New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 18 vulnerabilities #98

Open

Digiminey wants to merge 1 commit into master from snyk-fix-e1dea0d58493f3624223baac3fab2d12

Owner

Digiminey commented Mar 26, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- docs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	591/1000 Why? Recently disclosed, Has a fix available, CVSS 6.1	Open Redirect SNYK-JS-EXPRESS-6474509	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Improper Encoding or Escaping of Output SNYK-JS-KATEX-6483831	Yes	No Known Exploit
	561/1000 Why? Recently disclosed, Has a fix available, CVSS 5.5	Incomplete List of Disallowed Inputs SNYK-JS-KATEX-6483834	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483835	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	521/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	489/1000 Why? Has a fix available, CVSS 5.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Sandbox Bypass SNYK-JS-WEBPACK-3358798	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @docusaurus/core

The new version differs by 250 commits.

1ddee1c v2.0.1
2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (solana-install init doesn't know when there's no work to do solana-labs/solana#7788)
d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (Too easy to burn tokens solana-labs/solana#7787)
e4fc47b Merge branch 'main' into docusaurus-v2
7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (Plumb ability to handle duplicate shreds into shred insertion functions solana-labs/solana#7784)
1065e55 refactor(core): log Docusaurus & Node version before exiting (Block time calculation gets warped with high stakes solana-labs/solana#7781)
965a01e chore: port-2.0.0-rc.1 (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7782)
e78a15e chore: ci tests should run on version branches "docusaurus-vX" (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7783)
c751bc6 chore: regen v2.0.0-rc.1 examples (Add hash stats information to check hashes between validators solana-labs/solana#7780)
d255389 chore: prepare v2.0.0-rc.1 release (Nonce: Rename instructions with VerbNoun scheme (bp #7775) solana-labs/solana#7778)
443914a docs: add Bruce Wiki website to showcase (Book: Update durable nonce proposal entry (bp #7694) solana-labs/solana#7770)
f913af0 docs: release process, versioning, breaking changes, public API surface (Account for stake held by the current node while waiting for the supermajority to join gossip solana-labs/solana#7706)
9788944 refactor(theme): fix duplicate page metadata usage (Include shred version in gossip solana-labs/solana#7777)
c48f338 fix(core): swizzle --eject js should not copy theme .d.ts files (Remove create_account bandaid now that to's signature is required solana-labs/solana#7776)
c3d2e0d fix(sitemap): complete gracefully when all pages have noIndex meta (Fix Turbine making Port based decisions solana-labs/solana#7774)
665c311 chore: bump Infima to 0.2.0-alpha.42, fix a:hover link bug (Rename blocktree to blockstore (bp #7757) solana-labs/solana#7771)
1899a2e docs: add EverShop website to showcase (Coalesce data and coding index solana-labs/solana#7765)
542228e fix(deploy): revert "feat(deploy): copy local git config to tmp repo (Bump tokio from 0.1.22 to 0.2.8 solana-labs/solana#7702)" (Bump tiny-bip39 from 0.6.2 to 0.7.0 solana-labs/solana#7750)
a4b4a7f fix(migrate): import siteConfig with file extension (Adjust TdS leader efficiency calculation solana-labs/solana#7766)
337463a chore(theme-translations): complete ko translations (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7762)
9467da6 chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (Reduce grace ticks, and ignore grace ticks for missing leaders solana-labs/solana#7764)
cba8be0 fix(theme-classic): validate options properly (Handle errors on replaying ledger properly (bp #7741) solana-labs/solana#7755)
636d470 refactor(core): use has instead of get to test for existence in ExecEnv (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7763)
f21dadf docs: add StackQL Provider Registry to showcase (Manage durable nonce stored value in runtime (bp #7684) solana-labs/solana#7760)

See the full diff

Package name: @docusaurus/preset-classic

The new version differs by 250 commits.

1ddee1c v2.0.1
2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (solana-install init doesn't know when there's no work to do solana-labs/solana#7788)
d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (Too easy to burn tokens solana-labs/solana#7787)
e4fc47b Merge branch 'main' into docusaurus-v2
7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (Plumb ability to handle duplicate shreds into shred insertion functions solana-labs/solana#7784)
1065e55 refactor(core): log Docusaurus & Node version before exiting (Block time calculation gets warped with high stakes solana-labs/solana#7781)
965a01e chore: port-2.0.0-rc.1 (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7782)
e78a15e chore: ci tests should run on version branches "docusaurus-vX" (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7783)
c751bc6 chore: regen v2.0.0-rc.1 examples (Add hash stats information to check hashes between validators solana-labs/solana#7780)
d255389 chore: prepare v2.0.0-rc.1 release (Nonce: Rename instructions with VerbNoun scheme (bp #7775) solana-labs/solana#7778)
443914a docs: add Bruce Wiki website to showcase (Book: Update durable nonce proposal entry (bp #7694) solana-labs/solana#7770)
f913af0 docs: release process, versioning, breaking changes, public API surface (Account for stake held by the current node while waiting for the supermajority to join gossip solana-labs/solana#7706)
9788944 refactor(theme): fix duplicate page metadata usage (Include shred version in gossip solana-labs/solana#7777)
c48f338 fix(core): swizzle --eject js should not copy theme .d.ts files (Remove create_account bandaid now that to's signature is required solana-labs/solana#7776)
c3d2e0d fix(sitemap): complete gracefully when all pages have noIndex meta (Fix Turbine making Port based decisions solana-labs/solana#7774)
665c311 chore: bump Infima to 0.2.0-alpha.42, fix a:hover link bug (Rename blocktree to blockstore (bp #7757) solana-labs/solana#7771)
1899a2e docs: add EverShop website to showcase (Coalesce data and coding index solana-labs/solana#7765)
542228e fix(deploy): revert "feat(deploy): copy local git config to tmp repo (Bump tokio from 0.1.22 to 0.2.8 solana-labs/solana#7702)" (Bump tiny-bip39 from 0.6.2 to 0.7.0 solana-labs/solana#7750)
a4b4a7f fix(migrate): import siteConfig with file extension (Adjust TdS leader efficiency calculation solana-labs/solana#7766)
337463a chore(theme-translations): complete ko translations (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7762)
9467da6 chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (Reduce grace ticks, and ignore grace ticks for missing leaders solana-labs/solana#7764)
cba8be0 fix(theme-classic): validate options properly (Handle errors on replaying ledger properly (bp #7741) solana-labs/solana#7755)
636d470 refactor(core): use has instead of get to test for existence in ExecEnv (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7763)
f21dadf docs: add StackQL Provider Registry to showcase (Manage durable nonce stored value in runtime (bp #7684) solana-labs/solana#7760)

See the full diff

Package name: @docusaurus/theme-search-algolia

The new version differs by 250 commits.

ca8b463 v3.0.0
2121b71 fix bad path
0b3be15 version 3.0.0 docs
9658a5b 3.0.0 changelog
1089741 docs: archive v2 docs versions + create 2.x docs (Reorder CI jobs to allow for more concurrent PRs (bp #9470) solana-labs/solana#9472)
495c793 chore: v3.0.0-rc.1 release (Validator Unable to get Transaction/Account History solana-labs/solana#9453)
4a0bd92 docs: v3 upgrade guide should mention MDX v1 compat options (ledger-tool: accounts subcommand now prints account balances in SOL solana-labs/solana#9452)
7e456ec feat(mdx-loader): upgrade to MDX v3 + (Allow lower shred count (bp #9410) solana-labs/solana#9451)
8d19054 fix(theme): fix useWindowSize React hydration issue (Bump generic-array from 0.13.2 to 0.14.1 solana-labs/solana#9446)
d07567e chore: revert Lighthouse numberOfRuns due to bad/verbose reporting (Calculate account refs fix (1.0 bp) solana-labs/solana#9448)
dd03a25 chore: Make Lighthouse CI run on local build (Calculate account refs fix solana-labs/solana#9447)
c6762a2 feat(mdx-loader): Remark plugin to report unused MDX / Markdown directives (Fix partition setup (bp #9386) solana-labs/solana#9394)
56cc8e8 chore(ci): fix missing screenshots on Argos (Bump generic-array from 0.13.2 to 0.14.0 solana-labs/solana#9445)
f80e1bd refactor(blog-plugin): blog archive reverse ordering of posts (Bump parking_lot from 0.10.0 to 0.10.2 solana-labs/solana#9438)
911dfb4 chore(deps): bump actions/setup-node from 3 to 4 (Safer cargo command (bp #9437) solana-labs/solana#9440)
e525794 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (Don't subject authorizing a new stake authority to lockup (bp #9434) solana-labs/solana#9441)
aa958f0 fix(plugin-blog): blog archive should hide unlisted blog posts (Safer cargo command solana-labs/solana#9437)
2bb4fd0 chore(ci): use new Argos playwright integration (Search for ports sequentially instead of at random for more predictable port selection (bp #9411) solana-labs/solana#9419)
f674e02 docs: update Kinsta deployment documentation (ReceiveUpdates spams the log, adjust the threshold higher (bp #9429) solana-labs/solana#9430)
7ee2f75 chore: v3.0.0-rc.0 release (Rpc: Add getConfirmedSignaturesForAddress (bp #9407) solana-labs/solana#9418)
4e150d2 docs: add Docusaurus v3.0 upgrade guide (Rpc: Add getConfirmedSignaturesForAddress (bp #9407) solana-labs/solana#9417)
45f1a66 feat(core): support TypeScript + ESM configuration (Add JSON RPC primitives for fetching the list of transactions that affect a given address solana-labs/solana#9317)
336a44f chore: remove docusaurus-migrate (CLI with --no-wait doesn't retry solana-labs/solana#9400)
ae31916 docs: fix typos in website/docs/i18n/i18n-git.mdx (Remove Trust Wallet Beta install instructions solana-labs/solana#9396)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn


          fix: docs/package.json to reduce vulnerabilities

b1ccf06

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
- https://snyk.io/vuln/SNYK-JS-KATEX-6483831
- https://snyk.io/vuln/SNYK-JS-KATEX-6483834
- https://snyk.io/vuln/SNYK-JS-KATEX-6483835
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
- https://snyk.io/vuln/SNYK-JS-SIDEWAYFORMULA-3317169
- https://snyk.io/vuln/SNYK-JS-TERSER-2806366
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038
- https://snyk.io/vuln/SNYK-JS-WEBPACK-3358798

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet