Skip to content
This repository was archived by the owner on Dec 6, 2022. It is now read-only.

[Snyk] Fix for 5 vulnerabilities #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 5 vulnerabilities #7

wants to merge 1 commit into from

Conversation

@AndrewKevin
Copy link
Contributor

@AndrewKevin AndrewKevin commented Oct 5, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JS-AXIOS-174505		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-CHARTJS-1018716		 No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Cross-site Scripting (XSS)
npm:vue:20180802		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 250 commits.
  • e367be5 [Releasing] 0.21.3
  • 83ae383 Correctly add response interceptors to interceptor chain (#4013)
  • c0c8761 [Updating] changelog to include links to issues and contributors
  • 619bb46 [Releasing] v0.21.2
  • 82c9455 Create SECURITY.md (#3981)
  • 5b45711 Security fix for ReDoS (#3980)
  • 5bc9ea2 Update ECOSYSTEM.md (#3817)
  • e72813a Fixing README.md (#3818)
  • e10a027 Fix README typo under Request Config (#3825)
  • e091491 Update README.md (#3936)
  • b42fbad Removed un-needed bracket
  • 520c8dc Updating CI status badge (#3953)
  • 4fbeecb Adding CI on Github Actions. (#3938)
  • e9965bf Fixing the sauce labs tests (#3813)
  • dbc634c Remove charset in tests (#3807)
  • 3958e9f Add explanation of cancel token (#3803)
  • 69949a6 Adding custom return type support to interceptor (#3783)
  • 49509f6 Create FUNDING.yml (#3796)
  • 199c8aa Adding parseInt to config.timeout (#3781)
  • 94fc4ea Adding isAxiosError typeguard documentation (#3767)
  • 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
  • a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
  • 59fa614 [Updated] follow-redirects to the latest version (#3771)
  • 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: chart.js The new version differs by 250 commits.
  • 1d92605 Use Object.create(null) as `merge` target (#7920)
  • dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
  • d919188 Bump verison number to v2.9.4
  • 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
  • 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
  • 2493cb5 Use node v12.18.2 on Travis CI (#7864)
  • 679ec4a docs: fix rollup external moment (#7587)
  • 484f0d1 Preserve object prototypes when cloning (#7404)
  • 2df6986 Look for any branch starting with release (#7087) (#7089)
  • 26ea9f0 Update version number to 2.9.3 (#6725)
  • a307a2a Don't make legend empty when fill is false (#6719)
  • c44229f Fix undefined variable (#6698)
  • a985fec Stop unnecessary line calculations (#6671)
  • 1cce8a5 Backward compatible default `fill` for radar charts (#6655)
  • a920bfe Hide correct dataset from legend (#6661)
  • 201fe46 Versatile clipping for lines (#6660)
  • ad26311 Refresh package-lock to pick up new version of chartjs-colors (#6663)
  • 8abfbcb Update version number to v2.9.2 (#6657)
  • 45550ed Combine performance docs (#6643)
  • 65421bb Use `document` when `getRootNode` is unsupported (#6641)
  • a92dd7b Release v2.9.1 (#6618)
  • 26b9d1f Merge pull request #6601 from chartjs/master
  • ea100d4 Bump version number to 2.9.0 (#6600)
  • 333118b Hover styling for dataset in 'dataset' mode (#6527)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AndrewKevin @snyk-bot