Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade @docusaurus/preset-classic from 3.5.0 to 3.6.0 #228

Merged
merged 2 commits into from
Nov 22, 2024

Upgraded the package version to 3.6

5fa2b8a
Select commit
Loading
Failed to load commit list.
Merged

[Snyk] Security upgrade @docusaurus/preset-classic from 3.5.0 to 3.6.0 #228

Upgraded the package version to 3.6
5fa2b8a
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Nov 22, 2024 in 3s

20 new alerts including 10 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 10 high
  • 8 medium
  • 2 low

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 7611 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

body-parser: Denial of Service Vulnerability in body-parser High

Package: body-parser
Installed Version: 1.20.2
Vulnerability CVE-2024-45590
Severity: HIGH
Fixed Version: 1.20.3
Link: CVE-2024-45590

Check notice on line 8265 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

cookie: cookie accepts cookie name, path, and domain with out of bounds characters Low

Package: cookie
Installed Version: 0.6.0
Vulnerability CVE-2024-47764
Severity: LOW
Fixed Version: 0.7.0
Link: CVE-2024-47764

Check failure on line 8420 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

cross-spawn: regular expression denial of service High

Package: cross-spawn
Installed Version: 7.0.3
Vulnerability CVE-2024-21538
Severity: HIGH
Fixed Version: 7.0.5, 6.0.6
Link: CVE-2024-21538

Check warning on line 9473 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

express: Improper Input Handling in Express Redirects Medium

Package: express
Installed Version: 4.19.2
Vulnerability CVE-2024-43796
Severity: LOW
Fixed Version: 4.20.0, 5.0.0
Link: CVE-2024-43796

Check failure on line 9502 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

path-to-regexp: Backtracking regular expressions cause ReDoS High

Package: path-to-regexp
Installed Version: 0.1.7
Vulnerability CVE-2024-45296
Severity: HIGH
Fixed Version: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
Link: CVE-2024-45296

Check failure on line 10768 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

http-proxy-middleware: Denial of Service High

Package: http-proxy-middleware
Installed Version: 2.0.6
Vulnerability CVE-2024-21536
Severity: HIGH
Fixed Version: 2.0.7, 3.0.3
Link: CVE-2024-21536

Check warning on line 13681 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

micromatch: vulnerable to Regular Expression Denial of Service Medium

Package: micromatch
Installed Version: 4.0.7
Vulnerability CVE-2024-4067
Severity: MEDIUM
Fixed Version: 4.0.8
Link: CVE-2024-4067

Check failure on line 14269 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

path-to-regexp: Backtracking regular expressions cause ReDoS High

Package: path-to-regexp
Installed Version: 1.8.0
Vulnerability CVE-2024-45296
Severity: HIGH
Fixed Version: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
Link: CVE-2024-45296

Check warning on line 16198 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

send: Code Execution Vulnerability in Send Library Medium

Package: send
Installed Version: 0.18.0
Vulnerability CVE-2024-43799
Severity: LOW
Fixed Version: 0.19.0
Link: CVE-2024-43799

Check warning on line 16336 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

serve-static: Improper Sanitization in serve-static Medium

Package: serve-static
Installed Version: 1.15.0
Vulnerability CVE-2024-43800
Severity: LOW
Fixed Version: 1.16.0, 2.1.0
Link: CVE-2024-43800

Check failure on line 2732 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

body-parser: Denial of Service Vulnerability in body-parser High

Package: body-parser
Installed Version: 1.20.2
Vulnerability CVE-2024-45590
Severity: HIGH
Fixed Version: 1.20.3
Link: CVE-2024-45590

Check notice on line 3187 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

cookie: cookie accepts cookie name, path, and domain with out of bounds characters Low

Package: cookie
Installed Version: 0.6.0
Vulnerability CVE-2024-47764
Severity: LOW
Fixed Version: 0.7.0
Link: CVE-2024-47764

Check failure on line 3256 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

cross-spawn: regular expression denial of service High

Package: cross-spawn
Installed Version: 7.0.3
Vulnerability CVE-2024-21538
Severity: HIGH
Fixed Version: 7.0.5, 6.0.6
Link: CVE-2024-21538

Check warning on line 3956 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

express: Improper Input Handling in Express Redirects Medium

Package: express
Installed Version: 4.19.2
Vulnerability CVE-2024-43796
Severity: LOW
Fixed Version: 4.20.0, 5.0.0
Link: CVE-2024-43796

Check failure on line 4661 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

http-proxy-middleware: Denial of Service High

Package: http-proxy-middleware
Installed Version: 2.0.6
Vulnerability CVE-2024-21536
Severity: HIGH
Fixed Version: 2.0.7, 3.0.3
Link: CVE-2024-21536

Check warning on line 5943 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

micromatch: vulnerable to Regular Expression Denial of Service Medium

Package: micromatch
Installed Version: 4.0.7
Vulnerability CVE-2024-4067
Severity: MEDIUM
Fixed Version: 4.0.8
Link: CVE-2024-4067

Check failure on line 6404 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

path-to-regexp: Backtracking regular expressions cause ReDoS High

Package: path-to-regexp
Installed Version: 1.8.0
Vulnerability CVE-2024-45296
Severity: HIGH
Fixed Version: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
Link: CVE-2024-45296

Check failure on line 6409 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

path-to-regexp: Backtracking regular expressions cause ReDoS High

Package: path-to-regexp
Installed Version: 0.1.7
Vulnerability CVE-2024-45296
Severity: HIGH
Fixed Version: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
Link: CVE-2024-45296

Check warning on line 7471 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

send: Code Execution Vulnerability in Send Library Medium

Package: send
Installed Version: 0.18.0
Vulnerability CVE-2024-43799
Severity: LOW
Fixed Version: 0.19.0
Link: CVE-2024-43799

Check warning on line 7515 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

serve-static: Improper Sanitization in serve-static Medium

Package: serve-static
Installed Version: 1.15.0
Vulnerability CVE-2024-43800
Severity: LOW
Fixed Version: 1.16.0, 2.1.0
Link: CVE-2024-43800