Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 3 vulnerabilities #108

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 3 vulnerabilities #108

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • wise-hub-frontend/package.json
    • wise-hub-frontend/package-lock.json
    • wise-hub-frontend/.snyk

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JS-AXIOS-174505		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-173700		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 235 commits.
  • a64050a Releasing 0.21.1
  • d57cd97 Updating changelog for 0.21.1 release
  • 8b0f373 Use different socket for Win32 test (#3375)
  • e426910 Protocol not parsed when setting proxy config from env vars (#3070)
  • c7329fe Hotfix: Prevent SSRF (#3410)
  • f472e5d Adding a type guard for `AxiosError` (#2949)
  • 7688255 Remove the skipping of the `socket` http test (#3364)
  • 820fe6e Updating axios in types to be lower case (#2797)
  • 94ca24b Releasing 0.21.0
  • 2130a0c Updating changelog for 0.21.0 release
  • fbdc150 Lock travis to not use node v15 (#3361)
  • 3a8b87d Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
  • 9a78465 Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
  • 6d05b96 Fix typos (#3309)
  • fa36737 fix axios.delete ignores config.data (#3282)
  • b7e954e Fixing node types (#3237)
  • 04d45f2 Fixing requestHeaders.Authorization (#3287)
  • e8c6e19 docs: Fix simple typo, existant -> existent (#3252)
  • 0d87655 Releasing 0.20.0
  • cd27741 Updating changelog for 0.20.0 release
  • ffea034 Releasing 0.20.0-0
  • fe147fb Updating changlog for 0.20.0 beta release
  • 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
  • c4300a8 Adding support for URLSearchParams in node (#1900)

See the full diff

Package name: bootstrap The new version differs by 250 commits.
  • 8fa0d30 Release v4.3.1. (#28252)
  • dae20da Remove unneeded glob. (#28249)
  • 10b97f6 Fix npm package contents
  • 7bc4d2e Add sanitize template option for tooltip/popover plugins.
  • bf2515a Update RFS to v8.0.1 (#28245)
  • 45ced60 Update font size (#28232)
  • 1ded0d6 Release v4.3.0 (#28228)
  • 3aa0770 docs snippets: a few more minor tweaks (#28225)
  • adf16da toasts.md: Remove useless `div`s.
  • 2bfe581 Remove stray parameter from capture.
  • bbf8b76 Cosmetic changes in snippets.
  • 7a9a8db docs: remove `-ms-overflow-style: -ms-autohiding-scrollbar` (#28220)
  • 24253b1 migration.md: use https. (#28221)
  • 545f3fa Prevent text selection in placeholder images (#28218)
  • 94acdee Revert "Silence mkdir. (#28184)" (#28209)
  • 6c7dcc6 placeholder.svg: Partially revert the changes from c0e42cb. (#28216)
  • 1145365 Reword footer text.
  • bd328bf Use the `site.repo` variable.
  • a920429 Change footer link to point to the docs team page
  • c56b10c Offcanvas example: transition the transform (#28203)
  • 52e6ce4 Update devDependencies. (#28175)
  • 93dec4c Fix scrollable modal snippet
  • 51375ab Responsive font size implementation (#23816)
  • d250567 Remove `-ms-autohiding-scrollbar` to prevent overlapping the table content (#28153)

See the full diff

Package name: bootstrap-vue The new version differs by 250 commits.
  • e42ef07 Merge pull request #3862 from bootstrap-vue/dev
  • 5930f04 chore: bump version and update changelog (#4017)
  • 72ceef8 chore: coverage fixes for babel dep upgrades (#4034)
  • efe84a1 Revert "chore(deps): update devdependency @ nuxtjs/pwa to ^3.0.0-beta.17 (#4026)" (#4031)
  • 4b8a8c7 fix(docs): hading before margin (#4029)
  • cbeeef9 feat(b-table, b-table-lite): add new scoped slot `custom-foot` to allow user to create their own table footer (closes #3960) (#4027)
  • 81efb89 fix(b-dropdown-*): ensure class bindings are placed on root element for all dropdown sub-components (closes #4022) (#4024)
  • c7cb16f fix(b-table, b-table-lite): use `:key` for row details based on the primary key value if available (#4025)
  • 2012d07 chore(deps): update devdependency @ nuxtjs/pwa to ^3.0.0-beta.17 (#4026)
  • 6aa16b8 chore(deps): update devdependency eslint-plugin-jest to ^22.17.0 (#4023)
  • 64735a3 chore: tooltip/popover directives execute title/content if function before each show (#4020)
  • 10ff04a chore(deps): update devdependency eslint-plugin-node to v10 (#4019)
  • acb34e7 chore(docs): minor adjustments to the table docs (#4016)
  • 78c604c perf(b-table): cache cell slot names each render cycle (addresses #4008) (#4011)
  • 5855330 docs(router-links): add more details to `active-class` and `exact-active-class` props (closes #4012) (#4013)
  • 113b802 chore(docs): better ARIA compliant `b-nav` + `b-card` examples (#4006)
  • 332b79f fix(modal): fix scroll to top issue when modal has `no-fade` set (#4004)
  • 3aa78fd chore(deps): update devdependency eslint-config-prettier to ^6.2.0 (#4005)
  • dfabe51 docs(b-nav): add example markup for using vue-router/nuxt-child (closes #3999) (#4000)
  • 464d257 feat(dropdown): add `role=presentation` to `<li>` elements for improved a11y (#3996)
  • 484f012 chore(deps): update devdependency cross-env to ^5.2.1 (#3995)
  • e05cc0d chore(pagination): change `role="none presentation"` to `role="presentation"` (closes #2921) (#3993)
  • f6f73c7 feat(b-table, b-table-lite): use `aria-details` rather than `aria-describedby` when details row showing (addresses #3801) (#3992)
  • 444d8b0 chore(docs): remove duplicate IDs from dropdown examples (#3991)

See the full diff

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JS-AXIOS-174505		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: wise-hub-frontend/package.json, wise-hub-frontend/package-lock.j…
4b30311 
…son & wise-hub-frontend/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot