Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 6 vulnerabilities #17

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

damodarnaik
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • visual_console_client/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept
medium severity 429/1000
Why? Has a fix available, CVSS 4.3
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088
Yes No Known Exploit
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @typescript-eslint/eslint-plugin The new version differs by 250 commits.
  • 18e7b5b chore: publish v2.32.0
  • 18668b7 feat: bump dependencies and align AST (#2007)
  • 6987ecc fix(eslint-plugin): [no-base-to-string] support boolean in unions (#1979)
  • 56d9870 fix(eslint-plugin): [no-type-alias] handle readonly types in aliases (#1990)
  • 51ca404 fix(eslint-plugin): [no-unused-expressions] inherit `messages` from base rule (#1992)
  • 176054c chore: publish v2.31.0
  • 1f3c344 chore: upgrade to prettier 2.0 (#1970)
  • b18bc35 feat(eslint-plugin): new extended rule 'no-invalid-this' (#1823)
  • 2f0824b feat(eslint-plugin): [prefer-optional-chain] added option to convert to suggestion fixer (#1965)
  • 7f3fba3 fix(eslint-plugin): [method-signature-style] fix overloaded methods to an intersection type (#1966)
  • f78f13a fix(eslint-plugin): no-base-to-string boolean expression detect (#1969)
  • b35070e fix(eslint-plugin): [unbound-method] false positives for unary expressions (#1964)
  • f82fd7b fix(eslint-plugin): [return-await] await in a normal function (#1962)
  • 05476ca docs(eslint-plugin): [naming-convention] correct typo in example (#1961)
  • 80d934b chore: turn on `no-poorly-typed-ts-props` (#1955)
  • b609b43 chore: fix CI (#1958)
  • 56ea7c9 feat(eslint-plugin-internal): add rule no-poorly-typed-ts-props (#1949)
  • 2dd1638 feat(experimental-utils): expose our RuleTester extension (#1948)
  • 383f931 fix(eslint-plugin): [dot-notation] handle missing declarations (#1947)
  • f7ec192 feat(eslint-plugin): [member-ordering] add decorators support (#1870)
  • 1b4e430 chore: publish v2.30.0
  • 2f45e99 fix(eslint-plugin): fix no-base-to-string boolean literal check (#1850)
  • ed2bd60 fix(eslint-plugin): [prefer-string-starts-ends-with] check for negative start index in slice (#1920)
  • a85c3e1 feat(eslint-plugin): add extension rule `dot-notation` (#1867)

See the full diff

Package name: @typescript-eslint/parser The new version differs by 250 commits.
  • 18e7b5b chore: publish v2.32.0
  • 18668b7 feat: bump dependencies and align AST (#2007)
  • 6987ecc fix(eslint-plugin): [no-base-to-string] support boolean in unions (#1979)
  • 56d9870 fix(eslint-plugin): [no-type-alias] handle readonly types in aliases (#1990)
  • 51ca404 fix(eslint-plugin): [no-unused-expressions] inherit `messages` from base rule (#1992)
  • 176054c chore: publish v2.31.0
  • 1f3c344 chore: upgrade to prettier 2.0 (#1970)
  • b18bc35 feat(eslint-plugin): new extended rule 'no-invalid-this' (#1823)
  • 2f0824b feat(eslint-plugin): [prefer-optional-chain] added option to convert to suggestion fixer (#1965)
  • 7f3fba3 fix(eslint-plugin): [method-signature-style] fix overloaded methods to an intersection type (#1966)
  • f78f13a fix(eslint-plugin): no-base-to-string boolean expression detect (#1969)
  • b35070e fix(eslint-plugin): [unbound-method] false positives for unary expressions (#1964)
  • f82fd7b fix(eslint-plugin): [return-await] await in a normal function (#1962)
  • 05476ca docs(eslint-plugin): [naming-convention] correct typo in example (#1961)
  • 80d934b chore: turn on `no-poorly-typed-ts-props` (#1955)
  • b609b43 chore: fix CI (#1958)
  • 56ea7c9 feat(eslint-plugin-internal): add rule no-poorly-typed-ts-props (#1949)
  • 2dd1638 feat(experimental-utils): expose our RuleTester extension (#1948)
  • 383f931 fix(eslint-plugin): [dot-notation] handle missing declarations (#1947)
  • f7ec192 feat(eslint-plugin): [member-ordering] add decorators support (#1870)
  • 1b4e430 chore: publish v2.30.0
  • 2f45e99 fix(eslint-plugin): fix no-base-to-string boolean literal check (#1850)
  • ed2bd60 fix(eslint-plugin): [prefer-string-starts-ends-with] check for negative start index in slice (#1920)
  • a85c3e1 feat(eslint-plugin): add extension rule `dot-notation` (#1867)

See the full diff

Package name: eslint The new version differs by 250 commits.
  • 3dd6741 7.0.0
  • 9a722f9 Build: changelog update for 7.0.0
  • b98d8bd Upgrade: [email protected] (#13271)
  • 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
  • 401a687 Chore: fix rules list for prereleases (#13230)
  • 4ef6158 Breaking: [email protected] (#13270)
  • b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
  • 356fdb4 Docs: add migration guide (#12692)
  • 015edf6 Sponsors: Sync README with website
  • fdfa364 7.0.0-rc.0
  • 8d1b4db Build: changelog update for 7.0.0-rc.0
  • 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
  • d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
  • 2ce6bed Chore: added tests for nested arrays (#13145)
  • d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
  • 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
  • bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
  • 3eeae56 Upgrade: some (dev) deps (#13155)
  • 6b7030b Chore: Run tests on Node.js v14 (#13210)
  • ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
  • 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
  • 56d2bee Docs: fix typos (#13204)
  • e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
  • e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: jest The new version differs by 250 commits.
  • 343532a v26.0.0
  • 075854a chore: update changelog for release
  • 68b65af v26.0.0-alpha.2
  • d30a586 fix: disallow hook definitions in tests (#9957)
  • 3375ac3 chore: remove unused prettier uninstall step from CI
  • 0a63d40 fix: absolute path moduleNameMapper + jest.mock issue (#8727)
  • 03dbb2f chore: fix watch mode test with utimes (#9967)
  • 68d12d5 chore: skip broken test on windows (#9966)
  • e8e8146 align circus with jasmine's top-to-bottom execution order (#9965)
  • 968a301 Fix invalid re-run of tests in watch mode (#7347)
  • 5d1be03 chore: fix windows CI (#9964)
  • 2bac04f v26.0.0-alpha.1
  • c665f22 feat: add `createMockFromModule` to replace `genMockFromModule` (#9962)
  • 8147af1 chore: improve error on module not found (#9963)
  • 71631f6 feat: add new 'modern' implementation of Fake Timers (#7776)
  • d7f3427 chore: rename LolexFakeTimers to ModernFakeTimers (#9960)
  • 2c7682c Update index.js (#9095)
  • 5a16415 docs: Updated Testing Frameworks guide with React; make it generic (#9106)
  • 4216b86 updated docs regarding testSequencer (#9174)
  • 2e8f8d5 fix: handle `null` being passed to `createTransformer` (#9955)
  • 7a3c997 jest-circus: throw if a test / hook is defined asynchronously (#8096)
  • 42f920c chore: update ts-eslint (#9953)
  • 3078172 Updated config docs with default transform value (#8583)
  • b6052e0 Update jest-phabricator documentation (#8662)

See the full diff

Package name: ts-jest The new version differs by 250 commits.
  • bcf2697 Merge pull request #1649 from kulshekhar/dependabot/npm_and_yarn/types/fs-extra-9.0.0
  • 497f5c9 build(deps-dev): bump @ types/fs-extra from 8.1.0 to 9.0.0
  • 35001a2 Merge pull request #1646 from ahnpnl/v26.0.0
  • 1db8be5 chore(release): 26.0.0
  • 47007f1 build(deps-dev): bump @ types/js-yaml from 3.12.3 to 3.12.4 (#1644)
  • 9741de4 build(deps-dev): bump @ types/cross-spawn from 6.0.1 to 6.0.2 (#1643)
  • 6851b8e fix(compiler): return `undefined` for `getScriptVersion` when a file doesn't exist in memory cache (#1641)
  • 6b22e08 build(deps-dev): bump @ types/yargs from 15.0.4 to 15.0.5 (#1638)
  • b58064c Merge pull request #1637 from kulshekhar/dependabot/npm_and_yarn/types/jest-25.2.2
  • 5fc19c0 build(deps-dev): bump @ types/jest from 25.2.1 to 25.2.2
  • ea56715 build(deps-dev): bump eslint-plugin-jsdoc from 25.4.0 to 25.4.1 (#1640)
  • b5dc7cb build(deps-dev): bump @ types/semver from 7.1.0 to 7.2.0 (#1636)
  • eab413e Merge pull request #1634 from kulshekhar/dependabot/npm_and_yarn/eslint-plugin-jsdoc-25.4.0
  • 01cb6e2 build(deps-dev): bump eslint-plugin-jsdoc from 25.3.0 to 25.4.0
  • db084be build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1632)
  • d203a54 build(deps-dev): bump @ typescript-eslint/parser from 2.32.0 to 2.33.0 (#1631)
  • 1eafa67 build(deps-dev): bump eslint-plugin-jsdoc from 25.2.1 to 25.3.0 (#1629)
  • e31656d build(deps-dev): bump eslint-plugin-jest from 23.10.0 to 23.11.0 (#1628)
  • c2b230f build(deps-dev): bump eslint-plugin-jsdoc from 25.2.0 to 25.2.1 (#1627)
  • c0265a4 build(deps-dev): bump @ typescript-eslint/parser from 2.31.0 to 2.32.0 (#1625)
  • 3c95725 build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1626)
  • d90c034 build(deps-dev): bump eslint-plugin-jsdoc from 25.0.1 to 25.2.0 (#1623)
  • c402ee3 build(deps-dev): bump @ types/react from 16.9.34 to 16.9.35 (#1622)
  • bec1a0e docs: correct spelling mistake in index.md (#1612)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • f2f998b 5.1.1
  • bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
  • 11935a9 Merge pull request #11703 from webpack/bugfix/11678
  • 63ba54c update chunk to files mapping when deleting assets
  • 4669600 Merge pull request #11690 from webpack/bugfix/11673
  • 234373e Merge pull request #11702 from webpack/deps/terser
  • b6bc273 fix infinite loop in inner graph optimization
  • 50c3a83 fix unused modules in chunk when optimizing runtime-specific
  • 5d9d9b9 fix runtime-specific handling in concatenated modules
  • 250e37c add test case
  • 7925652 upgrade terser-webpack-plugin
  • 27796db Merge pull request #11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
  • bd5aab8 Merge pull request #11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
  • 886bbd5 Merge pull request #11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
  • 3a14b3d Merge pull request #11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
  • ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
  • dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
  • 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
  • c0410e8 Merge pull request #11686 from webpack/bugfix/11677
  • 4504046 order runtime chunks correctly when they depend on each other
  • 74a44cd add comment to help tagging for the bot
  • e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
  • 77329b4 5.1.0
  • 48c10f3 Merge pull request #11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Package name: webpack-cli The new version differs by 250 commits.
  • fb50f76 chore(release): publish new version
  • 2c75aeb chore: new version of the packages
  • 0d05c30 chore(release): publish %s
  • 3f9e151 chore: fix lerna config
  • 2c1e34c tests(generator): enhance init generator tests (#1236)
  • 6ee61b9 Fix loader-generator and plugin-generator tests (#1250)
  • 52956a2 Fixing the typos and grammatical errors in Readme files (#1246)
  • 7faaed2 chore: update Bug_report & Feature_request Templates (#1256)
  • 7a5b33d feat(webpack-cli): added mode argument (#1253)
  • 3715756 tests(webpack-cli): add test case for defaults flag (#1254)
  • a7cba2f chore: project maintanance and typescript fix (#1247)
  • 7748472 chore: ignore package-lock.json and remove its references (#1252)
  • a014aa7 docs: fix supported arguments & commands link in README (#1244)
  • 06129a1 feat(webpack-cli): add progress bar for progress flag (#1238)
  • 6cc6a49 chore: post refactor CLI (#1237)
  • 358651e chore: move cli under lerna package (#1225)
  • 2dc495a fix(init): fix webpack config scaffold (#1231)
  • 1ab62d2 tests(generator): add tests for plugin generator (#1235)
  • d2dd0c1 tests(sourcemap): fix flaky stats statement (#1232)
  • f6dc680 tests(loader-generator): add tests for loader generator (#1234)
  • 35d1381 tests(generator): enable init generator test (#1233)
  • 66cdcb6 chore(generator): remove transpiled tests (#1229)
  • f29a170 fix(init): fix the invalid package name (#1228)
  • 8c3a66d chore(cli): updated changelog of v3 (#1224)

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.
  • c9271b9 chore(release): 4.0.0
  • 18bf369 test: fix stability (#3676)
  • cdcabb2 fix: respect protocol from browser for manual setup (#3675)
  • 1768d6b fix: initial reloading for lazy compilation (#3662)
  • 4f5bab1 docs: improve examples (#3672)
  • f2d87fb fix: improve https CLI output (#3673)
  • 0277c5e chore: remove redundant console statements (#3671)
  • 16fcdbc docs: add `ipc` example (#3667)
  • 8915fb8 test: add e2e tests for built in routes (#3669)
  • 4d1cbe1 docs: ask `version` information in issue template (#3668)
  • b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
  • ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
  • f1fdaa7 chore(release): 4.0.0-rc.1
  • c4678bc fix: legacy API (#3660)
  • d8bdd03 test: fix stability (#3661)
  • 22b1414 refactor: remove `killable` (#3657)
  • 75bafbf test: add e2e tests for module federation (#3658)
  • 493ccbd chore(deps): update `ws` (#3652)
  • ae8c523 test: add e2e test for universal compiler (#3656)
  • f94b84f chore(deps): update (#3655)
  • 1923132 test: fix cli
  • 2adfd01 test: fix todo (#3653)
  • 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
  • c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants