Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 9 vulnerabilities #20

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 9 vulnerabilities #20

wants to merge 1 commit into from

Conversation

naiba4
Copy link
Owner

@naiba4 naiba4 commented Apr 22, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/snap/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept
critical severity 786/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.3		 Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 No Proof of Concept
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4		 Prototype Pollution
SNYK-JS-JSON5-3182856		 No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 No Proof of Concept
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Improper Data Handling
SNYK-JS-SES-3057928		 No No Known Exploit
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Improper Input Validation
SNYK-JS-SES-5830612		 No No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn

@guardrails GuardRails
Copy link

guardrails bot commented Apr 22, 2024

⚠️ We detected 15 security issues in this pull request:

Mode: paranoid | Total findings: 15 | Considered vulnerability: 15

Vulnerable Libraries (15)
Severity Details
Medium pkg:npm/follow-redirects@1.15.2 (t) upgrade to: 1.15.6
Critical pkg:npm/ip@2.0.0 (t) - no patch available
High pkg:npm/webpack-dev-middleware@4.3.0 (t) upgrade to: 6.1.2,5.3.4,7.1.0
High pkg:npm/browserify-sign@4.2.1 (t) upgrade to: 4.2.2
Medium pkg:npm/gatsby@4.24.4 (t) upgrade to: 4.25.7,5.9.1
Medium pkg:npm/msgpackr@1.7.2 (t) upgrade to: 1.10.1
Medium pkg:npm/postcss@8.4.18 (t) upgrade to: 8.4.31
Medium pkg:npm/semver@5.7.1 (t) upgrade to: 7.5.2
Medium pkg:npm/semver@7.0.0 (t) upgrade to: 7.5.2
Medium pkg:npm/semver@6.3.0 (t) upgrade to: 7.5.2
Medium pkg:npm/semver@7.3.8 (t) upgrade to: 7.5.2
Medium pkg:npm/semver@7.3.7 (t) upgrade to: 7.5.2
High pkg:npm/sharp@0.30.7 (t) upgrade to: 0.32.6
Medium pkg:npm/tough-cookie@2.5.0 (t) upgrade to: 4.1.3
High pkg:npm/yaml@1.10.2 (t) upgrade to: 2.2.2

More info on how to fix Vulnerable Libraries in JavaScript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Apr 22, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/code-frame@7.24.2 environment 0 24.1 kB nicolo-ribaudo
npm/@babel/helper-builder-binary-assignment-operator-visitor@7.16.7 None 0 3.41 kB nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.23.6 None +2 82.5 kB nicolo-ribaudo
npm/@babel/helper-create-class-features-plugin@7.24.4 None 0 434 kB nicolo-ribaudo
npm/@babel/helper-create-regexp-features-plugin@7.17.0 None 0 7.77 kB nicolo-ribaudo
npm/@babel/helper-define-polyfill-provider@0.3.1 unsafe 0 200 kB nicolo-ribaudo
npm/@babel/helper-explode-assignable-expression@7.18.6 None 0 4.33 kB nicolo-ribaudo
npm/@babel/helper-function-name@7.23.0 None 0 21.6 kB nicolo-ribaudo
npm/@babel/helper-member-expression-to-functions@7.23.0 None 0 55 kB nicolo-ribaudo
npm/@babel/helper-module-imports@7.24.3 None 0 63.8 kB nicolo-ribaudo
npm/@babel/helper-module-transforms@7.23.3 None 0 158 kB nicolo-ribaudo
npm/@babel/helper-optimise-call-expression@7.22.5 None 0 6.66 kB nicolo-ribaudo
npm/@babel/helper-plugin-utils@7.24.0 None 0 11.7 kB nicolo-ribaudo
npm/@babel/helper-remap-async-to-generator@7.16.8 None 0 4.18 kB nicolo-ribaudo
npm/@babel/helper-replace-supers@7.24.1 None 0 32.2 kB nicolo-ribaudo
npm/@babel/helper-skip-transparent-expression-wrappers@7.22.5 None 0 5.96 kB nicolo-ribaudo
npm/@babel/helper-wrap-function@7.22.20 None 0 15.4 kB nicolo-ribaudo
npm/@babel/helpers@7.24.4 None 0 650 kB nicolo-ribaudo
npm/@babel/highlight@7.24.2 environment +4 90.3 kB nicolo-ribaudo
npm/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.16.7 None 0 7.67 kB nicolo-ribaudo
npm/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7 None 0 9.88 kB nicolo-ribaudo
npm/@babel/plugin-proposal-async-generator-functions@7.16.8 None 0 7.45 kB nicolo-ribaudo
npm/@babel/plugin-proposal-class-properties@7.18.6 None 0 3.34 kB nicolo-ribaudo
npm/@babel/plugin-proposal-class-static-block@7.17.6 None 0 4.67 kB nicolo-ribaudo
npm/@babel/plugin-proposal-dynamic-import@7.16.7 None 0 3.65 kB nicolo-ribaudo
npm/@babel/plugin-proposal-export-namespace-from@7.16.7 None 0 4.22 kB nicolo-ribaudo
npm/@babel/plugin-proposal-json-strings@7.16.7 None 0 3.42 kB nicolo-ribaudo
npm/@babel/plugin-proposal-logical-assignment-operators@7.16.7 None 0 4.52 kB nicolo-ribaudo
npm/@babel/plugin-proposal-nullish-coalescing-operator@7.18.6 None 0 4.41 kB nicolo-ribaudo
npm/@babel/plugin-proposal-numeric-separator@7.18.6 None 0 3.37 kB nicolo-ribaudo
npm/@babel/plugin-proposal-object-rest-spread@7.20.7 None 0 70.5 kB nicolo-ribaudo
npm/@babel/plugin-proposal-optional-catch-binding@7.16.7 None 0 3.21 kB nicolo-ribaudo
npm/@babel/plugin-proposal-optional-chaining@7.21.0 None 0 33.2 kB nicolo-ribaudo
npm/@babel/plugin-proposal-private-methods@7.16.11 None 0 3.16 kB nicolo-ribaudo
npm/@babel/plugin-proposal-private-property-in-object@7.16.7 None 0 7.16 kB nicolo-ribaudo
npm/@babel/plugin-proposal-unicode-property-regex@7.16.7 None 0 3.46 kB nicolo-ribaudo
npm/@babel/plugin-syntax-class-static-block@7.14.5 None 0 2.74 kB nicolo-ribaudo
npm/@babel/plugin-syntax-dynamic-import@7.8.3 None 0 2.47 kB nicolo-ribaudo
npm/@babel/plugin-syntax-export-namespace-from@7.8.3 None 0 2.62 kB nicolo-ribaudo
npm/@babel/plugin-syntax-flow@7.24.1 None 0 5.42 kB nicolo-ribaudo
npm/@babel/plugin-syntax-import-assertions@7.18.6 None 0 3.02 kB nicolo-ribaudo
npm/@babel/plugin-syntax-private-property-in-object@7.14.5 None 0 2.82 kB nicolo-ribaudo
npm/@babel/plugin-syntax-typescript@7.18.6 None 0 3.9 kB nicolo-ribaudo
npm/@babel/plugin-transform-arrow-functions@7.24.1 None 0 5.55 kB nicolo-ribaudo
npm/@babel/plugin-transform-async-to-generator@7.16.8 None 0 4.14 kB nicolo-ribaudo
npm/@babel/plugin-transform-block-scoped-functions@7.24.1 None 0 6.55 kB nicolo-ribaudo
npm/@babel/plugin-transform-block-scoping@7.24.4 None 0 88.1 kB nicolo-ribaudo
npm/@babel/plugin-transform-classes@7.24.1 None +1 127 kB nicolo-ribaudo
npm/@babel/plugin-transform-computed-properties@7.24.1 None 0 22.7 kB nicolo-ribaudo
npm/@babel/plugin-transform-destructuring@7.24.1 None 0 81.9 kB nicolo-ribaudo
npm/@babel/plugin-transform-dotall-regex@7.16.7 None 0 3.11 kB nicolo-ribaudo
npm/@babel/plugin-transform-duplicate-keys@7.16.7 None 0 4.24 kB nicolo-ribaudo
npm/@babel/plugin-transform-exponentiation-operator@7.16.7 None 0 3.31 kB nicolo-ribaudo
npm/@babel/plugin-transform-flow-strip-types@7.24.1 None 0 17.7 kB nicolo-ribaudo
npm/@babel/plugin-transform-for-of@7.24.1 None 0 44.7 kB nicolo-ribaudo
npm/@babel/plugin-transform-function-name@7.24.1 None 0 6.2 kB nicolo-ribaudo
npm/@babel/plugin-transform-literals@7.24.1 None 0 4.63 kB nicolo-ribaudo
npm/@babel/plugin-transform-member-expression-literals@7.24.1 None 0 4.94 kB nicolo-ribaudo
npm/@babel/plugin-transform-modules-amd@7.16.7 None 0 7.87 kB nicolo-ribaudo
npm/@babel/plugin-transform-modules-commonjs@7.24.1 None 0 42.4 kB nicolo-ribaudo
npm/@babel/plugin-transform-modules-systemjs@7.17.8 None 0 21 kB nicolo-ribaudo
npm/@babel/plugin-transform-modules-umd@7.16.7 None 0 9.37 kB nicolo-ribaudo
npm/@babel/plugin-transform-named-capturing-groups-regex@7.16.8 None 0 3.25 kB nicolo-ribaudo
npm/@babel/plugin-transform-new-target@7.16.7 None 0 4.42 kB nicolo-ribaudo
npm/@babel/plugin-transform-object-super@7.24.1 None 0 9.23 kB nicolo-ribaudo
npm/@babel/plugin-transform-parameters@7.24.1 None 0 64.9 kB nicolo-ribaudo
npm/@babel/plugin-transform-property-literals@7.24.1 None 0 4.72 kB nicolo-ribaudo
npm/@babel/plugin-transform-react-constant-elements@7.18.12 None 0 8.1 kB nicolo-ribaudo
npm/@babel/plugin-transform-react-display-name@7.24.1 None 0 12.4 kB nicolo-ribaudo
npm/@babel/plugin-transform-react-jsx-development@7.18.6 None 0 2.66 kB nicolo-ribaudo
npm/@babel/plugin-transform-react-jsx@7.23.4 None 0 80 kB nicolo-ribaudo
npm/@babel/plugin-transform-react-pure-annotations@7.18.6 None 0 4.02 kB nicolo-ribaudo
npm/@babel/plugin-transform-regenerator@7.17.9 None 0 2.58 kB nicolo-ribaudo
npm/@babel/plugin-transform-reserved-words@7.16.7 None 0 2.94 kB nicolo-ribaudo
npm/@babel/plugin-transform-runtime@7.19.1 unsafe 0 37.9 kB nicolo-ribaudo
npm/@babel/plugin-transform-shorthand-properties@7.24.1 None 0 7.11 kB nicolo-ribaudo
npm/@babel/plugin-transform-spread@7.24.1 None 0 21.2 kB nicolo-ribaudo
npm/@babel/plugin-transform-sticky-regex@7.16.7 None 0 3.08 kB nicolo-ribaudo
npm/@babel/plugin-transform-template-literals@7.24.1 None 0 15.9 kB nicolo-ribaudo
npm/@babel/plugin-transform-typeof-symbol@7.16.7 None 0 4.89 kB nicolo-ribaudo
npm/@babel/plugin-transform-typescript@7.18.10 None 0 33.3 kB nicolo-ribaudo
npm/@babel/plugin-transform-unicode-escapes@7.16.7 None 0 5.99 kB nicolo-ribaudo
npm/@babel/plugin-transform-unicode-regex@7.16.7 None 0 2.94 kB nicolo-ribaudo
npm/@babel/preset-env@7.19.4 environment +30 475 kB nicolo-ribaudo
npm/@babel/preset-modules@0.1.6 None 0 38.8 kB nicolo-ribaudo
npm/@babel/preset-react@7.18.6 None 0 12.3 kB nicolo-ribaudo
npm/@babel/preset-typescript@7.18.6 None 0 14.1 kB nicolo-ribaudo
npm/@babel/runtime-corejs3@7.19.4 None 0 287 kB nicolo-ribaudo
npm/@babel/template@7.24.0 None 0 68.9 kB nicolo-ribaudo
npm/@babel/traverse@7.24.1 None 0 615 kB nicolo-ribaudo
npm/@babel/types@7.24.0 environment 0 2.41 MB nicolo-ribaudo
npm/@builder.io/partytown@0.5.4 None 0 354 kB adamdbradley
npm/@emotion/is-prop-valid@0.8.8 environment 0 39 kB emotion-release-bot
npm/@emotion/memoize@0.7.4 environment 0 5.41 kB emotion-release-bot
npm/@emotion/stylis@0.8.5 environment 0 105 kB emotion-release-bot
npm/@emotion/unitless@0.7.5 environment 0 8.26 kB emotion-release-bot
npm/@gatsbyjs/parcel-namer-relative-to-cwd@1.9.0 None 0 9.84 kB marvinjudehk
npm/@gatsbyjs/potrace@2.3.0 None 0 86.9 kB pieh
npm/@gatsbyjs/reach-router@1.3.9 environment 0 195 kB lekoarts
npm/@gatsbyjs/webpack-hot-middleware@2.25.3 None 0 31.6 kB wardpeet
npm/@graphql-codegen/add@3.2.1 None 0 4.52 kB dotansimha
npm/@graphql-codegen/core@2.6.2 None 0 35.2 kB dotansimha
npm/@graphql-codegen/plugin-helpers@2.7.2 unsafe +1 163 kB dotansimha
npm/@graphql-codegen/schema-ast@2.5.1 None 0 9.42 kB dotansimha
npm/@graphql-codegen/typescript-operations@2.5.4 None 0 37.2 kB dotansimha
npm/@graphql-codegen/typescript@2.8.8 Transitive: unsafe +4 715 kB dotansimha
npm/@graphql-codegen/visitor-plugin-common@2.12.2 None 0 456 kB dotansimha
npm/@graphql-tools/code-file-loader@7.3.6 filesystem, unsafe +1 514 kB ardatan
npm/@graphql-tools/graphql-tag-pluck@7.3.6 None 0 55.2 kB ardatan
npm/@graphql-tools/load@7.7.7 unsafe +3 261 kB ardatan
npm/@graphql-tools/merge@8.4.2 None 0 100 kB ardatan
npm/@graphql-tools/optimize@1.4.0 None 0 16.1 kB ardatan
npm/@graphql-tools/relay-operation-optimizer@6.5.18 None 0 8.43 kB ardatan
npm/@graphql-tools/schema@9.0.19 None +1 565 kB ardatan
npm/@graphql-tools/utils@8.13.1 None 0 483 kB ardatan
npm/@humanwhocodes/gitignore-to-minimatch@1.0.2 None 0 18.8 kB nzakas
npm/@jest/schemas@28.1.3 None 0 5.82 kB simenb
npm/@jridgewell/gen-mapping@0.3.5 None 0 81.6 kB jridgewell
npm/@jridgewell/source-map@0.3.2 None 0 231 kB jridgewell
npm/@lavamoat/aa@3.1.0 filesystem 0 18.2 kB kumavis
npm/@lavamoat/allow-scripts@2.0.3 filesystem Transitive: environment +2 340 kB kumavis
npm/@lezer/common@1.2.1 None 0 239 kB marijn
npm/@lezer/lr@1.4.0 environment 0 165 kB marijn
npm/@lmdb/lmdb-darwin-arm64@2.8.5 None 0 1.81 MB kriszyp
npm/@lmdb/lmdb-darwin-x64@2.8.5 None 0 1.95 MB kriszyp
npm/@lmdb/lmdb-linux-arm@2.8.5 None 0 951 kB kriszyp
npm/@lmdb/lmdb-linux-arm64@2.8.5 None 0 2.86 MB kriszyp
npm/@lmdb/lmdb-linux-x64@2.8.5 None 0 3.21 MB kriszyp
npm/@lmdb/lmdb-win32-x64@2.8.5 None 0 1.56 MB kriszyp
npm/@mischnic/json-sourcemap@0.1.1 None +1 250 kB mischnic
npm/@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.2 None 0 108 kB kriszyp
npm/@msgpackr-extract/msgpackr-extract-darwin-x64@3.0.2 None 0 107 kB kriszyp
npm/@msgpackr-extract/msgpackr-extract-linux-arm@3.0.2 None 0 53.2 kB kriszyp
npm/@msgpackr-extract/msgpackr-extract-linux-arm64@3.0.2 None 0 58.5 kB kriszyp
npm/@msgpackr-extract/msgpackr-extract-linux-x64@3.0.2 None 0 62.2 kB kriszyp
npm/@msgpackr-extract/msgpackr-extract-win32-x64@3.0.2 None 0 228 kB kriszyp
npm/@npmcli/node-gyp@1.0.3 filesystem 0 1.52 kB gar
npm/@npmcli/promise-spawn@1.3.2 shell 0 6.01 kB ruyadorno
npm/@npmcli/run-script@1.8.6 environment, filesystem 0 16.5 kB gar
npm/@parcel/cache@2.6.2 None 0 23.8 kB devongovett
npm/@parcel/codeframe@2.12.0 None 0 3.51 MB devongovett
npm/@parcel/core@2.12.0 environment, unsafe Transitive: filesystem, shell +8 6.31 MB devongovett
npm/@parcel/diagnostic@2.6.2 None 0 27.2 kB devongovett
npm/@parcel/events@2.12.0 None 0 16 kB devongovett
npm/@parcel/fs-search@2.6.2 environment, filesystem 0 2.65 MB devongovett
npm/@parcel/fs@2.6.2 environment, filesystem 0 383 kB devongovett
npm/@parcel/graph@3.2.0 None 0 172 kB devongovett
npm/@parcel/hash@2.6.2 environment, filesystem 0 2.76 MB devongovett
npm/@parcel/logger@2.6.2 None 0 14 kB devongovett
npm/@parcel/markdown-ansi@2.12.0 None 0 4.82 kB devongovett
npm/@parcel/namer-default@2.6.2 None 0 12.3 kB devongovett
npm/@parcel/node-resolver-core@3.3.0 unsafe Transitive: environment, filesystem +2 2.47 MB devongovett
npm/@parcel/package-manager@2.6.2 environment, filesystem, shell, unsafe 0 673 kB devongovett
npm/@parcel/plugin@2.6.2 None 0 5.85 kB devongovett
npm/@parcel/source-map@2.1.1 None 0 4.14 MB devongovett
npm/@parcel/types@2.6.2 environment 0 122 kB devongovett
npm/@parcel/utils@2.6.2 None +2 7.59 MB devongovett
npm/@parcel/watcher@2.4.1 None +1 413 kB devongovett
npm/@parcel/workers@2.6.2 environment, filesystem, shell, unsafe 0 112 kB devongovett
npm/@sinclair/typebox@0.24.51 None 0 306 kB sinclair
npm/@sindresorhus/is@4.6.0 None 0 57.5 kB sindresorhus
npm/@szmarczak/http-timer@4.0.6 None 0 10.8 kB szmarczak
npm/@types/cacheable-request@6.0.3 None 0 9.28 kB types
npm/@types/http-cache-semantics@4.0.4 None 0 9.28 kB types
npm/@types/keyv@3.1.4 None 0 6.12 kB types
npm/@types/responselike@1.0.3 None 0 4.6 kB types
npm/aproba@1.2.0 None 0 8.18 kB iarna
npm/are-we-there-yet@1.1.7 Transitive: environment +2 118 kB gar
npm/auto-bind@4.0.0 None 0 6.7 kB sindresorhus
npm/babel-plugin-dynamic-import-node@2.3.3 None 0 12.4 kB ljharb
npm/babel-plugin-polyfill-corejs2@0.3.3 Transitive: unsafe +1 277 kB nicolo-ribaudo
npm/babel-plugin-polyfill-corejs3@0.6.0 None 0 170 kB nicolo-ribaudo
npm/babel-plugin-polyfill-regenerator@0.4.1 None 0 8.65 kB nicolo-ribaudo
npm/babel-plugin-syntax-trailing-function-commas@7.0.0-beta.0 None 0 3.03 kB hzoo
npm/babel-preset-fbjs@3.4.0 environment 0 28.7 kB gweterings
npm/base-x@3.0.9 None 0 9.35 kB junderw
npm/browserslist@4.23.0 environment, filesystem 0 62.8 kB ai
npm/cacheable-lookup@5.0.4 network 0 23.9 kB szmarczak
npm/cacheable-request@7.0.4 network 0 16.8 kB jaredwray
npm/camel-case@4.1.2 None 0 14.3 kB blakeembrey
npm/capital-case@1.0.4 None 0 11.6 kB blakeembrey
npm/change-case-all@1.0.14 None 0 7.78 kB btxtiger
npm/change-case@4.1.2 None +1 93.3 kB blakeembrey
npm/cliui@6.0.0 None 0 14.9 kB bcoe
npm/clone-response@1.0.3 None 0 4.53 kB sindresorhus
npm/configstore@5.0.1 None 0 7.61 kB sindresorhus
npm/constant-case@3.0.4 None 0 11.1 kB blakeembrey
npm/core-js-compat@3.37.0 None 0 727 kB zloirock
npm/core-js-pure@3.37.0 environment, eval, filesystem 0 1.09 MB zloirock
npm/cross-fetch@3.1.8 network 0 75.1 kB lquixada
npm/decompress-response@6.0.0 None +1 11.5 kB sindresorhus
npm/defer-to-connect@2.0.1 None 0 5.44 kB szmarczak
npm/dependency-graph@0.11.0 None 0 38.6 kB jriecken
npm/detect-libc@1.0.3 environment, filesystem, shell 0 17.2 kB lovell
npm/dot-case@3.0.4 None 0 10.5 kB blakeembrey
npm/dot-prop@5.3.0 None 0 9.61 kB sindresorhus
npm/fbjs@3.0.5 None 0 441 kB bigfootjon
npm/gatsby-core-utils@3.25.0 environment, filesystem, shell, unsafe +1 2.45 MB pieh
npm/gauge@2.7.4 None +3 59.7 kB iarna
npm/got@11.8.6 filesystem, network 0 269 kB sindresorhus
npm/graphql-tag@2.12.6 None 0 172 kB apollo-bot
npm/header-case@2.0.4 None 0 10.3 kB blakeembrey
npm/http2-wrapper@1.0.3 network 0 53.1 kB szmarczak
npm/immutable@3.7.6 None 0 335 kB leebyron
npm/import-from@4.0.0 unsafe 0 4.91 kB sindresorhus
npm/invariant@2.2.4 None 0 7.64 kB zertosh
npm/is-lower-case@2.0.2 None 0 9.36 kB blakeembrey
npm/is-upper-case@2.0.2 None 0 9.37 kB blakeembrey
npm/jimp-compact@0.16.2 environment, eval, filesystem, network 0 1.3 MB pi0
npm/lmdb@2.5.2 environment, filesystem, unsafe +8 21.7 MB kriszyp
npm/lock@1.1.0 None 0 9.6 kB raymondmayjr
npm/loose-envify@1.4.0 environment 0 5.81 kB zertosh
npm/lower-case-first@2.0.2 None 0 8.84 kB blakeembrey
npm/lower-case@2.0.2 None 0 17.7 kB blakeembrey
npm/msgpackr-extract@3.0.2 Transitive: environment, filesystem, unsafe +1 29 kB kriszyp
npm/msgpackr@1.10.1 environment, eval, unsafe 0 1.89 MB kriszyp
npm/no-case@3.0.4 None 0 25.1 kB blakeembrey
npm/node-gyp-build-optional-packages@5.1.1 environment, filesystem, unsafe 0 13.9 kB kriszyp
npm/node-gyp@7.1.2 environment, shell 0 1.93 MB rvagg
npm/node-object-hash@2.3.10 None 0 80.2 kB m03geek
npm/npmlog@4.1.2 None 0 17.4 kB iarna
npm/nullthrows@1.1.1 None 0 2.84 kB zertosh
npm/ordered-binary@1.5.1 eval 0 57.7 kB kriszyp
npm/p-cancelable@2.1.1 None 0 13.5 kB sindresorhus
npm/param-case@3.0.4 None 0 10.2 kB blakeembrey
npm/pascal-case@3.1.2 None 0 14.8 kB blakeembrey
npm/path-case@3.0.4 None 0 10.1 kB blakeembrey
npm/prop-types@15.8.1 environment 0 94.5 kB ljharb
npm/proper-lockfile@4.1.2 None 0 29.9 kB hugomrdias
npm/react-dom@18.2.0 environment 0 4.5 MB gnoff
npm/read-package-json-fast@2.0.3 filesystem 0 8.25 kB isaacs
npm/regenerate-unicode-properties@10.1.1 None 0 589 kB google-wombot
npm/regenerator-transform@0.15.2 None 0 135 kB benjamn
npm/regexpu-core@5.3.2 None 0 53.8 kB google-wombot
npm/regjsparser@0.9.1 None +1 93.8 kB jviereck
npm/relay-runtime@12.0.0 environment 0 1.38 MB alunyov
npm/request@2.88.2 environment, filesystem, network 0 209 kB mikeal
npm/resolve-alpn@1.2.1 network 0 4.64 kB szmarczak
npm/responselike@2.0.1 None 0 4.68 kB sindresorhus
npm/scheduler@0.23.0 environment 0 93.4 kB gnoff
npm/sentence-case@3.0.4 None 0 12.2 kB blakeembrey
npm/signedsource@1.0.0 None 0 7.19 kB kassens
npm/snake-case@3.0.4 None 0 10.4 kB blakeembrey
npm/sponge-case@1.0.1 None 0 9.11 kB blakeembrey
npm/swap-case@2.0.2 None 0 10.1 kB blakeembrey
npm/tar@6.2.1 environment, filesystem 0 167 kB isaacs
npm/title-case@3.0.3 None 0 27.7 kB blakeembrey
npm/ua-parser-js@1.0.37 None 0 112 kB faisalman
npm/unicode-match-property-ecmascript@2.0.0 None 0 5.05 kB google-wombot
npm/unique-string@2.0.0 None 0 2.88 kB sindresorhus
npm/unixify@1.0.0 None 0 7.36 kB jonschlinkert
npm/update-browserslist-db@1.0.13 filesystem, shell 0 13.9 kB ai
npm/upper-case-first@2.0.2 None 0 8.86 kB blakeembrey
npm/upper-case@2.0.2 None 0 15.6 kB blakeembrey
npm/utility-types@3.11.0 None 0 64.3 kB piotrwitek
npm/value-or-promise@1.0.12 None 0 30.2 kB yaacovcr
npm/weak-lru-cache@1.2.2 None 0 28.2 kB kriszyp
npm/which-module@2.0.1 None 0 4.04 kB nexdrew
npm/write-file-atomic@3.0.3 filesystem 0 12.8 kB isaacs
npm/xxhash-wasm@0.4.2 None 0 40.6 kB jungomi
npm/yargs-parser@18.1.3 environment 0 71.5 kB oss-bot
npm/yargs@15.4.1 environment, filesystem +3 256 kB oss-bot

🚮 Removed packages: npm/@sideway/pinpoint@2.0.0, npm/@tootallnate/once@2.0.0, npm/@types/estree@1.0.5, npm/@webassemblyjs/floating-point-hex-parser@1.11.6, npm/@webassemblyjs/helper-api-error@1.11.6, npm/@webassemblyjs/helper-numbers@1.11.6, npm/@webassemblyjs/helper-wasm-bytecode@1.11.6, npm/@webassemblyjs/ieee754@1.11.6, npm/@webassemblyjs/leb128@1.11.6, npm/@webassemblyjs/utf8@1.11.6, npm/@xtuc/ieee754@1.2.0, npm/@xtuc/long@4.2.2, npm/accepts@1.3.8, npm/acorn-walk@7.2.0, npm/agent-base@6.0.2, npm/aggregate-error@3.1.0, npm/ajv-keywords@3.5.2, npm/ansi-align@3.0.1, npm/ansi-colors@4.1.3, npm/ansi-escapes@3.2.0, npm/append-field@1.0.0, npm/array-flatten@1.1.1, npm/arrify@2.0.1, npm/asn1@0.2.6, npm/assert-plus@1.0.0, npm/ast-types-flow@0.0.7, npm/astral-regex@2.0.0, npm/asynckit@0.4.0, npm/at-least-node@1.0.0, npm/atob@2.1.2, npm/axios@0.21.4, npm/babel-plugin-syntax-jsx@6.18.0, npm/babel-plugin-transform-react-remove-prop-types@0.4.24, npm/base64-js@1.5.1, npm/bcrypt-pbkdf@1.0.2, npm/big.js@5.2.2, npm/binary-extensions@2.3.0, npm/bl@4.1.0, npm/bluebird@3.7.2, npm/boolbase@1.0.0, npm/buffer-from@1.1.2, npm/busboy@1.6.0, npm/bytes@3.0.0, npm/camelize@1.0.1, npm/caseless@0.12.0, npm/chardet@0.7.0, npm/chownr@2.0.0, npm/clean-stack@2.2.0, npm/cli-boxes@2.2.1, npm/cli-cursor@3.1.0, npm/cli-width@3.0.0, npm/color-string@1.9.1, npm/color-support@1.1.3, npm/colord@2.9.3, npm/combined-stream@1.0.8, npm/commander@7.2.0, npm/common-path-prefix@3.0.0, npm/commondir@1.0.1, npm/component-emitter@1.3.0, npm/concat-stream@1.6.2, npm/confusing-browser-globals@1.0.11, npm/content-type@1.0.5, npm/cookie-signature@1.0.6, npm/cookie@0.4.2, npm/cors@2.8.5, npm/css-color-keywords@1.0.0, npm/css-what@6.1.0, npm/cssesc@3.0.0, npm/csstype@3.1.3, npm/damerau-levenshtein@1.0.8, npm/dashdash@1.14.1, npm/decode-uri-component@0.2.2, npm/deep-extend@0.6.0, npm/deepmerge@4.3.1, npm/define-lazy-prop@2.0.0, npm/defined@1.0.1, npm/delayed-stream@1.0.0, npm/depd@1.1.2, npm/destroy@1.2.0, npm/diff-sequences@27.5.1, npm/diff@5.2.0, npm/domelementtype@2.3.0, npm/domhandler@4.3.1, npm/duplexer3@0.1.5, npm/duplexer@0.1.2, npm/ecc-jsbn@0.1.2, npm/ee-first@1.1.1, npm/emojis-list@3.0.0, npm/encodeurl@1.0.2, npm/encoding@0.1.13, npm/entities@4.5.0, npm/envinfo@7.12.0, npm/err-code@2.0.3, npm/error-ex@1.3.2, npm/es6-iterator@2.0.3, npm/es6-promise@4.2.8, npm/es6-weak-map@2.0.3, npm/escape-goat@2.1.1, npm/escape-html@1.0.3, npm/eslint-plugin-react-hooks@4.6.0, npm/esprima@4.0.1, npm/etag@1.8.1, npm/event-emitter@0.3.5, npm/events@3.3.0, npm/extend@3.0.2, npm/extsprintf@1.3.0, npm/fast-safe-stringify@2.1.1, npm/fast-url-parser@1.1.3, npm/fastest-levenshtein@1.0.16, npm/filter-obj@1.1.0, npm/finalhandler@1.2.0, npm/follow-redirects@1.15.6, npm/forever-agent@0.6.1, npm/form-data@2.3.3, npm/forwarded@0.2.0, npm/fresh@0.5.2, npm/fs-constants@1.0.0, npm/fs-minipass@2.1.0, npm/fsevents@2.3.3, npm/functional-red-black-tree@1.0.1, npm/getpass@0.1.7, npm/glob-to-regexp@0.4.1, npm/grapheme-splitter@1.0.4, npm/har-schema@2.0.0, npm/has-yarn@2.1.0, npm/he@1.2.0, npm/hosted-git-info@2.8.9, npm/http-proxy-agent@5.0.0, npm/http-signature@1.2.0, npm/https-proxy-agent@5.0.1, npm