Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 13 vulnerabilities #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 13 vulnerabilities #15

wants to merge 1 commit into from
+58,576 −55,331

Conversation

laxmanraparthi
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • superset-frontend/package.json
    • superset-frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ASYNCVALIDATOR-2311201		 No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSSWHAT-1298035		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-D3COLOR-1076592		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-DEEPOBJECTDIFF-3104594		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		 Yes Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIM-1017038		 No Proof of Concept
high severity 736/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.3		 Sandbox Bypass
SNYK-JS-WEBPACK-3358798		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @storybook/addon-docs The new version differs by 250 commits.

See the full diff

Package name: @storybook/addon-essentials The new version differs by 250 commits.

See the full diff

Package name: @storybook/react The new version differs by 250 commits.

See the full diff

Package name: @svgr/webpack The new version differs by 74 commits.

See the full diff

Package name: antd The new version differs by 250 commits.
  • 870b72a docs: 4.17.0 changelog (#32859)
  • 3a5b6b8 chore(deps-dev): bump stylelint-config-standard from 23.0.0 to 24.0.0 (#32866)
  • 7e2dc80 chore(.gitignore):add ignore for pnpm (#32860)
  • 491cc4f fix: borderLeftRadius error for Input.Search #32808 (#32812)
  • 958df3d docs: add demo for Input.Group (#32837)
  • ce006bd docs: Version Robin (#32830)
  • 3f495bb chore: Upgrade react router v6 (#32821)
  • 43569b9 docs: update customize-theme-variable.zh-CN.md
  • 7ed7c60 style: fix Tree icon align bug (#32822)
  • 01887b4 fix: if breadcrumbRender return false, breadcrumb will hidden (#32738)
  • 5f642cb fix: tag animation demo (#32804)
  • 852a451 chore(Tag): update tween-one (#32800)
  • 90aff3a docs: fix Spin API ts description (#32786)
  • 8a3b5d9 fix: Form horizontal broken style when select item is too long (#32778)
  • a73f4a3 docs: Fix the link in Table's API doc (#32779)
  • ecc54dd fix: codepen demo error using hooks (#32766)
  • cf15379 docs: add 4.17.0-alpha.10 changelog (#32775)
  • f7380b7 chore(deps-dev): bump eslint-plugin-unicorn from 37.0.1 to 38.0.0 (#32765)
  • b1ea2e4 fix: opening animation of the bottom drawer (#32761)
  • 10a8578 fix: Spin tip can be react node (#32733)
  • fa65cd3 chore(deps-dev): bump @ types/gtag.js from 0.0.7 to 0.0.8 (#32746)
  • f88bd4d refactor: Move part mixins less to theme instead (#32763)
  • 5360722 chore: update form demo
  • ea52572 chore(💄): fix issue template

See the full diff

Package name: babel-jest The new version differs by 250 commits.

See the full diff

Package name: cross-env The new version differs by 7 commits.

See the full diff

Package name: d3-color The new version differs by 21 commits.

See the full diff

Package name: d3-scale The new version differs by 91 commits.

See the full diff

Package name: eslint-plugin-import The new version differs by 33 commits.
  • b0131d2 Bump to v2.25.0
  • 7463de2 utils: v2.7.0
  • 900ac9a [resolvers/webpack] [deps] update `is-core-module`
  • c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
  • 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
  • 62e2d88 [New] Support `eslint` v8
  • 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
  • dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
  • 4f0f560 [Docs] `no-namespace`: fix a typo
  • 430d16c [Tests] eslint-import-resolver-typescript@1.0.2 doesn't resolve .js
  • 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
  • 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
  • 471790f [Tests] fix skip usage
  • fd85369 [Tests] skip failing test on eslint < 6 + node < 8
  • 64423e9 [Tests] add passing test for export-star
  • 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
  • 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
  • 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
  • 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
  • 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
  • 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
  • 7c382f0 [New] `no-unused-modules`: support dynamic imports
  • 7579748 [utils] [new] add `visit`, to support dynamic imports
  • 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option

See the full diff

Package name: html-webpack-plugin The new version differs by 13 commits.
  • 873d75b chore(release): 5.5.0
  • ddeb774 chore: update examples
  • 1e42625 feat: Support type=module via scriptLoading option
  • 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
  • 79be779 [chore] changes actions to run on pull_requests
  • b7e5859 [chore] fixes CI to avoid race conditions
  • 48131d3 chore(release): 5.4.0
  • 16a841a [chore] rebuild examples
  • 3bb7c17 Update index.js
  • e38ac97 Update index.js
  • f08bd02 [chore] updates fixtures
  • d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
  • 2f5de7a Remove archived plugin

See the full diff

Package name: jest The new version differs by 250 commits.

See the full diff

Package name: lerna The new version differs by 154 commits.

See the full diff

Package name: react-jsonschema-form The new version differs by 59 commits.

See the full diff

Package name: webpack The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For m...

@snyk-bot
fix: superset-frontend/package.json & superset-frontend/package-lock.…
0477aed 
…json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ASYNCVALIDATOR-2311201
- https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035
- https://snyk.io/vuln/SNYK-JS-D3COLOR-1076592
- https://snyk.io/vuln/SNYK-JS-DEEPOBJECTDIFF-3104594
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038
- https://snyk.io/vuln/SNYK-JS-WEBPACK-3358798
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@laxmanraparthi @snyk-bot