Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #477

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #477

wants to merge 1 commit into from

Conversation

titanism
Copy link
Contributor

@titanism titanism commented Dec 7, 2024

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • template/package.json
  • template/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Improper Neutralization of Special Elements in Data Query Logic
SNYK-JS-MONGOOSE-8446504		   721  
medium severity Cross-site Scripting (XSS)
SNYK-JS-AXIOS-6671926		   551  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Improper Neutralization of Special Elements in Data Query Logic

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@mrmlnc/readdir-enhanced@2.2.1 filesystem 0 53.9 kB mrmlnc
npm/@types/glob@7.1.3 None 0 6.13 kB types
npm/@types/json-schema@7.0.7 None 0 30.7 kB types
npm/@types/json5@0.0.29 None 0 3 kB types
npm/@types/minimatch@3.0.3 None 0 8.07 kB types
npm/@types/node@14.14.26 None 0 745 kB types
npm/@typescript-eslint/experimental-utils@4.15.0 None 0 426 kB jameshenry
npm/@typescript-eslint/scope-manager@4.15.0 None 0 988 kB jameshenry
npm/@typescript-eslint/types@4.15.0 None 0 123 kB jameshenry
npm/@typescript-eslint/typescript-estree@4.15.0 environment, filesystem 0 474 kB jameshenry
npm/@typescript-eslint/visitor-keys@4.15.0 None 0 24.2 kB jameshenry
npm/array-find@1.0.0 None 0 4.93 kB dubban
npm/array-includes@3.1.2 None 0 1.23 MB ljharb
npm/array.prototype.flat@1.2.4 None 0 14.7 kB ljharb
npm/asn1.js@5.4.1 None 0 49.8 kB indutny
npm/assert@1.5.0 Transitive: environment +2 84.3 kB goto-bus-stop
npm/babel-eslint@10.1.0 None +1 54.1 kB kaicataldo
npm/bn.js@5.1.3 None 0 99.8 kB fanatid
npm/browserify-aes@1.2.0 None +2 42.9 kB cwmma
npm/browserify-cipher@1.0.1 None 0 6.45 kB cwmma
npm/browserify-des@1.0.2 None 0 6.27 kB cwmma
npm/browserify-rsa@4.1.0 None 0 3.68 kB cwmma
npm/browserify-sign@4.2.1 None +2 25.5 kB cwmma
npm/browserify-zlib@0.2.0 None 0 192 kB dignifiedquire
npm/buf-compare@1.0.1 None 0 3.1 kB sindresorhus
npm/buffer-xor@1.0.3 None 0 4.83 kB dcousens
npm/builtin-status-codes@3.0.0 network 0 4.5 kB bendrucker
npm/call-me-maybe@1.0.1 None 0 7.83 kB limulus
npm/clean-regexp@1.0.0 None 0 8.54 kB samverschueren
npm/confusing-browser-globals@1.0.10 None 0 3.87 kB iansu
npm/console-browserify@1.2.0 None 0 10.3 kB goto-bus-stop
npm/constants-browserify@1.0.0 None 0 7.46 kB juliangruber
npm/contains-path@0.1.0 None 0 5.1 kB jonschlinkert
npm/core-assert@0.2.1 None 0 15 kB sindresorhus
npm/create-ecdh@4.0.4 None +1 105 kB cwmma
npm/crypto-browserify@3.12.0 None 0 53.5 kB cwmma
npm/deep-strict-equal@0.2.0 None 0 2.96 kB sindresorhus
npm/des.js@1.0.1 None +1 40.2 kB indutny
npm/diffie-hellman@5.0.3 None 0 17.3 kB cwmma
npm/domain-browser@1.2.0 None 0 16.8 kB bevryme
npm/elliptic@6.5.4 None 0 118 kB indutny
npm/enhance-visitors@1.0.0 None 0 8.25 kB jfmengels
npm/enhanced-resolve@0.9.1 None 0 41 kB sokra
npm/env-editor@0.4.2 environment 0 8.47 kB sindresorhus
npm/eslint-ast-utils@1.1.0 None 0 24.4 kB jfmengels
npm/eslint-config-xo-typescript@0.37.0 None 0 21.9 kB sindresorhus
npm/eslint-formatter-pretty@4.0.0 environment +3 114 kB sindresorhus
npm/eslint-import-resolver-node@0.3.4 None 0 6.8 kB ljharb
npm/eslint-import-resolver-webpack@0.13.0 filesystem 0 25.5 kB ljharb
npm/eslint-module-utils@2.6.0 None 0 25 kB ljharb
npm/eslint-plugin-ava@11.0.0 None 0 68.4 kB novemberborn
npm/eslint-plugin-es@3.0.1 None 0 158 kB mysticatea
npm/eslint-plugin-eslint-comments@3.2.0 None 0 41.8 kB mysticatea
npm/eslint-plugin-import@2.22.1 environment, filesystem, unsafe +1 994 kB ljharb
npm/eslint-plugin-no-use-extend-native@0.5.0 None 0 11.9 kB dustinspecker
npm/eslint-plugin-node@11.1.0 filesystem 0 269 kB mysticatea
npm/eslint-plugin-prettier@3.3.1 None 0 51.4 kB bpscott
npm/eslint-plugin-promise@4.3.1 None 0 40.2 kB xjamundx
npm/eslint-plugin-unicorn@25.0.1 None +3 356 kB sindresorhus
npm/eslint-rule-docs@1.1.220 None 0 128 kB stefanbuck
npm/eslint-template-visitor@2.2.2 None 0 41.3 kB futpib
npm/espurify@2.0.1 None 0 20.1 kB twada
npm/events@3.2.0 None 0 77.6 kB goto-bus-stop
npm/find-root@1.1.0 filesystem 0 5.27 kB jsdnxx
npm/get-set-props@0.1.0 None 0 3.5 kB dustinspecker
npm/glob-to-regexp@0.3.0 None 0 17.6 kB nickfitzgerald
npm/hash-base@3.1.0 None 0 6.08 kB fanatid
npm/hash.js@1.1.7 None 0 41.7 kB indutny
npm/hmac-drbg@1.0.1 None 0 25 kB indutny
npm/https-browserify@1.0.0 network 0 2.79 kB feross
npm/import-modules@2.1.0 filesystem 0 4.53 kB sindresorhus
npm/interpret@1.4.0 None 0 14.9 kB phated
npm/is-absolute@1.0.0 None 0 8.55 kB jonschlinkert
npm/is-docker@2.1.1 filesystem 0 3.15 kB sindresorhus
npm/is-get-set-prop@1.0.0 None 0 5.2 kB dustinspecker
npm/is-js-type@2.0.0 None 0 2.79 kB dustinspecker
npm/is-negated-glob@1.0.0 None 0 6.01 kB jonschlinkert
npm/is-obj-prop@1.0.0 None 0 3.2 kB dustinspecker
npm/is-proto-prop@2.0.0 None 0 9.04 kB dustinspecker
npm/is-relative@1.0.0 None 0 6.59 kB jonschlinkert
npm/is-string@1.0.5 None 0 15.7 kB ljharb
npm/is-unc-path@1.0.0 None 0 6.51 kB jonschlinkert
npm/is-wsl@2.2.0 environment, filesystem 0 3.76 kB sindresorhus
npm/js-types@1.0.0 None 0 2.66 kB sindresorhus
npm/line-column-path@2.0.0 None +1 29.9 kB sindresorhus
npm/lodash.get@4.4.2 None 0 26.5 kB jdalton
npm/lodash.zip@4.2.0 None 0 12.9 kB jdalton
npm/md5.js@1.3.5 None 0 7.67 kB cwmma
npm/memory-fs@0.2.0 None 0 24.8 kB sokra
npm/micro-spelling-correcter@1.1.1 None 0 13.7 kB stroncium
npm/miller-rabin@4.0.1 None 0 6.84 kB indutny
npm/minimalistic-crypto-utils@1.0.1 None 0 4.76 kB indutny
npm/multimap@1.1.0 None 0 16.4 kB korynunn
npm/node-libs-browser@2.2.1 network, unsafe +2 297 kB sokra
npm/obj-props@1.3.0 None 0 8.03 kB dustinspecker
npm/object.values@1.1.2 None 0 20.1 kB ljharb
npm/open-editor@3.0.0 None 0 7.25 kB sindresorhus
npm/open@7.4.0 environment, filesystem, shell 0 40.8 kB sindresorhus
npm/os-browserify@0.3.0 None 0 2.74 kB coderpuppy
npm/p-reduce@2.1.0 None 0 6.14 kB sindresorhus
npm/pako@1.0.11 None 0 788 kB vitaly
npm/path-browserify@0.0.1 None 0 27 kB goto-bus-stop
npm/path-dirname@1.0.2 None 0 6.26 kB es128
npm/pbkdf2@3.1.1 None 0 13.4 kB cwmma