/human-signals@2.1.0, npm/humanize-ms@1.2.1, npm/iconv-lite@0.4.24, npm/immer@9.0.21, npm/import-lazy@2.1.0, npm/indent-string@4.0.0, npm/ini@1.3.8, npm/ip@2.0.0, npm/ipaddr.js@1.9.1, npm/is-absolute-url@3.0.3, npm/is-arguments@1.1.1, npm/is-arrayish@0.2.1, npm/is-binary-path@2.1.0, npm/is-buffer@1.1.6, npm/is-docker@2.2.1, npm/is-generator-function@1.0.10, npm/is-lambda@1.0.1, npm/is-npm@5.0.0, npm/is-promise@2.2.2, npm/is-stream@2.0.1, npm/is-wsl@2.2.0, npm/is-yarn-global@0.3.0, npm/isobject@3.0.1, npm/isstream@0.1.2, npm/jest-get-type@27.5.1, npm/jsbn@0.1.1, npm/json-schema@0.4.0, npm/json-stringify-safe@5.0.1, npm/jsprim@1.4.2, npm/kind-of@6.0.3, npm/kleur@3.0.3, npm/klona@2.0.6, npm/language-subtag-registry@0.3.22, npm/lilconfig@2.1.0, npm/lines-and-columns@1.2.4, npm/loader-runner@4.3.0, npm/lodash.clonedeep@4.5.0, npm/lodash.foreach@4.5.0, npm/lodash.map@4.6.0, npm/lodash.truncate@4.4.2, npm/lodash.uniq@4.5.0, npm/lru-queue@0.1.0, npm/mdn-data@2.0.14, npm/meant@1.0.3, npm/media-typer@0.3.0, npm/memoizee@0.4.15, npm/merge-descriptors@1.0.1, npm/merge-stream@2.0.0, npm/methods@1.1.2, npm/mime-db@1.52.0, npm/mime-types@2.1.35, npm/mime@2.6.0, npm/mimic-fn@2.1.0, npm/min-indent@1.0.1, npm/minimalistic-assert@1.0.1, npm/minipass-collect@1.0.2, npm/minipass-flush@1.0.5, npm/minipass-pipeline@1.2.4, npm/minipass-sized@1.0.3, npm/minipass@5.0.0, npm/mkdirp@1.0.4, npm/mute-stream@0.0.8, npm/nanoid@3.3.7, npm/negotiator@0.6.3, npm/neo-async@2.6.2, npm/next-tick@1.1.0, npm/nice-try@1.0.5, npm/normalize-range@0.1.2, npm/npm-run-path@4.0.1, npm/nth-check@2.1.1, npm/oauth-sign@0.9.0, npm/on-finished@2.4.1, npm/on-headers@1.0.2, npm/onetime@5.1.2, npm/open@7.4.2, npm/opentracing@0.14.7, npm/os-homedir@1.0.2, npm/os-tmpdir@1.0.2, npm/p-finally@1.0.0, npm/p-map@4.0.0, npm/pako@1.0.11, npm/parse-json@5.2.0, npm/parseurl@1.3.3, npm/path-is-inside@1.0.2, npm/performance-now@2.1.0, npm/postcss-value-parser@4.2.0, npm/postcss@8.4.38, npm/prepend-http@2.0.0, npm/process@0.11.10, npm/progress@2.0.3, npm/promise-inflight@1.0.1, npm/prompts@2.4.2, npm/pseudomap@1.0.2, npm/psl@1.9.0, npm/qs@6.5.3, npm/querystring@0.2.0, npm/randombytes@2.1.0, npm/rc@1.2.8, npm/readdirp@3.6.0, npm/redent@3.0.0, npm/registry-url@5.1.0, npm/require-from-string@2.0.2, npm/resolve-cwd@3.0.0, npm/restore-cursor@3.1.0, npm/run-async@2.4.1, npm/safer-buffer@2.1.2, npm/serve-static@1.15.0, npm/setprototypeof@1.2.0, npm/sha.js@2.4.11, npm/shallow-clone@3.0.1, npm/shell-quote@1.8.1, npm/simple-swizzle@0.2.2, npm/sisteransi@1.0.5, npm/slice-ansi@4.0.0, npm/slugify@1.6.6, npm/smart-buffer@4.2.0, npm/source-map-js@1.2.0, npm/source-map-support@0.5.21, npm/source-map@0.5.7, npm/split-on-first@1.1.0, npm/sprintf-js@1.0.3, npm/stack-trace@0.0.10, npm/stackframe@1.3.4, npm/statuses@2.0.1, npm/stream-browserify@3.0.0, npm/streamsearch@1.1.0, npm/strict-uri-encode@2.0.0, npm/string-natural-compare@3.0.1, npm/strip-eof@1.0.0, npm/strip-final-newline@2.0.0, npm/strip-indent@3.0.0, npm/tapable@2.2.1, npm/through@2.3.8, npm/timers-ext@0.1.7, npm/to-readable-stream@1.0.0, npm/toidentifier@1.0.0, npm/tough-cookie@2.5.0, npm/tty-browserify@0.0.1, npm/tunnel-agent@0.6.0, npm/tweetnacl@0.14.5, npm/type-is@1.6.18, npm/type@2.7.2, npm/typedarray@0.0.6, npm/unique-filename@1.1.1, npm/unique-slug@2.0.2, npm/unpipe@1.0.0, npm/util@0.12.5, npm/utila@0.4.0, npm/utils-merge@1.0.1, npm/uuid@3.4.0, npm/validate-npm-package-license@3.0.4, npm/vary@1.1.2, npm/verror@1.10.0, npm/webpack-sources@3.2.3, npm/widest-line@3.1.0, npm/word-wrap@1.2.3, npm/xtend@4.0.2, npm/yaml@1.10.2

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Environment variable access npm/yargs-parser@18.1.3
Dynamic require npm/yargs-parser@18.1.3
Environment variable access npm/supports-color@5.5.0
Filesystem access npm/write-file-atomic@3.0.3
Shell access npm/update-browserslist-db@1.0.13
Filesystem access npm/update-browserslist-db@1.0.13
Environment variable access npm/yargs@15.4.1
Filesystem access npm/yargs@15.4.1
Dynamic require npm/yargs@15.4.1
Environment variable access npm/yargs@15.4.1
Environment variable access npm/yargs@15.4.1
Dynamic require npm/yargs@15.4.1
Environment variable access npm/yargs@15.4.1
Environment variable access npm/yargs@15.4.1
Environment variable access npm/yargs@15.4.1
Environment variable access npm/yargs@15.4.1
Unmaintained npm/lock@1.1.0
  • Last Publish: 9/21/2017, 3:06:21 PM
Network access npm/request@2.88.2
Environment variable access npm/request@2.88.2
Network access npm/request@2.88.2
Network access npm/request@2.88.2
Deprecated npm/request@2.88.2
Filesystem access npm/request@2.88.2
Filesystem access npm/got@11.8.6
Network access npm/got@11.8.6
Network access npm/got@11.8.6
Network access npm/got@11.8.6
Network access npm/got@11.8.6
Floating dependency npm/@types/cacheable-request@6.0.3
Floating dependency npm/@types/cacheable-request@6.0.3
Network access npm/cacheable-lookup@5.0.4
Network access npm/cacheable-request@7.0.4
Network access npm/http2-wrapper@1.0.3
Network access npm/http2-wrapper@1.0.3
Network access npm/http2-wrapper@1.0.3
Network access npm/http2-wrapper@1.0.3
Network access npm/http2-wrapper@1.0.3
New author npm/responselike@2.0.1
Floating dependency npm/@types/keyv@3.1.4
New author npm/clone-response@1.0.3
Network access npm/resolve-alpn@1.2.1
Environment variable access npm/detect-libc@1.0.3
Unmaintained npm/aproba@1.2.0
  • Last Publish: 5/22/2018, 9:29:46 PM
Trivial Package npm/strip-ansi@3.0.1
New author npm/strip-ansi@3.0.1
Trivial Package npm/which-module@2.0.1
Debug access npm/@babel/helper-define-polyfill-provider@0.3.3
Dynamic require npm/@babel/helper-define-polyfill-provider@0.3.3
Deprecated npm/@babel/plugin-proposal-async-generator-functions@7.20.7
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
Deprecated npm/@babel/plugin-proposal-class-properties@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
Deprecated npm/@babel/plugin-proposal-class-static-block@7.21.0
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
Deprecated npm/@babel/plugin-proposal-dynamic-import@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
Deprecated npm/@babel/plugin-proposal-export-namespace-from@7.18.9
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
Deprecated npm/@babel/plugin-proposal-json-strings@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
Deprecated npm/@babel/plugin-proposal-logical-assignment-operators@7.20.7
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
Deprecated npm/@babel/plugin-proposal-nullish-coalescing-operator@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
Deprecated npm/@babel/plugin-proposal-numeric-separator@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
Deprecated npm/@babel/plugin-proposal-object-rest-spread@7.20.7
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
Deprecated npm/@babel/plugin-proposal-optional-catch-binding@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
Deprecated npm/@babel/plugin-proposal-optional-chaining@7.21.0
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
Deprecated npm/@babel/plugin-proposal-private-methods@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
Deprecated npm/@babel/plugin-proposal-unicode-property-regex@7.18.6
  • Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
Trivial Package npm/@babel/plugin-transform-react-jsx-development@7.18.6
Environment variable access npm/@emotion/is-prop-valid@0.8.8
  • E

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@naiba4 @snyk-bot