Skip to content

[Snyk] Fix for 1 vulnerabilities#24

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-8306b4c0facb6a74b8bca80307c280e7
Open

[Snyk] Fix for 1 vulnerabilities#24
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-8306b4c0facb6a74b8bca80307c280e7

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Dec 7, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @storybook/addon-viewport The new version differs by 250 commits.
  • e89e51a v6.1.0
  • d004d19 Update root, peer deps, version.ts/json to 6.1.0
  • 1d07f01 6.1.0 changelog
  • 178e9bd 6.1.0-rc.6 next.json version file
  • 971eccd Update git head to 6.1.0-rc.6
  • 9009e53 v6.1.0-rc.6
  • eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
  • 5c0049b 6.1.0-rc.6 changelog
  • 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
  • 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
  • 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
  • 428b6e0 6.1.0-rc.5 next.json version file
  • a72852d Update git head to 6.1.0-rc.5
  • a8822ed v6.1.0-rc.5
  • 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
  • 06b55c8 update 6.1-rc.5
  • 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
  • f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
  • c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
  • cd7766e 6.1.0-rc.5 changelog addition
  • 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
  • f2123da 6.1.0-rc.5 changelog
  • 30c5e98 fix incorrect component reference
  • f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames

See the full diff

Package name: @storybook/react The new version differs by 250 commits.
  • e89e51a v6.1.0
  • d004d19 Update root, peer deps, version.ts/json to 6.1.0
  • 1d07f01 6.1.0 changelog
  • 178e9bd 6.1.0-rc.6 next.json version file
  • 971eccd Update git head to 6.1.0-rc.6
  • 9009e53 v6.1.0-rc.6
  • eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
  • 5c0049b 6.1.0-rc.6 changelog
  • 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
  • 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
  • 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
  • 428b6e0 6.1.0-rc.5 next.json version file
  • a72852d Update git head to 6.1.0-rc.5
  • a8822ed v6.1.0-rc.5
  • 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
  • 06b55c8 update 6.1-rc.5
  • 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
  • f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
  • c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
  • cd7766e 6.1.0-rc.5 changelog addition
  • 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
  • f2123da 6.1.0-rc.5 changelog
  • 30c5e98 fix incorrect component reference
  • f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@guardrails
Copy link
Copy Markdown

guardrails bot commented Dec 7, 2020

⚠️ We detected security issues in this pull request:
Mode: paranoid | Total findings: 14 | Considered vulnerability: 4

Insecure Use of Dangerous Function (4)

css/script/bundle-size-report.js

Line 46 in d5f17dc

local: require(`../${bundle.stats}`),

css/script/changelog.js

Line 3 in d5f17dc

const {spawnSync} = require('child_process')

css/script/test-deprecations.js

Line 54 in d5f17dc

const local = require(`../${statsPath}`)

css/script/test-deprecations.js

Line 106 in d5f17dc

const local = require(`../${varsPath}`)

More info on how to fix Insecure Use of Dangerous Function in Javascript.

Insecure Use of Regular Expressions (1)

css/script/dist.js

Line 34 in d5f17dc

const inPattern = new RegExp(`^${inDir}/`)

More info on how to fix Insecure Use of Regular Expressions in Javascript.

Vulnerable Libraries (9)

More info on how to fix Vulnerable Libraries in Javascript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Dec 12, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot