Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade eslint-config-next from 13.1.6 to 15.0.0 #32

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

svcsnyksanity
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • frontend/package.json
    • frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint-config-next The new version differs by 250 commits.
  • 51bfe3c v15.0.0
  • 4821456 v15.0.0-canary.205
  • c85914c Revert "[dynamicIO] warn for disallowed dynamic in dev" (#71566)
  • 0aba53d v15.0.0-canary.204
  • 7b9630f chore(docs): add docs for input image formats with next/image (#71565)
  • f260aad chore(next-codemod): use "confirm" for consistent prompt (#71551)
  • 9e0d46a v15.0.0-canary.203
  • 4a1947e Ensure workers are cleaned up always (#71564)
  • e406def chore(docs): remove recommendation about using `priority` over `loading=eager` with `next/image` (#71562)
  • c0722a5 improve typescript autocomplete for cacheLife (#71400)
  • f2ed75a DX improvements for `"use cache"` functions (#71518)
  • dfc5331 [Turbopack] add more tracing to dirty flagging (#71482)
  • 24da437 feat: dedupe consecutive captured console errors (#71483)
  • e4d6cc8 Ensure receiveExpiredTags is called per-request (#71543)
  • 05c7df9 Format generated cacheLife() types as overloads with each value (#71544)
  • b18c027 [dynamicIO] warn for disallowed dynamic in dev (#71526)
  • de26339 v15.0.0-canary.202
  • 6c67173 Fix cache handlers in serialized config (#71541)
  • 0be1fd4 test: fix dynamic io error deployment test (#71533)
  • 5ff5c16 docs: fix typo in Link component example (#71540)
  • 7dc8574 v15.0.0-canary.201
  • 60c984b Ensure only one tags manifest is leveraged across handlers (#71522)
  • 4b364ca next-upgrade: Stop prompting for React 19 upgrade on pure App Router apps (#71486)
  • a4840e3 codemod: fix props types modify for type alias (#71537)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

…nerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/eslint-config-next@15.0.0 unsafe Transitive: environment, eval, filesystem +151 28.2 MB timer, timneutkens, vercel-release-bot

🚮 Removed packages: npm/eslint-config-next@13.1.6

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants