprise-server-releases'], req.context))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/render-page.js Line 144 in 742503d res.send(addCsrf(req, output))	📚

More info on how to fix Insecure Processing of Data in JavaScript.

---

Insecure Use of Language/Framework API (42)

Severity	Details	Docs
Medium	Title: User Controlled Method Invocation docs/script/graphql/utils/remove-hidden-schema-members.rb Line 99 in 742503d schema.send(:own_orphan_types).clear	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/tests/content/lint-files.js Line 203 in 742503d const changedFilesRelPaths = execSync('git diff --name-only origin/main | egrep "^translations/.*/.+.(yml|md)$"', { maxBuffer: 1024 * 1024 * 100 }).toString().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 26 in 742503d const fixable = execSync(`cat ${fixableErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | sed -e 's/^/- [ ] /' | uniq`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 29 in 742503d const filesToAdd = execSync(`cat ${parsingErrorsLog} ${renderingErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | sed -e 's/^/- [ ] /' | uniq`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 32 in 742503d const allErrors = execSync('cat ~/docs-*').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reset-translated-file.js Line 56 in 742503d execSync(`git checkout main -- ${relativePath}`, { stdio: 'pipe' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 48 in 742503d const githubBranch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: githubRepoDir }).toString().trim()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 53 in 742503d execSync('git pull', { cwd: githubRepoDir })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 62 in 742503d execSync(`${path.join(githubRepoDir, 'bin/openapi')} bundle -o ${tempDocsDir} --include_unpublished`, { stdio: 'inherit' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 69 in 742503d execSync(`find ${tempDocsDir} -type f -name "*deref.json" -exec mv '{}' ${dereferencedPath} ';'`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 62 in 742503d const gitStatusOfFile = execSync(`git status --porcelain ${oldContentPath}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 66 in 742503d execSync(`mv ${oldContentPath} ${newContentPath}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 68 in 742503d execSync(`git mv ${oldContentPath} ${newContentPath}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reset-known-broken-translation-files.js Line 44 in 742503d await exec(`script/reset-translated-file.js --prefer-main ${file}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/prevent-pushes-to-main.js Line 13 in 742503d const currentBranch = execSync('git symbolic-ref --short HEAD', { encoding: 'utf8' }).trim()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/prevent-translation-commits.js Line 20 in 742503d const filenames = execSync('git diff --cached --name-only').toString().trim().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/purge-fastly-by-url.js Line 74 in 742503d const result = execSync(`${purgeCommand} ${localizedUrl}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/purge-fastly-by-url.js Line 78 in 742503d const secondResult = execSync(`${purgeCommand} ${localizedUrl}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 16 in 742503d execSync(`TEST_TRANSLATION=true npx jest content/lint-files > ${parsingErrorsLog}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 19 in 742503d execSync(`script/test-render-translation.js > ${renderErrorsLog}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 22 in 742503d execSync(`cat ${parsingErrorsLog} ${renderErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | uniq | xargs -L1 script/reset-translated-file.js --prefer-main`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/move-category-to-product.js Line 51 in 742503d execSync(`mkdir ${productDir}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/move-category-to-product.js Line 56 in 742503d execSync(`git mv ${oldCategoryDir} ${productDir}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/helpers/find-unused-assets.js Line 89 in 742503d const grepResults = execSync(grepCmd).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/fix-translation-errors.js Line 50 in 742503d const changedFilesRelPaths = execSync(cmd).toString().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/get-new-dotcom-path.js Line 39 in 742503d const newPath = execSync(`find ${newDotcomDir} -name ${filename}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 29 in 742503d execSync('gem which graphql')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 123 in 742503d execSync('npx prettier -w "**/*.{yml,yaml}"')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 205 in 742503d const remoteClean = execSync(`${removeHiddenMembersScript} ${tempSchemaFilePath}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/enterprise-server-deprecations/archive-version.js Line 110 in 742503d execSync('npm run build', { stdio: 'inherit' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 36 in 742503d currentBranch = execSync('git branch --show-current').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 74 in 742503d let branchExists = execSync(`git ls-remote --heads ${earlyAccessFullRepo} ${earlyAccessBranch}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 82 in 742503d branchExists = execSync(`git ls-remote --heads ${earlyAccessFullRepo} ${earlyAccessBranch}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 100 in 742503d cwd: earlyAccessCloningParentDir	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 27 in 742503d exec(`git reset $(git merge-base ${base} HEAD)`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 28 in 742503d exec('git add -A')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 29 in 742503d exec(`git commit -m "${message}"`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/lib/liquid-tags/octicon.js Line 34 in 742503d while ((optionsMatch = OptionsSyntax.exec(match.groups.options))) {	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/.github/actions-scripts/openapi-schema-branch.js Line 31 in 742503d const changedFiles = execSync('git diff --name-only HEAD').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/test-render-translation.js Line 36 in 742503d const changedFilesRelPaths = execSync('git diff --name-only origin/main | egrep "^translations/.*/.+.md$"', { maxBuffer: 1024 * 1024 * 100 })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/content-migrations/remove-unused-assets.js Line 137 in 742503d const grepResults = execSync(grepCmd).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/lib/liquid-tags/link.js Line 61 in 742503d const match = liquidVariableSyntax.exec(this.param)	📚

More info on how to fix Insecure Use of Language/Framework API in Ruby and JavaScript.

---

Insecure Use of Regular Expressions (1)

Severity	Details	Docs
Medium	Title: Tainted input passed to Regular Expression docs/middleware/find-page.js Line 8 in 742503d const englishPath = req.path.replace(new RegExp(`^/${req.language}`), '/en')	📚

More info on how to fix Insecure Use of Regular Expressions in JavaScript.

---

Vulnerable Libraries (23)

Severity	Details
High	pkg:npm/cheerio@1.0.0-rc.3 upgrade to: > 1.0.0-rc.3
Critical	pkg:npm/flat@5.0.0 upgrade to: 5.0.1
High	pkg:npm/copy-webpack-plugin@8.0.0 upgrade to: > 8.0.0
High	pkg:npm/rss-parser@3.12.0 upgrade to: > 3.12.0
Medium	pkg:npm/semver@5.7.1 upgrade to: 7.5.2
High	pkg:npm/throng@5.0.0 upgrade to: > 5.0.0
High	pkg:npm/hast-util-select@4.0.2 upgrade to: > 4.0.2
High	pkg:npm/walk-sync@1.1.4 upgrade to: > 1.1.4
Critical	pkg:npm/babel-preset-env@1.7.0 upgrade to: > 1.7.0
Critical	pkg:npm/browser-date-formatter@3.0.3 upgrade to: > 3.0.3
High	pkg:npm/sass@1.32.8 upgrade to: > 1.32.8
Medium	pkg:npm/webpack@5.90.0 upgrade to: 5.94.0
Critical	pkg:npm/resolve-url-loader@4.0.0 upgrade to: > 4.0.0
High	pkg:npm/compression@1.7.4 upgrade to: > 1.7.4
High	pkg:npm/rimraf@3.0.0 upgrade to: > 3.0.0
High	pkg:npm/express@4.17.1 upgrade to: 4.17.3,6.10.3,6.9.7,6.8.3,6.7.3,6.5.3,6.4.1,6.3.3,6.6.1,6.2.4
High	pkg:npm/remark-parse@7.0.2 upgrade to: > 7.0.2
High	pkg:npm/morgan@1.9.1 upgrade to: > 1.9.1
Medium	pkg:npm/lodash@4.17.20 upgrade to: 4.17.21
High	pkg:npm/node-fetch@2.6.1 upgrade to: 3.1.1,2.6.7
Medium	pkg:npm/liquidjs@9.22.1 upgrade to: 10.0.0
High	pkg:npm/remark-rehype@5.0.0 upgrade to: > 5.0.0
Medium	pkg:npm/@babel/plugin-transform-runtime@7.12.10 upgrade to: > 7.12.10

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.