[Snyk] Fix for 5 vulnerabilities #144

rwwiv · 2023-12-20T14:19:49Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- server/frontend/package.json
- server/frontend/package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Mature
711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: admin-lte

The new version differs by 250 commits.

e78ee8d prep version
5198872 updated README.md
b7a1c87 fixed card default border after adding nav tabs support
2ea45f2 fixed labels in issue templates
6457d31 added forget password & recover password demo
c4b9059 added new issue templates
bed1408 updated install instructions in docs/index.md
54adf72 fixed focus border in mozilla (bug with focusring removal)
d5404fb removed node_js 9 from .travis.yml
ec0cf8a corrected select2 paddings to change look similar to form-control/custom-form select
4d13072 added job exclude in .travis.yml
08c597d added .travis.yml
67024d8 added .nav-legacy & .nav-collapse-hide-child docs part
60830bb fixed select2 paddings/margins
448556d fixed mozilla focusring outline
e8ddb64 removed mozilla dotted border from focus links
e7d646c some little fixes
090bffc prep version
9252541 enhanced scss structure & compiled size
f60e062 changed user-image size/margin in .user-menu
139fbd3 fixed box-shadow with select2 bootstrap4 theme
242ef89 fixed select2 init bug in forms/advanced.html
acf9fe8 added bs-custom-file-input plugin
247b797 changed input placeholder color with lighten

Package name: axios

The new version differs by 235 commits.

a64050a Releasing 0.21.1
d57cd97 Updating changelog for 0.21.1 release
8b0f373 Use different socket for Win32 test (#3375)
e426910 Protocol not parsed when setting proxy config from env vars (#3070)
c7329fe Hotfix: Prevent SSRF (#3410)
f472e5d Adding a type guard for `AxiosError` (#2949)
7688255 Remove the skipping of the `socket` http test (#3364)
820fe6e Updating axios in types to be lower case (#2797)
94ca24b Releasing 0.21.0
2130a0c Updating changelog for 0.21.0 release
fbdc150 Lock travis to not use node v15 (#3361)
3a8b87d Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
9a78465 Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
6d05b96 Fix typos (#3309)
fa36737 fix axios.delete ignores config.data (#3282)
b7e954e Fixing node types (#3237)
04d45f2 Fixing requestHeaders.Authorization (#3287)
e8c6e19 docs: Fix simple typo, existant -> existent (#3252)
0d87655 Releasing 0.20.0
cd27741 Updating changelog for 0.20.0 release
ffea034 Releasing 0.20.0-0
fe147fb Updating changlog for 0.20.0 beta release
16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
c4300a8 Adding support for URLSearchParams in node (#1900)