[Snyk] Upgrade @docusaurus/core from 2.1.0 to 3.4.0 #826
Conversation
Snyk has created this PR to upgrade @docusaurus/core from 2.1.0 to 3.4.0. See this package in npm: @docusaurus/core See this project in Snyk: https://app.snyk.io/org/q1blue-rxw/project/5b430cad-b455-40c7-a7ff-af5a8804e8ca?utm_source=github&utm_medium=referral&page=upgrade-pr
|
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Snyk has created this PR to upgrade @docusaurus/core from 2.1.0 to 3.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 20 versions ahead of your current version.
The recommended version was released on 3 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-WEBPACK-3358798
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
SNYK-JS-EXPRESS-6474509
SNYK-JS-HTTPCACHESEMANTICS-3248783
SNYK-JS-JSON5-3182856
SNYK-JS-POSTCSS-5926692
SNYK-JS-SIDEWAYFORMULA-3317169
Release notes
Package name: @docusaurus/core
-
3.4.0 - 2024-05-31
- #10137 feat(docs, blog): add support for
- #10151 feat(theme-translations): Added Turkmen (tk) default theme translations (@ ilmedova)
- #10111 feat(theme-translations): Add Bulgarian default theme translations (bg) (@ PetarMc1)
- #9859 feat(core): hash router option - browse site offline (experimental) (@ slorber)
- #10121 feat(core): site storage config options (experimental) (@ slorber)
- #10185 fix(docs, blog): Markdown link resolution does not support hot reload (@ slorber)
- #10178 fix(theme): SearchPage should respect
- #10164 fix(search): fix algolia search container bug (@ slorber)
- #10168 fix(mdx-loader): resolve Markdown/MDX links with Remark instead of RegExp (@ slorber)
- #10165 fix(theme-translation): add missing Korean (ko) theme translations (@ revi)
- #10157 fix(theme-translations): complete Vietnamese theme translations (@ namnguyenthanhwork)
- #10145 fix(core): fix serve workaround regexp (@ slorber)
- #10142 fix(core): fix
- #10130 fix(core): the broken anchor checker should not be sensitive pathname trailing slashes (@ slorber)
- #10144 fix(theme): fix announcement bar layout shift due to missing storage key namespace (@ slorber)
- #10132 fix(core):
- #10131 fix(core): codegen should generate unique route prop filenames (@ slorber)
- #10118 fix(theme-translations): fix missing pluralization for label DocCard.categoryDescription.plurals (@ slorber)
- #10176 docs: add community plugin docusaurus-graph (@ Arsero)
- #10173 docs: improve how to use
- #10167 docs: suggest using
- #10143 docs: recommend users to remove hast-util-is-element in migration to v3 (@ tats-u)
- #10124 docs: v3 prepare your site blog post should point users to the upgrade guide (@ homotechsual)
- #10155 chore(deps): bump peaceiris/actions-gh-pages from 3 to 4 (@ dependabot[bot])
- #10154 chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 (@ dependabot[bot])
- #10112 chore(deps): bump actions/dependency-review-action from 4.3.1 to 4.3.2 (@ dependabot[bot])
- Azzedine E. (@ Arsero)
- CodeDoctor (@ CodeDoctorDE)
- Mahri Ilmedova (@ ilmedova)
- Mikey O'Toole (@ homotechsual)
- Nguyễn Thành Nam (@ namnguyenthanhwork)
- Nick Coughlin (@ ncoughlin)
- Petar_mc (@ PetarMc1)
- Sébastien Lorber (@ slorber)
- Tatsunori Uchino (@ tats-u)
- Yongmin (@ revi)
- ozaki (@ OzakIOne)
-
3.3.2 - 2024-05-03
-
3.3.1 - 2024-05-03
-
3.3.0 - 2024-05-03
- #10083 feat: add createSitemapItems hook (@ johnnyreilly)
- #10064 feat(core): add new site config option
- #9767 feat(cli): docusaurus deploy should support a --target-dir option (@ SandPod)
- #10042 feat(core): simplify plugin API, support route.props (@ slorber)
- #10032 feat(pages): add LastUpdateAuthor & LastUpdateTime & editUrl (@ OzakIOne)
- #10092 chore: Upgrade svgr / svgo / cssnano (@ slorber)
- #10091 fix(theme):
- #10080 fix(theme):
- #10090 fix(core):
- #10079 fix: handle React v18.3 warnings (@ slorber)
- #10070 fix(theme-translations): add missing theme translations for pt-BR (@ h3nr1ke)
- #10051 fix(theme-translations): correct label for tip admonition in italian (@ tomsotte)
- #10048 fix(algolia): add insights property on Algolia Theme Config object TS definition (@ Virgil993)
- #10054 fix(core): sortRoutes shouldn't have a default baseUrl value, this led to a bug (@ slorber)
- #10025 fix(docs): sidebar item label impact the pagination label of docs (@ Abdullah-03)
- #10022 fix(utils): getFileCommitDate should support
- #10060 refactor(core): optimize App entrypoint, it should not re-render when navigating (@ slorber)
- #10061 refactor(theme): simplify CSS solution to solve empty search container (@ slorber)
- #10023 refactor(website): refactor showcase components (@ slorber)
- #10096 docs: Fix
- #10093 docs: Fix dead Typesense links (@ kaihoffman)
- #10085 docs: make
- #10082 docs: add note regarding ts extension for config file. (@ homotechsual)
- #9490 docs: add troubleshooting steps to migration/upgrade page (@ homotechsual)
- #10056 docs(search): Algolia troubleshooting section for index configuration problems (@ slorber)
- #10039 docs: visit is a named export of unist-util-visit (@ pearmini)
- #10020 docs: Fix wrong path example (@ tomy0000000)
- #10011 docs: add stormkit as deployment platform (@ eldemcan)
- #10097 chore(deps): bump ejs from 3.1.9 to 3.1.10 (@ dependabot[bot])
- #10089 chore(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.1 (@ dependabot[bot])
- #10088 chore(deps): bump preactjs/compressed-size-action from 2.5.0 to 2.6.0 (@ dependabot[bot])
- #10034 chore(deps): bump semver from 7.3.4 to 7.6.0 (@ dependabot[bot])
- #10065 refactor: extract base TS client config + upgrade TS + refactor TS setup (@ slorber)
- Other
- #10063 test(e2e): TypeCheck website/starter in min/max range of TS versions (@ slorber)
- #10049 fix(website): fix website manifest.json name "Docusaurus v2" to just "Docusaurus" (@ volcanofr)
- Abdullah Saud (@ Abdullah-03)
- Alexander Sandor (@ SandPod)
- Alexey Ivanov (@ iAdramelk)
- Andrea Mazzucchelli (@ andrmaz)
- Bairui Su (@ pearmini)
- Balthasar Hofer (@ lebalz)
- Can Eldem (@ eldemcan)
- Daniel Li (@ d4nyll)
- Guille (@ gagdiez)
- H3NR1KE (@ h3nr1ke)
- John Reilly (@ johnnyreilly)
- Kai Hoffman (@ kaihoffman)
- Mikey O'Toole (@ homotechsual)
- Sébastien Lorber (@ slorber)
- Tommaso Sotte (@ tomsotte)
- Tomy Hsieh (@ tomy0000000)
- Zwyx (@ Zwyx)
- @ Virgil993
- @ volcanofr
- ozaki (@ OzakIOne)
-
3.2.1 - 2024-04-04
- #10012 fix(core): fix configurePostCss v3.2 regression (@ slorber)
- #9980 docs: remove old github action description (@ OzakIOne)
- #10014 docs(website): fix SEO docs headTags example (@ OzakIOne)
- #10004 docs(website): Announce v3.2 on website/homepage (@ slorber)
- #10006 chore(deps): bump actions/dependency-review-action from 4.2.4 to 4.2.5 (@ dependabot[bot])
- Sébastien Lorber (@ slorber)
- ozaki (@ OzakIOne)
-
3.2.0 - 2024-03-29
- #9954 feat(sitemap): add support for "lastmod" (@ slorber)
- #9912 feat(blog): add LastUpdateAuthor & LastUpdateTime (@ OzakIOne)
- #9931 feat(core): add new plugin allContentLoaded lifecycle (@ slorber)
- #9928 feat(theme-translations) Icelandic (is) (@ Hallinn)
- #9886 feat(blog): allow processing blog posts through a processBlogPosts function (@ OzakIOne)
- #9838 feat(blog): add blog pageBasePath plugin option (@ ilg-ul)
- #9681 feat(swizzle): ask user preferred language if no language CLI option provided (@ yixiaojiu)
- #9442 feat(create-docusaurus): ask user for preferred language when no language CLI option provided (@ Rafael-Martins)
- #9687 feat(plugin-vercel-analytics): add new vercel analytics plugin (@ OzakIOne)
- #9684 feat(mdx-loader): the table-of-contents should display toc/headings of imported MDX partials (@ anatolykopyl)
- #9999 fix(mdx-loader): Ignore contentTitle coming after Markdown thematicBreak (@ slorber)
- #9945 fix(a11y): move focus algolia-search focus back to search input on Escape (@ mxschmitt)
- #9920 fix(blog): apply trailing slash to blog feed (@ OzakIOne)
- #9944 fix(theme): improve a11y of DocSidebarItemCategory expand/collapsed button (@ mxschmitt)
- #9915 fix(theme-translations): complete and modify Japanese translations (@ Suenaga-Ryuya)
- #9910 fix(theme-translations): add Japanese translations (@ Suenaga-Ryuya)
- #9872 fix(theme-translations): complete and improve Spanish theme translations (@ 4troDev)
- #9812 fix(i18n): add missing theme translations for fa locale (@ VahidNaderi)
- #9897 fix(mdx-loader): mdx-code-block should support CRLF (@ slorber)
- #9878 fix(core): fix default i18n calendar used, infer it from locale if possible (@ slorber)
- #9852 fix(core): ensure core error boundary is able to render theme layout (@ slorber)
- #9861 fix(remark-npm2yarn): update npm-to-yarn from 2.0.0 to 2.2.1, fix pnpm extra args syntax (@ OzakIOne)
- #9851 fix(theme-classic): should use plurals for category items description (@ baradusov)
- #9975 refactor(core): improve dev perf, fine-grained site reloads - part 3 (@ slorber)
- #9968 refactor(core): improve dev perf, fine-grained site reloads - part2 (@ slorber)
- #9903 refactor(core): improve dev perf, fine-grained site reloads - part1 (@ slorber)
- #9890 perf: optimize getFileCommitDate, make it async (@ slorber)
- #9798 refactor(core): internalize, simplify and optimize the SSG logic (@ slorber)
- #9868 refactor(theme): dates should be formatted on the client-side instead of in nodejs code (@ OzakIOne)
- #9669 refactor(theme): use JSON-LD instead of microdata for blog structured data (@ johnnyreilly)
- #9839 refactor(blog): improve doc global data hook error message + add doc warning to blogOnly mode (@ OzakIOne)
- #9937 docs: use official GitHub Action to deploy to GitHub Pages (@ vlad-nestorov)
- #9971 docs: replace VuePress by VitePress on tool comparison section (@ sunkanmii)
- #9914 docs: update legacy MDX v1 links to markdown links (@ OzakIOne)
- #9913 docs: update legacy MDX v1 links to markdown links (@ OzakIOne)
- #9906 docs: emphasize "index slug" convention (@ Josh-Cena)
- #9877 docs: fix typos in deployment.mdx (@ Oreoxmt)
- #9845 docs: typo (@ OzakIOne)
- #9816 docs: Add docs for Mermaid Component (@ Its-Just-Nans)
- #9981 chore(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.4 (@ dependabot[bot])
- #9982 chore(deps): bump katex from 0.16.8 to 0.16.10 (@ dependabot[bot])
- #9983 chore(deps): bump express from 4.18.2 to 4.19.2 (@ dependabot[bot])
- #9977 chore(deps): bump webpack-dev-middleware from 5.3.3 to 5.3.4 (@ dependabot[bot])
- #9958 chore(deps): bump follow-redirects from 1.15.4 to 1.15.6 (@ dependabot[bot])
- #9892 chore(deps): bump actions/dependency-review-action from 4.1.2 to 4.1.3 (@ dependabot[bot])
- #9869 chore(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.2 (@ dependabot[bot])
- #9874 chore(deps): bump ip from 2.0.0 to 2.0.1 (@ dependabot[bot])
- #9843 chore(deps): bump actions/setup-node from 4.0.1 to 4.0.2 (@ dependabot[bot])
- #9824 chore(deps): bump treosh/lighthouse-ci-action from 10.1.0 to 11.4.0 (@ dependabot[bot])
- #9823 chore(deps): bump marocchino/sticky-pull-request-comment from 2.8.0 to 2.9.0 (@ dependabot[bot])
- #9972 refactor(utils): remove duplicated function (@ OzakIOne)
- Other
- #9965 refactor(website): organise blog posts by year (@ GingerGeek)
- #9865 chore(website): update @ crowdin/crowdin-api-client (@ chris-bateman)
- #9963 refactor(docs,blog): last update timestamp should be in milliseconds instead of seconds (@ slorber)
- Aolin (@ Oreoxmt)
- Anatoly Kopyl (@ anatolykopyl)
- Chris Bateman (@ chris-bateman)
- Fafowora Sunkanmi (@ sunkanmii)
- Hallbjörn Magnússon (@ Hallinn)
- John Reilly (@ johnnyreilly)
- Joshua Chen (@ Josh-Cena)
- Josue [4tro] A (@ 4troDev)
- Liviu Ionescu (@ ilg-ul)
- Max Schmitt (@ mxschmitt)
- Rafael Martins (@ Rafael-Martins)
- Sébastien Lorber (@ slorber)
- Vahid Naderi (@ VahidNaderi)
- Vlad Nestorov (@ vlad-nestorov)
- Zed Spencer-Milnes (@ GingerGeek)
- axel7083 (@ axel7083)
- krinza.eth (@ kaymomin)
- n4n5 (@ Its-Just-Nans)
- ozaki (@ OzakIOne)
- suenryu (@ Suenaga-Ryuya)
- Нуриль Барадусов (@ baradusov)
- 翊小久 (@ yixiaojiu)
-
3.1.1 - 2024-01-26
- #9791 fix(core): broken links optimization behaves differently than non-optimized logic (@ slorber)
- #9788 fix(core): links with target "_blank" should no be checked by the broken link checker (@ slorber)
- #9407 fix(core): conditionally include
- #9776 fix(mdx-loader): allow spaces before
- #9783 fix(create-docusaurus): fix typo in init template sample docs (@ dawei-wang)
- #9727 fix(theme-common): fix missing code block MagicComments style in Visual Basic (.NET) 16 (@ tats-u)
- #9733 fix: remove old useless mdx typedefs (@ slorber)
- #9732 fix(core): various broken anchor link fixes (@ slorber)
- #9778 perf(core): optimize broken links checker (@ slorber)
- #9470 polish(theme): MDX images should use async decoding (@ sanjaiyan-dev)
- Jack Robson (@ jack-robson)
- Sanjaiyan Parthipan (@ sanjaiyan-dev)
- Sébastien Lorber (@ slorber)
- Tatsunori Uchino (@ tats-u)
- @ dawei-wang
- @ eitsupi
-
3.1.0 - 2024-01-05
-
3.0.1 - 2023-11-30
-
3.0.0 - 2023-10-31
-
3.0.0-rc.1 - 2023-10-26
-
3.0.0-rc.0 - 2023-10-20
-
3.0.0-beta.0 - 2023-09-15
-
3.0.0-alpha.0 - 2023-06-15
-
2.4.3 - 2023-09-20
-
2.4.1 - 2023-05-15
-
2.4.0 - 2023-03-23
-
2.3.1 - 2023-02-03
-
2.3.0 - 2023-01-27
-
2.2.0 - 2022-10-29
-
2.1.0 - 2022-09-02
from @docusaurus/core GitHub release notes3.4.0 (2024-05-31)
🚀 New Feature
create-docusaurus,docusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-theme-classic,docusaurus-utils-validation,docusaurus-utilstags.yml, predefined list of tags (@ OzakIOne)docusaurus-theme-translationsdocusaurus-plugin-client-redirects,docusaurus-plugin-content-blog,docusaurus-plugin-pwa,docusaurus-plugin-sitemap,docusaurus-theme-search-algolia,docusaurus-types,docusaurus-utils,docusaurusdocusaurus-module-type-aliases,docusaurus-theme-classic,docusaurus-theme-common,docusaurus-types,docusaurus🐛 Bug Fix
docusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-utilsdocusaurus-theme-search-algoliacontextualSearch: falsesetting (@ ncoughlin)docusaurus-mdx-loader,docusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-plugin-content-pages,docusaurus-utilsdocusaurus-theme-translationsdocusaurusdocusaurus servebroken for assets when using trailingSlash (@ slorber)docusaurus-theme-classic,docusaurus-theme-commondocusaurus-plugin-content-docs,docusaurusconfigurePostCss()should run afterconfigureWebpack()(@ slorber)docusaurus-utils,docusaurusdocusaurus-theme-classic,docusaurus-theme-translations📝 Documentation
<details>(@ tats-u){<...>...</...>}if don't use Markdown in migra… (@ tats-u)🤖 Dependencies
Committers: 11
v3.3.2
v3.3.1
3.3.0 (2024-05-03)
🚀 New Feature
docusaurus-plugin-sitemapdocusaurus-mdx-loader,docusaurus-types,docusaurussiteConfig.markdown.anchors.maintainCase(@ iAdramelk)docusaurusdocusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-plugin-content-pages,docusaurus-plugin-debug,docusaurus-types,docusaurusdocusaurus-plugin-content-pages,docusaurus-theme-classic,docusaurus-theme-common🐛 Bug Fix
docusaurus-cssnano-preset,docusaurus-utils,docusaurusdocusaurus-theme-classic<Tabs>props should allow overriding defaults (@ gagdiez)<Admonition>should render properly without heading/icon (@ andrmaz)docusaurusdocusaurus serveredirects should include the site/baseUrl/prefix (@ slorber)docusaurus-module-type-aliases,docusaurus-preset-classic,docusaurus-theme-classic,docusaurus-theme-live-codeblock,docusaurusdocusaurus-theme-translationsdocusaurus-theme-search-algoliadocusaurus-plugin-content-docs,docusaurusdocusaurus-plugin-content-docsdocusaurus-utilslog.showSignature=true(@ slorber)🏃♀️ Performance
docusaurus💅 Polish
docusaurus-theme-classicdocusaurus-theme-common📝 Documentation
déjatodéjàinswizzling.mdx(@ Zwyx)ThemedImageexample work out of the box (@ lebalz)🤖 Dependencies
🔧 Maintenance
create-docusaurus,docusaurus-cssnano-preset,docusaurus-logger,docusaurus-mdx-loader,docusaurus-plugin-client-redirects,docusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-plugin-content-pages,docusaurus-plugin-debug,docusaurus-plugin-google-analytics,docusaurus-plugin-google-gtag,docusaurus-plugin-google-tag-manager,docusaurus-plugin-ideal-image,docusaurus-plugin-pwa,docusaurus-plugin-sitemap,docusaurus-plugin-vercel-analytics,docusaurus-preset-classic,docusaurus-remark-plugin-npm2yarn,docusaurus-theme-classic,docusaurus-theme-common,docusaurus-theme-live-codeblock,docusaurus-theme-mermaid,docusaurus-theme-search-algolia,docusaurus-theme-translations,docusaurus-utils-common,docusaurus-utils-validation,docusaurus-utils,docusaurus,eslint-plugin,lqip-loader,stylelint-copyrightCommitters: 20
3.2.1 (2024-04-04)
🐛 Bug Fix
docusaurus📝 Documentation
🤖 Dependencies
Committers: 2
3.2.0 (2024-03-29)
🚀 New Feature
docusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-plugin-content-pages,docusaurus-plugin-sitemap,docusaurus-types,docusaurus-utils,docusaurusdocusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-theme-classic,docusaurus-theme-common,docusaurus-utils-validation,docusaurus-utilsdocusaurus-plugin-debug,docusaurus-types,docusaurusdocusaurus-theme-translationsdocusaurus-plugin-content-blogdocusauruscreate-docusaurus,docusaurus-utilsdocusaurus-plugin-vercel-analyticsdocusaurus-mdx-loader🐛 Bug Fix
docusaurus-mdx-loaderdocusaurus-theme-search-algoliadocusaurus-plugin-content-blogdocusaurus-theme-classicdocusaurus-theme-translationsdocusaurus-utilsdocusaurusdocusaurus-remark-plugin-npm2yarndocusaurus-theme-classic,docusaurus-theme-translations🏃♀️ Performance
docusaurus-types,docusaurus-utils,docusaurusdocusaurus-types,docusaurusdocusaurus-plugin-content-docs,docusaurus-plugin-content-pages,docusaurus-types,docusaurusdocusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-utilsdocusaurus💅 Polish
docusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-theme-classic,docusaurus-theme-commondocusaurus-plugin-content-blog,docusaurus-theme-classic,docusaurus-theme-common,docusaurus-typesdocusaurus-plugin-content-docs📝 Documentation
🤖 Dependencies
🔧 Maintenance
docusaurus-plugin-client-redirects,docusaurus-plugin-content-docs,docusaurus-utils-common,docusaurus-utils-validation,docusaurus-utils,docusaurusdocusaurus-plugin-content-blog,docusaurus-plugin-content-docs,docusaurus-theme-classic,docusaurus-theme-common,docusaurus-utilsCommitters: 22
3.1.1 (2024-01-26)
🐛 Bug Fix
docusaurus-types,docusaurusdocusaurushostnameparameter when using… (@ jack-robson)docusaurus-utilsmdx-code-blockinfo string (@ eitsupi)create-docusaurusdocusaurus-theme-commondocusaurus-theme-classic,docusaurus-theme-mermaiddocusaurus-module-type-aliases,docusaurus-theme-classic,docusaurus-theme-common,docusaurus-utils,docusaurus🏃♀️ Performance
docusaurus💅 Polish
docusaurus-theme-classicCommitters: 6
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"docusaurus/core","to":"docusaurus/core"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":109,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jan 09 2024 12:13:57 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":2.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":235,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.0006},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Oct 13 2023 06:39:08 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":10.1},{"name":"likelihood","value":2.33},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACK-3358798","issue_id":"SNYK-JS-WEBPACK-3358798","priority_score":165,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00246},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Mar 13 2023 09:02:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.22},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Sandbox Bypass"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","issue_id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":158,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Mar 22 2024 08:05:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":2.36},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":74,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:34:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"na...