[Snyk] Fix for 13 vulnerabilities #216

Rebolon · 2023-11-28T14:07:41Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @api-platform/admin

The new version differs by 250 commits.

084a853 v2.8.0
0780356 chore: update changelog
77aa3e0 fix: always parse id field and manage correctly integer identifier (#427)
a5a162a style: better eslint configuration (#426)
0988e12 feat(guesser): migrate to full TS (#425)
d55e3d3 fix: close event source connections (#424)
74b62f1 feat(hydra): migrate to full TS (#421)
b0e6d53 fix: use pagination for get many items with id filter (#420)
9013281 chore: replace babel with tsc (#419)
151d717 chore: use GitHub Actions badge in README (#418)
ae50ae8 feat: add rimraf for cleaner build (#417)
e3f273a test: use TS for the tests (#415)
a98af5a test: replace enzyme by testing-library (#414)
69c8807 feat: Typescript migration (#412)
fe8e35b v2.7.2
6696de4 fix: memory leak if Mercure is not enabled (#410)
e8a6fec v2.7.1
4ce1e02 feat: extract Mercure hub from response headers (#409)
1679779 v2.7.0
370074f chore: update CHANGELOG and README
9cd7eb6 feat: add possibility to disable caching (#408)
8b6baaf feat: mercure support (#407)
38fe2d9 fix(dataprovider): make sure a property's value is not null before checking if there is a toJSON property in a form data value (#402)
ca89a38 feat: add possibility to pass admin component as a prop (#404)