[Snyk] Fix for 1 vulnerabilities #2448

snyk-bot · 2021-04-26T17:48:24Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/@sanity/webpack-integration/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	No Known Exploit

Commit messages

Package name: postcss-import

The new version differs by 39 commits.

7cdbb2b 13.0.0
a189892 Update dependency sugarss to v3 (If you switch dataset in the plugin Vision, it also changes in Desk #433)
64d57af Update dependency postcss-scss to v3 (editModal should work in blocktext #431)
4fb6746 Update dependency postcss-value-parser to v4 ([core] Fix numeric datasets being treated as missing #423)
19632bc Update dependency prettier to v2 (Own generateKey tool / module #419)
c5679db Add support for postcss v8 (A way to un-deploy studio #432)
d288ea3 BREAKING: Require Node 10 or later; update CI config ([schema] Validate that type name is a string #429)
21ad9eb Configure Renovate (Release 0.223.0 #411)
614fb64 Fix linting
3a7f728 Update prettier to version 1.19.1 ([schema] Improve validation error for references #408)
7680182 Update prettier to version 1.18.0 ([components] Cleanup fieldset - support isExpanded by default #398)
25013d6 chore(package): update prettier to version 1.17.0 ([form-builder] Make inputs focusable and manage form builder focus #393)
87f4320 Update eslint-plugin-import to version 2.17.1 ([form-builder] Memoize hot methods #395)
56516e7 Actually fix sourcmap test
93b7af8 Fix sourcemap tests
d68f50a Update ava to version 1.0.1 ([form-builder] Fix array index resolving bug #384)
00e2d03 Update LICENSE ([form-builder] Set project ID for tests, allow local module resolution #383)
eb7ff85 Update prettier to version 1.15.0 ([plugin-loader] Use postcss plugins, improved resolving #382)
397cc44 12.0.1
67f4553 Set plugin property on dependency messages ([webpack-integration] Allow passing options to CSSNext/Lost #380)
f98dd1a Update eslint-plugin-prettier to version 3.0.0 ([cli] Ban node version 8.1.0 and 8.1.1 #377)
85c7e6a Update sugarss to version 2.0.0 ([chore] Fix missing @sanity prefix #375)
a9a7ab2 Loosen prettier dependency to use ~ instead of pinning versions
20dd08f Remove npmpub; doesn't work with npm 2FA --otp

See the full diff

Package name: postcss-url

The new version differs by 27 commits.

128d154 fix: update changelog
a05b880 10.0.0
7174efc Merge pull request [form-builder] Remove createFormBuilderFactory #151 from niksy/travis-node-versions
bb37aec Update "engines" field in package.json
acb62e3 Use Node versions for CI which PostCSS 8 supports
2d959f9 Merge pull request Add temporary part to inject components below the editor #148 from niksy/postcss-8-support
2da8782 Add support for PostCSS 8
396829b Merge pull request [infrastructure] Upgrade lerna #136 from bcomnes/fix-path-resolution
5279151 Correct path resolution when to/from paths match
90d7136 9.0.0
a8b6348 remove cups from versions
99dde55 Merge pull request [plugin-loader] Allow overriding config parts #134 from MrMeison/migrete-to-async-api
3f3dddf Fix comment issues
b1efa54 Fresh tests
85c742e Fix lint issues
9851cbf WIP: Promise for everything
1a7496e 8.0.0
dcfef47 eslint fixes
4830527 8.0.0 changlelog
4810601 added package-lock.json
0e361d5 updated mime package
c6deff4 fix changelog
05be637 Merge pull request [form-builder] Expose the withDocument HOC #126 from realityking/postcss7
1b5c06e Update postcss to version 7

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…erabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640

vercel · 2021-04-26T17:48:27Z

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployments, click below or on the icon next to each commit.

test-studio – ./

🔍 Inspect: https://vercel.com/sanity-io/test-studio/HZK11a5X7crFSpLA19K4f8wJu4cA
✅ Preview: Failed

perf-studio – ./

🔍 Inspect: https://vercel.com/sanity-io/perf-studio/EavLA4K33bf9CeY4vEUCqtZ1G1Ad
✅ Preview: Failed

fix: packages/@sanity/webpack-integration/package.json to reduce vuln…

323e285

…erabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640

vercel bot had a problem deploying to Preview – test-studio April 26, 2021 17:48 Failure

vercel bot had a problem deploying to Preview – perf-studio April 26, 2021 17:48 Failure

bjoerge force-pushed the next branch from 60aa9c4 to 934bdf6 Compare June 23, 2021 14:11

rexxars closed this Jul 7, 2021

rexxars deleted the snyk-fix-150b0ce97e61dbdbfd1e6137900b2b1f branch November 2, 2021 14:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities #2448

[Snyk] Fix for 1 vulnerabilities #2448

snyk-bot commented Apr 26, 2021

vercel bot commented Apr 26, 2021 •

edited

Loading

[Snyk] Fix for 1 vulnerabilities #2448

[Snyk] Fix for 1 vulnerabilities #2448

Conversation

snyk-bot commented Apr 26, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

vercel bot commented Apr 26, 2021 • edited Loading

test-studio – ./

perf-studio – ./

vercel bot commented Apr 26, 2021 •

edited

Loading