[Snyk] Fix for 112 vulnerabilities #22

leonardoadame · 2023-07-06T19:55:59Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- tools/node_modules/eslint/node_modules/parse-entities/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
804/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1041745	Yes	Mature
794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Improper Validation SNYK-JS-ELECTRON-1047306	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1048693	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Improper Access Control SNYK-JS-ELECTRON-1049321	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Improper Input Validation SNYK-JS-ELECTRON-1049323	Yes	No Known Exploit
665/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1049547	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Use After Free SNYK-JS-ELECTRON-1050424	Yes	No Known Exploit
550/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1050427	Yes	No Known Exploit
751/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1050882	Yes	Mature
704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1050999	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-ELECTRON-1051000	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-ELECTRON-1064555	Yes	Proof of Concept
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1064558	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1064561	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-1065981	Yes	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1070013	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1070014	Yes	No Known Exploit
464/1000 Why? Has a fix available, CVSS 5	Use After Free SNYK-JS-ELECTRON-1070015	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Heap Buffer Overflow SNYK-JS-ELECTRON-1085647	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085705	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085994	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Out-of-Bounds SNYK-JS-ELECTRON-1085996	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-1085998	Yes	No Known Exploit
655/1000 Why? Has a fix available, CVSS 8.6	Out-of-Bounds SNYK-JS-ELECTRON-1086693	Yes	No Known Exploit
550/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-ELECTRON-1086694	Yes	No Known Exploit
655/1000 Why? Has a fix available, CVSS 8.6	Improper Input Validation SNYK-JS-ELECTRON-1086695	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1087442	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Out-of-bounds Write SNYK-JS-ELECTRON-1088600	Yes	Mature
619/1000 Why? Has a fix available, CVSS 8.1	Insecure Defaults SNYK-JS-ELECTRON-1088602	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252279	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252280	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1253279	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1253281	Yes	No Known Exploit
876/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Out-of-bounds SNYK-JS-ELECTRON-1257943	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1258207	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1259349	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow or Wraparound SNYK-JS-ELECTRON-1260586	Yes	No Known Exploit
584/1000 Why? Has a fix available, CVSS 7.4	Out-of-bounds Read SNYK-JS-ELECTRON-1261111	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1277203	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow SNYK-JS-ELECTRON-1277205	Yes	No Known Exploit
465/1000 Why? Has a fix available, CVSS 4.8	Improper Input Validation SNYK-JS-ELECTRON-1277526	Yes	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Out Of Bounds Read SNYK-JS-ELECTRON-1278596	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296553	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296555	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1296557	Yes	No Known Exploit
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1296559	Yes	Proof of Concept
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1296561	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Race Condition SNYK-JS-ELECTRON-1296563	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296565	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1312313	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-1312314	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1312315	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1313765	Yes	Mature
529/1000 Why? Has a fix available, CVSS 6.3	Use After Free SNYK-JS-ELECTRON-1313767	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1314896	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1315151	Yes	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Out-of-bounds Write SNYK-JS-ELECTRON-1315668	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1533614	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1534881	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1534882	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1534883	Yes	Mature
550/1000 Why? Has a fix available, CVSS 6.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1534884	Yes	No Known Exploit
529/1000 Why? Has a fix available, CVSS 6.3	Use After Free SNYK-JS-ELECTRON-1536579	Yes	No Known Exploit
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536581	Yes	Proof of Concept
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536587	Yes	No Known Exploit
694/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Out-of-Bounds SNYK-JS-ELECTRON-1585619	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1586050	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Buffer Overflow SNYK-JS-ELECTRON-1656742	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1656743	Yes	Mature
590/1000 Why? Has a fix available, CVSS 7.3	Out-of-Bounds SNYK-JS-ELECTRON-1656745	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Access Restriction Bypass SNYK-JS-ELECTRON-1656746	Yes	No Known Exploit
694/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-ELECTRON-1727344	Yes	Mature
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Sandbox Bypass SNYK-JS-ELECTRON-1731315	Yes	Proof of Concept
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910985	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910987	Yes	No Known Exploit
429/1000 Why? Has a fix available, CVSS 4.3	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-1910988	Yes	No Known Exploit
429/1000 Why? Has a fix available, CVSS 4.3	Improper Access Control SNYK-JS-ELECTRON-1910991	Yes	No Known Exploit
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Type Confusion SNYK-JS-ELECTRON-1911949	Yes	Proof of Concept
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1912074	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912084	Yes	No Known Exploit
754/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1912085	Yes	Mature
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-564272	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Heap Overflow SNYK-JS-ELECTRON-565051	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Out-of-bounds Read SNYK-JS-ELECTRON-565052	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Improper Access Control SNYK-JS-ELECTRON-565362	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-565366	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-565368	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-565441	Yes	No Known Exploit
/1000 Why?	Buffer Underflow SNYK-JS-ELECTRON-565488	Yes	No Known Exploit
/1000 Why?	Use After Free SNYK-JS-ELECTRON-565490	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Use After Free SNYK-JS-ELECTRON-565494	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-565571	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Use After Free SNYK-JS-ELECTRON-565705	Yes	No Known Exploit
554/1000 Why? Has a fix available, CVSS 6.8	Use After Free SNYK-JS-ELECTRON-565709	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Site Isolation Bypass SNYK-JS-ELECTRON-565713	Yes	No Known Exploit
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-570624	Yes	No Known Exploit
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-570833	Yes	Proof of Concept
554/1000 Why? Has a fix available, CVSS 6.8	Arbitrary File Read SNYK-JS-ELECTRON-575393	Yes	No Known Exploit
604/1000 Why? Has a fix available, CVSS 7.8	Privilege Escalation SNYK-JS-ELECTRON-575394	Yes	No Known Exploit
599/1000 Why? Has a fix available, CVSS 7.7	Privilege Escalation SNYK-JS-ELECTRON-575395	Yes	No Known Exploit
/1000 Why?	Privilege Escalation SNYK-JS-ELECTRON-575396	Yes	No Known Exploit
/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
/1000 Why?	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
/1000 Why?	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	Yes	No Known Exploit
/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
/1000 Why?	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dtslint

The new version differs by 2 commits.

9c56a82 Update npm naming ([Snyk] Security upgrade tap from 14.11.0 to 16.0.0 #269)
c859e21 2.0.6 - remove request dependency

See the full diff

Package name: tape-run

The new version differs by 8 commits.

ee4654e 9.0.0
57adc5f Bump browser-run to support sandbox option. Closes [Snyk] Security upgrade xo from 0.16.0 to 0.40.3 #82
ccad1ea Include more detailed Headless Testing section ([Snyk] Security upgrade standard from 11.0.1 to 15.0.0 #81)
31de6f9 8.0.0
20125a6 Bump browser-run to latest, fixing electron security issue ([Snyk] Fix for 5 vulnerabilities #80)
e93c616 travis: update node versions
463bed9 7.0.0
e032edb bump browser-run to 7.0.1

See the full diff

Package name: tinyify

The new version differs by 4 commits.

c89d203 3.0.0
ddd0319 use envify from npm
6e40ab5 bump minify-stream
a1c4650 add coc

See the full diff

Package name: xo

The new version differs by 214 commits.

100dc9b 0.53.0
91d10d1 Require Node.js 14
e678209 Update link to `n` ESLint plugin ([Snyk] Fix for 1 vulnerabilities #696)
db6e207 0.52.4
e69a192 Fix a bug with relative `extends` ([Snyk] Fix for 1 vulnerabilities #686)
f9c7db9 Update XO badge ([Snyk] Security upgrade karma from 5.2.3 to 6.3.4 #692)
92b3a3d Replace link to `node` ESLint plugin with `n` in readme ([Snyk] Security upgrade karma from 5.2.3 to 6.3.4 #690)
35645f6 0.52.3
a608bf1 Fix compatibility problem with Windows ([Snyk] Security upgrade certifi from 2022.12.7 to 2023.7.22 #687)
bbf323b 0.52.2
4cf8b05 Fix tsconfig resolution quirks ([Snyk] Security upgrade mocha from 2.2.5 to 4.0.0 #683)
c8ec522 0.52.1
de5f878 Ensure tsconfig lookups work as expected ([Snyk] Security upgrade @npmcli/template-oss from 4.18.0 to 4.20.0 #680)
a152e1b 0.52.0
b6fea12 Update dependencies
b661eb8 Implement full tsconfig resolution ([Snyk] Security upgrade @npmcli/template-oss from 4.11.0 to 4.20.0 #677)
7fe3b48 0.51.0
cd86133 Include `rulesMeta` in linting results ([Snyk] Security upgrade @npmcli/template-oss from 4.14.1 to 4.20.0 #674)
9ac43fd 0.50.0
00d51de Update dependencies
3a4c9c9 Switch to eslint-plugin-node's maintained fork ([Snyk] Security upgrade @npmcli/template-oss from 4.19.0 to 4.20.0 #660)
ce76e49 Fix link
eb65ea4 0.49.0
5f0e53d Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Use After Free
🦉 Improper Access Control
🦉 More lessons are available in Snyk Learn

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BABEL-1278589 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435

Snyk has created this PR to upgrade: - @babel/types from 7.1.3 to 7.21.4. See this package in npm: https://www.npmjs.com/package/@babel/types - @babel/generator from 7.1.3 to 7.21.4. See this package in npm: https://www.npmjs.com/package/@babel/generator - @babel/parser from 7.1.3 to 7.21.4. See this package in npm: https://www.npmjs.com/package/@babel/parser - @babel/template from 7.1.2 to 7.20.7. See this package in npm: https://www.npmjs.com/package/@babel/template - @babel/traverse from 7.1.4 to 7.21.4. See this package in npm: https://www.npmjs.com/package/@babel/traverse See this project in Snyk: https://app.snyk.io/org/leonardoadame/project/17b9377e-05c7-466c-817b-64859e210aa8?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade globals from 10.1.0 to 10.4.0. See this package in npm: https://www.npmjs.com/package/globals See this project in Snyk: https://app.snyk.io/org/leonardoadame/project/17b9377e-05c7-466c-817b-64859e210aa8?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade tempy from 0.5.0 to 0.7.1. See this package in npm: https://www.npmjs.com/package/tempy See this project in Snyk: https://app.snyk.io/org/leonardoadame/project/17b9377e-05c7-466c-817b-64859e210aa8?utm_source=github&utm_medium=referral&page=upgrade-pr

…94a74ffadedd8032d [Snyk] Upgrade tempy from 0.5.0 to 0.7.1

…2cad22ca48f99fb34 [Snyk] Upgrade globals from 10.1.0 to 10.4.0

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532

…14fcf9fdb45341 [Snyk] Security upgrade requests from 2.22.0 to 2.31.0

…452a2501c403d [Snyk] Fix for 5 vulnerabilities

…to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

…age.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

…-targets/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

…8829879580bfb4 [Snyk] Security upgrade semver from 6.3.0 to 7.5.2

…aa20aac868f5e5 [Snyk] Security upgrade semver from 6.3.0 to 7.5.2

…5479ebc6233124 [Snyk] Security upgrade local-web-server from 4.2.1 to 5.0.0

…fa026d85a0edb65c5 [Snyk] Upgrade: @babel/types, @babel/generator, @babel/parser, @babel/template, @babel/traverse

…11126a17ab65f0 [Snyk] Security upgrade semver from 6.3.0 to 7.5.2

bolt-new-by-stackblitz · 2023-07-06T19:56:02Z

Run & review this pull request in StackBlitz Codeflow.

changeset-bot · 2023-07-06T19:56:04Z

⚠️ No Changeset found

Latest commit: b8dd868

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

snyk-bot and others added 19 commits May 2, 2023 17:57

Merge pull request #7 from leonardoadame/snyk-upgrade-2995fc05233b7a0…

6292d1a

…94a74ffadedd8032d [Snyk] Upgrade tempy from 0.5.0 to 0.7.1

Merge pull request #6 from leonardoadame/snyk-upgrade-4d5b4bd486c2748…

616a8bf

…2cad22ca48f99fb34 [Snyk] Upgrade globals from 10.1.0 to 10.4.0

fix: deps/uv/docs/requirements.txt to reduce vulnerabilities

a614a8a

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532

Merge pull request #10 from leonardoadame/snyk-fix-8d86d74fb78e75dbf9…

52682c9

…14fcf9fdb45341 [Snyk] Security upgrade requests from 2.22.0 to 2.31.0

Merge pull request #3 from leonardoadame/snyk-fix-3fed45732244c5baec2…

2e2374f

…452a2501c403d [Snyk] Fix for 5 vulnerabilities

fix: tools/node_modules/eslint/node_modules/@babel/core/package.json …

eb66b7e

…to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

fix: tools/node_modules/eslint/node_modules/@babel/eslint-parser/pack…

47a5b14

…age.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

fix: deps/v8/tools/package.json & deps/v8/tools/package-lock.json to …

30fc1d1

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

fix: tools/node_modules/eslint/node_modules/@babel/helper-compilation…

1100bde

…-targets/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

Merge pull request #13 from leonardoadame/snyk-fix-ee8912d3a9cd5262aa…

853f217

…8829879580bfb4 [Snyk] Security upgrade semver from 6.3.0 to 7.5.2

Merge pull request #15 from leonardoadame/snyk-fix-900859a513e8ed4cc8…

35fab6e

…aa20aac868f5e5 [Snyk] Security upgrade semver from 6.3.0 to 7.5.2

Merge pull request #14 from leonardoadame/snyk-fix-b7180ea97e108aabee…

f827f4a

…5479ebc6233124 [Snyk] Security upgrade local-web-server from 4.2.1 to 5.0.0

Merge pull request #4 from leonardoadame/snyk-upgrade-f919faf2a9ba7c3…

73ba401

…fa026d85a0edb65c5 [Snyk] Upgrade: @babel/types, @babel/generator, @babel/parser, @babel/template, @babel/traverse

Merge pull request #12 from leonardoadame/snyk-fix-763b7501c41ba23cc9…

d735ea2

…11126a17ab65f0 [Snyk] Security upgrade semver from 6.3.0 to 7.5.2

leonardoadame force-pushed the main branch 2 times, most recently from 1eeaa09 to d9438cc Compare July 7, 2023 00:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 112 vulnerabilities #22

[Snyk] Fix for 112 vulnerabilities #22

leonardoadame commented Jul 6, 2023

bolt-new-by-stackblitz bot commented Jul 6, 2023

changeset-bot bot commented Jul 6, 2023

[Snyk] Fix for 112 vulnerabilities #22

Are you sure you want to change the base?

[Snyk] Fix for 112 vulnerabilities #22

Conversation

leonardoadame commented Jul 6, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

bolt-new-by-stackblitz bot commented Jul 6, 2023

changeset-bot bot commented Jul 6, 2023

⚠️ No Changeset found