🚮 Removed packages: npm/pinkie-promise@2.0.1, npm/pkg-conf@3.1.0, npm/pkg-dir@4.2.0, npm/pkg-up@2.0.0, npm/please-upgrade-node@3.2.0, npm/plur@4.0.0, npm/pluralize@8.0.0, npm/posix-character-classes@0.1.1, npm/prelude-ls@1.2.1, npm/prepend-http@1.0.4, npm/pretty-ms@7.0.1, npm/process-nextick-args@2.0.1, npm/process-on-spawn@1.0.0, npm/progress@2.0.3, npm/promise@7.3.1, npm/proto-list@1.2.4, npm/pseudomap@1.0.2, npm/pump@3.0.0, npm/punycode@2.1.1, npm/pupa@2.1.1, npm/q@1.5.1, npm/queue-microtask@1.2.2, npm/quick-lru@4.0.1, npm/read-pkg-up@2.0.0, npm/read-pkg@2.0.0, npm/readdirp@3.5.0, npm/redent@2.0.0, npm/regenerator-runtime@0.13.7, npm/regex-not@1.0.2, npm/regexp.prototype.flags@1.3.1, npm/regexpp@3.1.0, npm/registry-auth-token@3.4.0, npm/registry-url@3.1.0, npm/release-zalgo@1.0.0, npm/remark-cli@9.0.0, npm/remark-comment-config@6.0.0, npm/remark-contributors@5.0.1, npm/remark-gfm@1.0.0, npm/remark-heading-gap@4.0.0, npm/remark-license@4.0.1, npm/remark-lint-blockquote-indentation@2.0.1, npm/remark-lint-checkbox-character-style@3.0.0, npm/remark-lint-checkbox-content-indent@3.0.0, npm/remark-lint-code-block-style@2.0.1, npm/remark-lint-definition-case@2.0.1, npm/remark-lint-definition-spacing@2.0.1, npm/remark-lint-emphasis-marker@2.0.1, npm/remark-lint-fenced-code-flag@2.0.1, npm/remark-lint-fenced-code-marker@2.0.1, npm/remark-lint-file-extension@1.0.5, npm/remark-lint-final-definition@2.1.0, npm/remark-lint-final-newline@1.0.5, npm/remark-lint-first-heading-level@2.0.1, npm/remark-lint-hard-break-spaces@2.0.1, npm/remark-lint-heading-style@2.0.1, npm/remark-lint-list-item-bullet-indent@3.0.0, npm/remark-lint-list-item-indent@2.0.1, npm/remark-lint-no-auto-link-without-protocol@2.0.1, npm/remark-lint-no-blockquote-without-marker@4.0.0, npm/remark-lint-no-consecutive-blank-lines@3.0.0, npm/remark-lint-no-duplicate-definitions@2.0.1, npm/remark-lint-no-emphasis-as-heading@2.0.1, npm/remark-lint-no-file-name-articles@1.0.5, npm/remark-lint-no-file-name-consecutive-dashes@1.0.5, npm/remark-lint-no-file-name-irregular-characters@1.0.5, npm/remark-lint-no-file-name-mixed-case@1.0.5, npm/remark-lint-no-file-name-outer-dashes@1.0.6, npm/remark-lint-no-heading-content-indent@3.0.0, npm/remark-lint-no-heading-indent@3.0.0, npm/remark-lint-no-heading-punctuation@2.0.1, npm/remark-lint-no-inline-padding@3.0.0, npm/remark-lint-no-literal-urls@2.0.1, npm/remark-lint-no-missing-blank-lines@2.0.1, npm/remark-lint-no-multiple-toplevel-headings@2.0.1, npm/remark-lint-no-shell-dollars@2.0.2, npm/remark-lint-no-shortcut-reference-image@2.0.1, npm/remark-lint-no-shortcut-reference-link@2.0.1, npm/remark-lint-no-table-indentation@3.0.0, npm/remark-lint-no-tabs@2.0.1, npm/remark-lint-no-undefined-references@3.0.0, npm/remark-lint-no-unused-definitions@2.0.1, npm/remark-lint-ordered-list-marker-style@2.0.1, npm/remark-lint-ordered-list-marker-value@2.0.1, npm/remark-lint-rule-style@2.0.1, npm/remark-lint-strong-marker@2.0.1, npm/remark-lint-table-cell-padding@3.0.0, npm/remark-lint-table-pipe-alignment@2.0.1, npm/remark-lint-table-pipes@3.0.0, npm/remark-lint-unordered-list-marker-style@2.0.1, npm/remark-lint@8.0.0, npm/remark-message-control@6.0.0, npm/remark-parse@9.0.0, npm/remark-preset-github@4.0.1, npm/remark-preset-lint-recommended@5.0.0, npm/remark-retext@4.0.0, npm/remark-stringify@9.0.1, npm/remark-toc@7.1.0, npm/remark@13.0.0, npm/repeat-element@1.1.3, npm/repeat-string@1.6.1, npm/require-directory@2.1.1, npm/require-from-string@2.0.2, npm/require-main-filename@2.0.0, npm/requireindex@1.2.0, npm/resolve-cwd@3.0.0, npm/resolve-global@1.0.0, npm/resolve-url@0.2.1, npm/resolve@1.20.0, npm/responselike@1.0.2, npm/restore-cursor@2.0.0, npm/ret@0.1.15, npm/retext-contractions@3.0.0, npm/retext-diacritics@2.0.0, npm/retext-english@3.0.4, npm/retext-indefinite-article@1.1.7, npm/retext-preset-github@0.0.6, npm/retext-quotes@3.0.0, npm/retext-redundant-acronyms@2.0.0, npm/retext-repeated-words@2.0.0, npm/retext-sentence-spacing@3.0.0, npm/reusify@1.0.4, npm/rimraf@2.7.1, npm/run-async@2.4.1, npm/run-parallel@1.2.0, npm/rx-lite-aggregates@4.0.8, npm/rx-lite@4.0.8, npm/rxjs@6.6.3, npm/safe-buffer@5.2.1, npm/safe-regex@1.1.0, npm/safer-buffer@2.1.2, npm/sao@0.22.17, npm/seek-bzip@1.0.6, npm/semver-compare@1.0.0, npm/semver-diff@2.1.0, npm/semver@5.7.1, npm/serialize-error@7.0.1, npm/set-blocking@2.0.0, npm/set-value@2.0.1, npm/shebang-command@1.2.0, npm/shebang-regex@1.0.0, npm/slash@3.0.0, npm/slice-ansi@3.0.0, npm/sliced@1.0.1, npm/snapdragon-node@2.1.1, npm/snapdragon-util@3.0.1, npm/snapdragon@0.8.2, npm/source-map-resolve@0.5.3, npm/source-map-support@0.5.19, npm/source-map-url@0.4.1, npm/source-map@0.6.1, npm/spawn-wrap@2.0.0, npm/spdx-correct@3.1.1, npm/spdx-exceptions@2.3.0, npm/spdx-expression-parse@3.0.1, npm/spdx-license-ids@3.0.7, npm/spdx-license-list@3.0.1, npm/speakingurl@14.0.1, npm/split-string@3.1.0, npm/split2@3.2.2, npm/sprintf-js@1.0.3, npm/stack-utils@2.0.3, npm/static-extend@0.1.2, npm/stream-events@1.0.5, npm/string-argv@0.3.1, npm/string.prototype.matchall@4.0.3, npm/string.prototype.trimend@1.0.3, npm/string.prototype.trimstart@1.0.3, npm/string_decoder@1.1.1, npm/stringify-object@3.3.0, npm/strip-ansi@4.0.0, npm/strip-bom@3.0.0, npm/strip-dirs@2.1.0, npm/strip-eof@1.0.0, npm/strip-final-newline@2.0.0, npm/strip-indent@2.0.0, npm/strip-json-comments@2.0.1, npm/strip-outer@1.0.1, npm/stubs@3.0.0, npm/suffix@0.1.1, npm/superb@4.0.0, npm/supertap@2.0.0, npm/supports-color@5.5.0, npm/table@6.0.7, npm/tar-stream@1.6.2, npm/teeny-request@6.0.1, npm/temp-dir@2.0.0, npm/term-size@1.2.0, npm/test-exclude@6.0.0, npm/text-extensions@1.9.0, npm/text-table@0.2.0, npm/through2@4.0.2, npm/through@2.3.8, npm/tildify@1.2.0, npm/time-zone@1.0.0, npm/timed-out@4.0.1, npm/tmp@0.0.33, npm/to-buffer@1.1.1, npm/to-fast-properties@2.0.0, npm/to-object-path@0.3.0, npm/to-readable-stream@1.0.0, npm/to-regex-range@2.1.1, npm/to-vfile@6.1.0, npm/trim-newlines@3.0.0, npm/trim-off-newlines@1.0.1, npm/trim-repeated@1.0.0, npm/trough@1.0.5, npm/tslib@1.14.1, npm/tunnel-agent@0.6.0, npm/type-fest@0.20.2, npm/typedarray-to-buffer@3.1.5, npm/typedarray@0.0.6, npm/uglify-js@3.12.7, npm/unbzip2-stream@1.4.3, npm/unherit@1.1.3, npm/unified-args@8.1.0, npm/unified-engine@8.0.0, npm/unified-lint-rule@1.0.6, npm/unified-message-control@3.0.3, npm/unified@9.2.0, npm/union-value@1.0.1, npm/unique-random-array@2.0.0, npm/unique-random@2.1.0, npm/unique-string@1.0.0, npm/unist-builder@2.0.3, npm/unist-util-find-after@2.0.4, npm/unist-util-generated@1.1.6, npm/unist-util-inspect@5.0.1, npm/unist-util-is@4.0.4, npm/unist-util-modify-children@2.0.0, npm/unist-util-position@3.1.0, npm/unist-util-stringify-position@2.0.3, npm/unist-util-visit-children@1.1.4, npm/unist-util-visit-parents@3.1.1, npm/unist-util-visit@2.0.3, npm/universalify@0.1.2, npm/unset-value@1.0.0, npm/unzip-response@2.0.1, npm/update-notifier@2.5.0, npm/uppercamelcase@3.0.0, npm/uri-js@4.4.1, npm/urix@0.1.0, npm/url-parse-lax@1.0.0, npm/url-to-options@1.0.1, npm/urlgrey@0.4.4, npm/use@3.1.1, npm/user-home@2.0.0, npm/util-deprecate@1.0.2, npm/uuid@3.4.0, npm/v8-compile-cache@2.2.0, npm/validate-npm-package-license@3.0.4, npm/vfile-find-up@5.0.1, npm/vfile-location@3.2.0, npm/vfile-message@2.0.4, npm/vfile-reporter@6.0.2, npm/vfile-sort@2.2.2, npm/vfile-statistics@1.1.4, npm/vfile@4.2.1, npm/wcwidth@1.0.1, npm/well-known-symbols@2.0.0, npm/which-module@2.0.0, npm/which@1.3.1, npm/widest-line@2.0.1, npm/word-wrap@1.2.3, npm/wordwrap@1.0.0, npm/wrap-ansi@7.0.0, npm/wrapped@1.0.1, npm/wrappy@1.0.2, npm/write-file-atomic@2.4.3, npm/xdg-basedir@3.0.0, npm/xo@0.37.1, npm/xtend@4.0.2, npm/y18n@4.0.1, npm/yallist@2.1.2, npm/yaml@1.10.0, npm/yargs-parser@18.1.3, npm/yargs@15.4.1, npm/yarn-install@1.0.0, npm/yauzl@2.10.0, npm/yocto-queue@0.1.0, npm/zwitch@1.0.5

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@titanism @snyk-bot