Skip to content

[Snyk] Security upgrade @pattern-lab/uikit-workshop from 5.14.0 to 5.15.5#363

Open
riteshgurung wants to merge 1 commit into1.0.xfrom
snyk-fix-56553c00e339e4e713a0692975ff0fe9
Open

[Snyk] Security upgrade @pattern-lab/uikit-workshop from 5.14.0 to 5.15.5#363
riteshgurung wants to merge 1 commit into1.0.xfrom
snyk-fix-56553c00e339e4e713a0692975ff0fe9

Conversation

@riteshgurung
Copy link
Copy Markdown
Contributor

@riteshgurung riteshgurung commented Dec 19, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pattern-lab/package.json
    • pattern-lab/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 No Proof of Concept
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 No No Known Exploit
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2		 Prototype Pollution
SNYK-JS-LODASH-567746		 No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 No No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @pattern-lab/uikit-workshop The new version differs by 87 commits.
  • 627d6a3 [skip travis] chore(release): publish v5.15.5
  • c9e4151 [skip travis] chore(release): publish v5.15.4
  • 108eb43 Update babel config
  • 7f37e9d fix: corrected some github urls (#1388)
  • b86bf0a chore: code optimizations (#1387)
  • 91d2d3e refactor: updated lerna dependency (#1382)
  • 62901a3 refactor: moved dependencies to devDependencies @ uikit-workshop (#1381)
  • 49cd8f8 refactor: updated 11ty dependencies (#1383)
  • 2939561 refactor: moved dependencies to devDependencies @ cli (#1384)
  • 6fa630e feat: define initial viewport (#1386)
  • 8fb9fb4 refactor: updated http-auth dependency (#1379)
  • e284703 chore: adding simple pattern descriptions (#1378)
  • 57aad3d [skip travis] chore(release): publish v5.15.3
  • a75ee0d refactor: updated our redux version (#1374)
  • 1ebcd53 Includes additional twig syntax featires (#1367)
  • 7c66f8a fix(handlebars-demo): move and modify the icon files (#1377)
  • cfa74c0 feat(vs-code): added recommendations (#1375)
  • 82c5592 refactor: replace node-sass by sass (#1373)
  • 57efccb feat: ensure consistent line endings across files (#1372)
  • d7b428c refactor(docs): added forked plugin to the list (#1371)
  • 384dc89 fix(docs): tiles z-index to not overlay the menu anymore (#1370)
  • acca120 [skip travis] chore(release): publish v5.15.2
  • 3ce13ab fix(core): Subgroup cannot be hidden (#1368)
  • 7495275 refactor: optimized engines directory retrieval #1359 (#1364)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service (DoS)
🦉 Command Injection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@riteshgurung @snyk-bot