Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: react, react-dom, chalk, codemirror, deep-equal, dompurify, dugite, event-kit, focus-trap-react, fs-admin, fs-extra, keytar, marked, moment, mri, p-limit, primer-support, react-transition-group, react-virtualized, registry-js, source-map-support, textarea-caret, tslib, untildify, uuid, winston #29

Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

[Snyk] Upgrade: react, react-dom, chalk, codemirror, deep-equal, dompurify, dugite, event-kit, focus-trap-react, fs-admin, fs-extra, keytar, marked, moment, mri, p-limit, primer-support, react-transition-group, react-virtualized, registry-js, source-map-support, textarea-caret, tslib, untildify, uuid, winston #29

wants to merge 1 commit into from

Conversation

scatools-demo
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

react
from 16.8.4 to 16.14.0 | 13 versions ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.8.4 to 16.14.0 | 13 versions ahead of your current version | 4 years ago
on 2020-10-14
chalk
from 2.3.0 to 2.4.2 | 5 versions ahead of your current version | 6 years ago
on 2019-01-05
codemirror
from 5.60.0 to 5.65.17 | 29 versions ahead of your current version | 2 months ago
on 2024-07-20
deep-equal
from 1.0.1 to 1.1.2 | 3 versions ahead of your current version | 10 months ago
on 2023-11-09
dompurify
from 2.3.3 to 2.5.6 | 26 versions ahead of your current version | 2 months ago
on 2024-07-05
dugite
from 1.104.0 to 1.110.0 | 6 versions ahead of your current version | 2 years ago
on 2022-07-12
event-kit
from 2.4.0 to 2.5.3 | 4 versions ahead of your current version | 6 years ago
on 2018-11-14
focus-trap-react
from 8.1.0 to 8.11.3 | 24 versions ahead of your current version | 2 years ago
on 2022-06-09
fs-admin
from 0.19.0 to 0.20.0 | 1 version ahead of your current version | 3 years ago
on 2022-02-10
fs-extra
from 9.0.1 to 9.1.0 | 1 version ahead of your current version | 4 years ago
on 2021-01-19
keytar
from 7.7.0 to 7.9.0 | 2 versions ahead of your current version | 3 years ago
on 2022-02-17
marked
from 3.0.7 to 3.0.8 | 1 version ahead of your current version | 3 years ago
on 2021-10-24
moment
from 2.24.0 to 2.30.1 | 14 versions ahead of your current version | 9 months ago
on 2023-12-27
mri
from 1.1.0 to 1.2.0 | 7 versions ahead of your current version | 3 years ago
on 2021-09-12
p-limit
from 2.2.0 to 2.3.0 | 3 versions ahead of your current version | 4 years ago
on 2020-04-05
primer-support
from 4.3.0 to 4.7.2 | 482 versions ahead of your current version | 6 years ago
on 2019-01-11
react-transition-group
from 4.4.1 to 4.4.5 | 4 versions ahead of your current version | 2 years ago
on 2022-08-01
react-virtualized
from 9.20.0 to 9.22.5 | 10 versions ahead of your current version | a year ago
on 2023-04-17
registry-js
from 1.15.0 to 1.16.0 | 2 versions ahead of your current version | 7 months ago
on 2024-03-01
source-map-support
from 0.4.18 to 0.5.21 | 22 versions ahead of your current version | 3 years ago
on 2021-11-19
textarea-caret
from 3.0.2 to 3.1.0 | 1 version ahead of your current version | 7 years ago
on 2018-02-20
tslib
from 2.0.0 to 2.7.0 | 18 versions ahead of your current version | a month ago
on 2024-08-23
untildify
from 3.0.2 to 3.0.3 | 1 version ahead of your current version | 6 years ago
on 2018-05-19
uuid
from 3.1.0 to 3.4.0 | 6 versions ahead of your current version | 5 years ago
on 2020-01-16
winston
from 2.3.1 to 2.4.7 | 8 versions ahead of your current version | 2 years ago
on 2022-11-15

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-DOMPURIFY-7984421		 586 No Known Exploit
high severity Directory Traversal
SNYK-JS-MOMENT-2440688		 586 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238		 586 Proof of Concept
medium severity Template Injection
SNYK-JS-DOMPURIFY-6474511		 586 Proof of Concept
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118		 586 No Known Exploit
medium severity Denial of Service
SNYK-JS-NODEFETCH-674311		 586 No Known Exploit
Release notes
Package name: react from react GitHub release notes
Package name: react-dom from react-dom GitHub release notes
Package name: chalk from chalk GitHub release notes
Package name: codemirror
  • 5.65.17 - 2024-07-20
  • 5.65.16 - 2023-11-20
  • 5.65.15 - 2023-08-29
  • 5.65.14 - 2023-07-17
  • 5.65.13 - 2023-04-27
  • 5.65.12 - 2023-02-20
  • 5.65.11 - 2022-12-20
  • 5.65.10 - 2022-11-20
  • 5.65.9 - 2022-09-20
  • 5.65.8 - 2022-08-20
  • 5.65.7 - 2022-07-20
  • 5.65.6 - 2022-06-20
  • 5.65.5 - 2022-05-30
  • 5.65.4 - 2022-05-20
  • 5.65.3 - 2022-04-20
  • 5.65.2 - 2022-02-21
  • 5.65.1 - 2022-01-20
  • 5.65.0 - 2021-12-20
  • 5.64.0 - 2021-11-20
  • 5.63.3 - 2021-10-12
  • 5.63.2 - 2021-10-11
  • 5.63.1 - 2021-09-29
  • 5.63.0 - 2021-09-20
  • 5.62.3 - 2021-08-20
  • 5.62.2 - 2021-07-21
  • 5.62.1 - 2021-07-20
  • 5.62.0 - 2021-06-21
  • 5.61.1 - 2021-05-20
  • 5.61.0 - 2021-04-20
  • 5.60.0 - 2021-03-20
from codemirror GitHub release notes
Package name: deep-equal
  • 1.1.2 - 2023-11-09

    v1.1.2

  • 1.1.1 - 2019-11-12
  • 1.1.0 - 2019-08-28
  • 1.0.1 - 2015-08-29
from deep-equal GitHub release notes
Package name: dompurify
  • 2.5.6 - 2024-07-05
    • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @ kevin-mizu
    • Fixed a minor problem with the bower file pointing to the wrong dist path
    • Updated several development dependencies
  • 2.5.5 - 2024-05-31
    • Fixed a minor issue with the dist paths in bower.js, thanks @ HakumenNC
    • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @ kakao-bishop-cho
  • 2.5.4 - 2024-05-20
    • Fixed a bug with latest isNaN checks affecting MSIE, thanks @ tulach
    • Fixed the tests for MSIE and fixed related test-runner
  • 2.5.3 - 2024-05-11
    • Fixed several mXSS variations found by and thanks to @ kevin-mizu & @ Ry0taK
    • Added better configurability for comment scrubbing default behavior
    • Added better hardening against Prototype Pollution attacks, thanks @ kevin-mizu
    • Fixed some smaller issues in README and other documentation
  • 2.5.2 - 2024-04-30
    • Addressed and fixed a mXSS variation found by @ kevin-mizu
    • Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
    • Updated tests for older Safari and Chrome versions
  • 2.5.1 - 2024-04-26
  • 2.5.0 - 2024-04-07
  • 2.4.9 - 2024-03-21
  • 2.4.8 - 2024-03-19
  • 2.4.7 - 2023-07-11
  • 2.4.6 - 2023-07-10
  • 2.4.5 - 2023-03-01
  • 2.4.4 - 2023-02-13
  • 2.4.3 - 2023-01-06
  • 2.4.2 - 2023-01-05
  • 2.4.1 - 2022-11-10
  • 2.4.0 - 2022-08-24
  • 2.3.12 - 2022-08-23
  • 2.3.11 - 2022-08-23
  • 2.3.10 - 2022-07-18
  • 2.3.9 - 2022-07-11
  • 2.3.8 - 2022-05-13
  • 2.3.7 - 2022-05-11
  • 2.3.6 - 2022-02-16
  • 2.3.5 - 2022-01-26
  • 2.3.4 - 2021-12-07
  • 2.3.3 - 2021-09-20
from dompurify GitHub release notes
Package name: dugite
  • 1.110.0 - 2022-07-12

    Updates Git to 2.35.4 and G4W to 2.35.4.windows.1.

    Also updates the unsafe directory error as it changed with this update and adds error handling for path exists but not in the ref.

  • 1.109.0 - 2022-04-20

    Updates Git LFS to 3.1.4

  • 1.108.0 - 2022-04-15

    Bumps dugite-native in order to bump Git 2.35.2

  • 1.107.0 - 2022-04-13

    This fixes several patterns for errors which have changed subtly in between 2.32 and 2.35 - #469

  • 1.106.0 - 2022-04-13

    Bumps dugite-native in order to get Git 2.35.2 and Git LFS 3.1.2 - #468

  • 1.105.0 - 2022-04-12

    Bumps dugite-native to 2.32.1 in order to bump git to 2.32.1 and g4w to 2.32.1.windows.1

  • 1.104.0 - 2021-09-21
    • Bumps dugite-native in order to get Git 2.32.0 and Git LFS 2.13.3 - #457
from dugite GitHub release notes
Package name: event-kit from event-kit GitHub release notes
Package name: focus-trap-react
  • 8.11.3 - 2022-06-09

    Patch Changes

    • 9947461: Bump focus-trap dependency to v6.9.4 to get typings fix.
    • 519e5a5: Fix setReturnFocus option as function not being passed node focused prior to activation.
  • 8.11.2 - 2022-05-25

    Patch Changes

    • 7547d93: Bumps focus-trap to v6.9.3 to pick-up some small bug fixes from underlying tabbable.
  • 8.11.1 - 2022-05-06

    Patch Changes

    • 040813a: Bumps focus-trap to v6.9.1 to pick-up a fix to tabbable in v5.3.2 regarding the displayCheck=full (default) option behavior that caused issues with detached nodes.
  • 8.11.0 - 2022-04-28

    Minor Changes

    • 7495680: Bump focus-trap to v6.9.0 to get bug fixes and new features to help fix some bugs.

    Patch Changes

    • 7495680: Fix onDeactivate, onPostDeactivate, and checkCanReturnFocus options not being called consistently on deactivation.
    • 7495680: Fix focus not being allowed to remain on outside node post-deactivation when clickOutsideDeactivates is true or returns true.
  • 8.10.0 - 2022-04-22

    Minor Changes

    • 659d44e: Bumps focus-trap to v6.8.1. The big new feature is opt-in Shadow DOM support in focus-trap (in tabbable), and new tabbable options exposed in a new focusTrapOptions.tabbableOptions configuration option.
  • 8.9.2 - 2022-02-12

    Patch Changes

    • 83e283c: Update focus-trap to v6.7.3 for bug fix related to elements with a negative tabindex.
  • 8.9.1 - 2022-01-12

    Patch Changes

    • 3eb9421: Bump focus-trap to v6.7.2 for bug fix.
  • 8.9.0 - 2021-12-11

    Minor Changes

    • 83097a5: Delay trap creation until it should be active. This is a change in behavior, however it should not break existing behavior. The delay now allows you to set active=false until you have the focusTrapOptions set correctly. #539

    Patch Changes

    • 16d1ae1: Fix bug where global document was being accessed instead of first checking for focusTrapOptions.document option. #539
  • 8.8.2 - 2021-10-14

    Patch Changes

    • 08a9449: Use preventScroll option on deactivation if returning focus.
  • 8.8.1 - 2021-09-27

    Patch Changes

    • a2806a0: Fix SSR issues when accessing document object (#482)
  • 8.8.0 - 2021-09-27
  • 8.7.1 - 2021-08-14
  • 8.7.0 - 2021-07-03
  • 8.6.0 - 2021-06-19
  • 8.5.1 - 2021-06-08
  • 8.5.0 - 2021-04-21
  • 8.4.2 - 2021-02-06
  • 8.4.1 - 2021-01-19
  • 8.4.0 - 2021-01-16
  • 8.3.2 - 2020-12-02
  • 8.3.1 - 2020-11-25
  • 8.3.0 - 2020-11-18
  • 8.2.0 - 2020-11-17
  • 8.1.1 - 2020-10-31
  • 8.1.0 - 2020-09-26
from focus-trap-react GitHub release notes
Package name: fs-admin
  • 0.20.0 - 2022-02-10
    No content.
  • 0.19.0 - 2021-04-27

    Infrastructure

    • Ported native module to N-API - #105
    • Switch to N-API prebuilds - #106

    dependencies updates

    • Bump prebuild-install from 6.0.1 to 6.1.1

    devDependencies updates

    • Bump node-gyp from 7.1.2 to 8.0.0
from fs-admin GitHub release notes
Package name: fs-extra from fs-extra GitHub release notes
Package name: keytar
  • 7.9.0 - 2022-02-17

    Infrastructure

    devDependencies updates

    • Bump prebuild from 11.0.2 to 11.0.3
  • 7.8.0 - 2022-02-02

    Infrastructure

    • Fix CI builds from latest macOS runners - #442
    • Fix CI builds for Linux, by bumping to Ubuntu 20.04 runners - #442

    Fixed

    • Guard against NULL filter finding credentials on Windows - #426, thanks @ sbatten!

    dependencies updates

    • Bump prebuild-install from 6.0.1 to 7.0.1
    • Bump node-addon-api from 3.1.0 to 4.3.0
    • Bump lodash from 4.17.19 to 4.17.21

    devDependencies updates

    • Bump node-gyp from 7.1.2 to 8.4.1
    • Bump chai from 4.3.4 to 4.3.6
    • Bump mocha from 8.3.2 to 9.2.0
  • 7.7.0 - 2021-04-27

    Infrastructure

from keytar GitHub release notes
Package name: marked from marked GitHub release notes
Package name: moment

@snyk-bot
fix: upgrade multiple dependencies with Snyk
882744c 
Snyk has created this PR to upgrade:
  - react from 16.8.4 to 16.14.0.
    See this package in npm: https://www.npmjs.com/package/react
  - react-dom from 16.8.4 to 16.14.0.
    See this package in npm: https://www.npmjs.com/package/react-dom
  - chalk from 2.3.0 to 2.4.2.
    See this package in npm: https://www.npmjs.com/package/chalk
  - codemirror from 5.60.0 to 5.65.17.
    See this package in npm: https://www.npmjs.com/package/codemirror
  - deep-equal from 1.0.1 to 1.1.2.
    See this package in npm: https://www.npmjs.com/package/deep-equal
  - dompurify from 2.3.3 to 2.5.6.
    See this package in npm: https://www.npmjs.com/package/dompurify
  - dugite from 1.104.0 to 1.110.0.
    See this package in npm: https://www.npmjs.com/package/dugite
  - event-kit from 2.4.0 to 2.5.3.
    See this package in npm: https://www.npmjs.com/package/event-kit
  - focus-trap-react from 8.1.0 to 8.11.3.
    See this package in npm: https://www.npmjs.com/package/focus-trap-react
  - fs-admin from 0.19.0 to 0.20.0.
    See this package in npm: https://www.npmjs.com/package/fs-admin
  - fs-extra from 9.0.1 to 9.1.0.
    See this package in npm: https://www.npmjs.com/package/fs-extra
  - keytar from 7.7.0 to 7.9.0.
    See this package in npm: https://www.npmjs.com/package/keytar
  - marked from 3.0.7 to 3.0.8.
    See this package in npm: https://www.npmjs.com/package/marked
  - moment from 2.24.0 to 2.30.1.
    See this package in npm: https://www.npmjs.com/package/moment
  - mri from 1.1.0 to 1.2.0.
    See this package in npm: https://www.npmjs.com/package/mri
  - p-limit from 2.2.0 to 2.3.0.
    See this package in npm: https://www.npmjs.com/package/p-limit
  - primer-support from 4.3.0 to 4.7.2.
    See this package in npm: https://www.npmjs.com/package/primer-support
  - react-transition-group from 4.4.1 to 4.4.5.
    See this package in npm: https://www.npmjs.com/package/react-transition-group
  - react-virtualized from 9.20.0 to 9.22.5.
    See this package in npm: https://www.npmjs.com/package/react-virtualized
  - registry-js from 1.15.0 to 1.16.0.
    See this package in npm: https://www.npmjs.com/package/registry-js
  - source-map-support from 0.4.18 to 0.5.21.
    See this package in npm: https://www.npmjs.com/package/source-map-support
  - textarea-caret from 3.0.2 to 3.1.0.
    See this package in npm: https://www.npmjs.com/package/textarea-caret
  - tslib from 2.0.0 to 2.7.0.
    See this package in npm: https://www.npmjs.com/package/tslib
  - untildify from 3.0.2 to 3.0.3.
    See this package in npm: https://www.npmjs.com/package/untildify
  - uuid from 3.1.0 to 3.4.0.
    See this package in npm: https://www.npmjs.com/package/uuid
  - winston from 2.3.1 to 2.4.7.
    See this package in npm: https://www.npmjs.com/package/winston

See this project in Snyk:
https://app.snyk.io/org/monica-a-nbcu/project/55142b81-7d26-48e2-9cb1-2f31f0a7b7c5?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@scatools-demo @snyk-bot