[Snyk] Fix for 2 vulnerabilities #226

terrorizer1980 · 2023-12-11T08:52:55Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- docs/package.json
- docs/package-lock.json
- docs/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

c1e67a2 chore(release): Publish
0c45654 chore: remove tracedSVG (Superset 6.0.0 - Refresh dashboard button crashes the Superset UI apache/superset#37093) (Is there any possibility to filter datasets via tags (or some parameter) using API ? apache/superset#37137)
d7edf95 chore(release): Publish
2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (feat(country-map): add cross-filters support apache/superset#35859) (Jinja Templating across different datasets apache/superset#35913)
4997d63 chore(release): Publish
ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (Helm chart do not follow best practices for k8s manifests apache/superset#35830) (fix(dashboard): prevent tab content cutoff and excessive whitespace in empty tabs apache/superset#35834)
36f21b0 chore: Removate validate-renovate from v3-latest branch (chore(deps-dev): bump eslint-import-resolver-typescript from 3.7.0 to 4.4.4 in /superset-frontend apache/superset#34460)
1acb1bc chore(release): Publish
1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (build(deps): remove legacy browser polyfills apache/superset#33853) (Apply multiple filters in embedded dashboard apache/superset#34020)
9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (fix: #33862 – Security menu missing on MySQL due to case mismatch apache/superset#33864) (Failing to parse a saved query completely breaks the listing page apache/superset#34019)
76deb39 fix(gatsby-source-drupal): searcParams missing from urls (HostAliases not added to init job on apache/superset#33861) (fix: Update spacing on echart legends apache/superset#34018)
f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (How to Implement Long Screenshot Capture in Reports apache/superset#33683) (feat(deckgl): add new color controls with color breakpoints apache/superset#34017)
476a591 chore(release): Publish
35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (In Apache Superset, to include a logo in PDF/email reports, does it require frontend code change? apache/superset#33416) (chore(🦾): bump python bottleneck subpackage(s) apache/superset#33806)
880022e fix(gatsby-plugin-image): flickering when state changes (Best Practices for Multi-Environment Dashboard Promotion (Dev, Acceptance, Prod) with Superset CLI apache/superset#33732) (Two Jinja date filters apache/superset#33807)
c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (chore(🦾): bump python importlib-metadata subpackage(s) apache/superset#33801) (chore(🦾): bump python pandas subpackage(s) apache/superset#33804)
3d9a702 chore(release): Publish
84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (### Bug: SSO Logout Not Working with Keycloak + Iframe Embedded Superset apache/superset#33685) (fix(theming): Fix visual regressions from theming P4 apache/superset#33703)
4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (Chart migration from one instance to another instance. apache/superset#33668) (Dynamically get the Embeded dashboard UUID's for a Logged in User.. apache/superset#33705)
857a628 fix(gatsby): single page node manifest accuracy (chore(deps-dev): bump @docusaurus/module-type-aliases from 3.7.0 to 3.8.0 in /docs apache/superset#33642) (#33698)
6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (chore(wip): giving migrate-ts a shot apache/superset#33667) ("Embed dashboard" option does not appear in the dashboard menu apache/superset#33702)
26c51c0 fix(gatsby-source-drupal): cache backlink records (fix: allow metadata to parse json apache/superset#33444) (chore: update sqlglot dialect map apache/superset#33701)
b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (chore(deps): update @deck.gl/aggregation-layers requirement from ^9.0.38 to ^9.1.11 in /superset-frontend/plugins/legacy-preset-chart-deckgl apache/superset#33328) ("Last Updated" time at top of Alerts list looks odd in 5.0.0rc3 apache/superset#33699)
e29a194 chore: use gatsby-dev-cli@latest-v3 in tests

See the full diff

Package name: gatsby-transformer-sharp

The new version differs by 250 commits.

c1e67a2 chore(release): Publish
0c45654 chore: remove tracedSVG (Superset 6.0.0 - Refresh dashboard button crashes the Superset UI apache/superset#37093) (Is there any possibility to filter datasets via tags (or some parameter) using API ? apache/superset#37137)
d7edf95 chore(release): Publish
2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (feat(country-map): add cross-filters support apache/superset#35859) (Jinja Templating across different datasets apache/superset#35913)
4997d63 chore(release): Publish
ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (Helm chart do not follow best practices for k8s manifests apache/superset#35830) (fix(dashboard): prevent tab content cutoff and excessive whitespace in empty tabs apache/superset#35834)
36f21b0 chore: Removate validate-renovate from v3-latest branch (chore(deps-dev): bump eslint-import-resolver-typescript from 3.7.0 to 4.4.4 in /superset-frontend apache/superset#34460)
1acb1bc chore(release): Publish
1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (build(deps): remove legacy browser polyfills apache/superset#33853) (Apply multiple filters in embedded dashboard apache/superset#34020)
9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (fix: #33862 – Security menu missing on MySQL due to case mismatch apache/superset#33864) (Failing to parse a saved query completely breaks the listing page apache/superset#34019)
76deb39 fix(gatsby-source-drupal): searcParams missing from urls (HostAliases not added to init job on apache/superset#33861) (fix: Update spacing on echart legends apache/superset#34018)
f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (How to Implement Long Screenshot Capture in Reports apache/superset#33683) (feat(deckgl): add new color controls with color breakpoints apache/superset#34017)
476a591 chore(release): Publish
35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (In Apache Superset, to include a logo in PDF/email reports, does it require frontend code change? apache/superset#33416) (chore(🦾): bump python bottleneck subpackage(s) apache/superset#33806)
880022e fix(gatsby-plugin-image): flickering when state changes (Best Practices for Multi-Environment Dashboard Promotion (Dev, Acceptance, Prod) with Superset CLI apache/superset#33732) (Two Jinja date filters apache/superset#33807)
c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (chore(🦾): bump python importlib-metadata subpackage(s) apache/superset#33801) (chore(🦾): bump python pandas subpackage(s) apache/superset#33804)
3d9a702 chore(release): Publish
84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (### Bug: SSO Logout Not Working with Keycloak + Iframe Embedded Superset apache/superset#33685) (fix(theming): Fix visual regressions from theming P4 apache/superset#33703)
4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (Chart migration from one instance to another instance. apache/superset#33668) (Dynamically get the Embeded dashboard UUID's for a Logged in User.. apache/superset#33705)
857a628 fix(gatsby): single page node manifest accuracy (chore(deps-dev): bump @docusaurus/module-type-aliases from 3.7.0 to 3.8.0 in /docs apache/superset#33642) (#33698)
6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (chore(wip): giving migrate-ts a shot apache/superset#33667) ("Embed dashboard" option does not appear in the dashboard menu apache/superset#33702)
26c51c0 fix(gatsby-source-drupal): cache backlink records (fix: allow metadata to parse json apache/superset#33444) (chore: update sqlglot dialect map apache/superset#33701)
b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (chore(deps): update @deck.gl/aggregation-layers requirement from ^9.0.38 to ^9.1.11 in /superset-frontend/plugins/legacy-preset-chart-deckgl apache/superset#33328) ("Last Updated" time at top of Alerts list looks odd in 5.0.0rc3 apache/superset#33699)
e29a194 chore: use gatsby-dev-cli@latest-v3 in tests

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746

stale · 2024-02-09T10:35:39Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

terrorizer1980 mentioned this pull request Feb 3, 2024

[Snyk] Security upgrade react-jsonschema-form from 1.2.0 to 1.8.1 #279

Closed

stale bot added the inactive label Feb 9, 2024

stale bot closed this Feb 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 2 vulnerabilities #226

[Snyk] Fix for 2 vulnerabilities #226

Uh oh!

terrorizer1980 commented Dec 11, 2023

Uh oh!

stale bot commented Feb 9, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Fix for 2 vulnerabilities #226

[Snyk] Fix for 2 vulnerabilities #226

Uh oh!

Conversation

terrorizer1980 commented Dec 11, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

With a Snyk patch:

Uh oh!

stale bot commented Feb 9, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants