Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[Snyk] Security upgrade next from 9.0.5 to 11.1.0 #35

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • client/package.json
    • client/package-lock.json
    • client/.snyk

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
No Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
Cross-site Scripting (XSS)
SNYK-JS-DEVALUE-536388
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MINIMIST-559764
No Proof of Concept
medium severity 449/1000
Why? Has a fix available, CVSS 4.7
Open Redirect
SNYK-JS-NEXT-1540422
Yes No Known Exploit
medium severity 434/1000
Why? Has a fix available, CVSS 4.4
Path Traversal
SNYK-JS-NEXT-561584
No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840
No No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: next The new version differs by 250 commits.
  • ce4adfc v11.1.0
  • 092a476 v11.0.2-canary.31
  • ebb6a30 Revert "Add warning during `next build` when sharp is missing (#27933)"
  • 52486ce v11.0.2-canary.30
  • 8ac3254 Revert "Next swc publish flow (#27932)"
  • 6014b6e v11.0.2-canary.29
  • 4cd45aa Add rootDir setting to eslint-plugin-next (#27918)
  • e61ea6f Add manifest check step and add missing items (#27934)
  • 94fc6f0 Next swc publish flow (#27932)
  • 51a2a02 Add warning during `next build` when sharp is missing (#27933)
  • 459b391 Add experimental `concurrentFeatures` config (#27768)
  • 3c837ed test(next): add tests for Node-like hashbang support (#27906)
  • 12eb812 Add data-nimg attribute to image component (#27899)
  • b4be678 Remove duplicate type for StaticImageData (#27931)
  • 83b3ceb Update release stats job name (#27923)
  • 681d298 update to webpack 5.50.0 (#27929)
  • b881d65 Adding a missing a period (#27928)
  • 43393d5 Fix `next/script` unhandled promise rejection (#27903)
  • eb871d3 Replace `placeholder` with `blurDataURL` in global `StaticImageData` type (#27916)
  • 0cc4a98 Little typo (#27911)
  • 8cbaa40 v11.0.2-canary.28
  • 97174ac Add with-cypress example (#27900)
  • 6a32d85 Update with-jest example (#27894)
  • 9d3e895 Upgrade styled-jsx to v4 (#27890)

See the full diff

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-LODASH-567746
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant