chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates#2985
chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates#2985dependabot[bot] wants to merge 1 commit into
70 new alerts including 34 high severity security vulnerabilities
New alerts in code changed by this pull request
Security Alerts:
- 34 high
- 28 medium
- 8 low
Alerts not introduced by this pull request might have been detected because the code changes were too large.
See annotations below for details.
Annotations
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: Prototype pollution allows information disclosure and request manipulation High
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: Information disclosure due to prototype pollution vulnerability High
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: Information disclosure of proxy credentials via HTTP redirects High
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: Information disclosure of proxy credentials via redirect flows High
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: Denial of Service due to unenforced request and response size limits High
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name High
Check failure on line 19252 in package-lock.json
Code scanning / Trivy
fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies High
Check failure on line 19252 in package-lock.json
Code scanning / Trivy
fast-uri: fast-uri: URI authority bypass due to improper delimiter handling High
Check failure on line 20946 in package-lock.json
Code scanning / Trivy
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability High
Check failure on line 23043 in package-lock.json
Code scanning / Trivy
lodash: lodash: Arbitrary code execution via untrusted input in template imports High
Check failure on line 23049 in package-lock.json
Code scanning / Trivy
lodash: lodash: Arbitrary code execution via untrusted input in template imports High
Check failure on line 23467 in package-lock.json
Code scanning / Trivy
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode High
Check failure on line 24184 in package-lock.json
Code scanning / Trivy
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality High
Check failure on line 24645 in package-lock.json
Code scanning / Trivy
ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments High
Check failure on line 26563 in package-lock.json
Code scanning / Trivy
minimatch: minimatch: Denial of Service via specially crafted glob patterns High
Check failure on line 26563 in package-lock.json
Code scanning / Trivy
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High
Check failure on line 26563 in package-lock.json
Code scanning / Trivy
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High
Check failure on line 31748 in package-lock.json
Code scanning / Trivy
node-fetch: exposure of sensitive information to an unauthorized actor High
Check failure on line 32827 in package-lock.json
Code scanning / Trivy
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() High
Check failure on line 34853 in package-lock.json
Code scanning / Trivy
tmp is a temporary file and directory creator for node.js. Prior to 0. ... High
Check failure on line 35783 in package-lock.json
Code scanning / Trivy
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality High
Check failure on line 36275 in package-lock.json
Code scanning / Trivy
ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments High
Check failure on line 36585 in package-lock.json
Code scanning / Trivy
ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments High
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: NO_PROXY bypass via crafted URL High
Check failure on line 13493 in package-lock.json
Code scanning / Trivy
axios: Axios: Arbitrary HTTP header injection via prototype pollution High