Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: pouchdb-browser, pouchdb-find, react, react-dom, bluebird, d3, debug, draggabilly, electron-context-menu, semver, q, winreg, electron-regedit, electron-squirrel-startup, glob, highlight.js, html-to-react, loglevel, marked, material-ui, mobx, mobx-react, mobx-react-devtools, moment, monaco-editor, nan, pako, react-autosuggest, react-datetime, react-json-tree, react-notification-system, react-resizable, regedit, request, request-promise, simple-git, string-similarity, uuid, xterm #42

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

atlslscsrv-app
Copy link
Member

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

pouchdb-browser
from 6.2.0 to 6.4.3 | 10 versions ahead of your current version | 7 years ago
on 2018-02-02
pouchdb-find
from 6.2.0 to 6.4.3 | 10 versions ahead of your current version | 7 years ago
on 2018-02-02
react
from 15.4.2 to 15.7.0 | 12 versions ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 15.4.2 to 15.7.0 | 12 versions ahead of your current version | 4 years ago
on 2020-10-14
bluebird
from 3.5.1 to 3.7.2 | 8 versions ahead of your current version | 5 years ago
on 2019-11-28
d3
from 4.11.0 to 4.13.0 | 4 versions ahead of your current version | 7 years ago
on 2018-01-29
debug
from 3.1.0 to 3.2.7 | 8 versions ahead of your current version | 4 years ago
on 2020-11-19
draggabilly
from 2.1.1 to 2.4.1 | 4 versions ahead of your current version | 3 years ago
on 2021-12-19
electron-context-menu
from 0.8.0 to 0.16.0 | 13 versions ahead of your current version | 5 years ago
on 2020-02-01
semver
from 5.4.1 to 5.7.2 | 6 versions ahead of your current version | a year ago
on 2023-07-10
q
from 1.5.0 to 1.5.1 | 1 version ahead of your current version | 7 years ago
on 2017-10-19
winreg
from 1.2.4 to 1.2.5 | 1 version ahead of your current version | a year ago
on 2023-10-20
electron-regedit
from 1.0.6 to 1.1.2 | 3 versions ahead of your current version | 4 years ago
on 2020-05-06
electron-squirrel-startup
from 1.0.0 to 1.0.1 | 1 version ahead of your current version | 4 months ago
on 2024-05-13
glob
from 7.1.2 to 7.2.3 | 8 versions ahead of your current version | 2 years ago
on 2022-05-15
highlight.js
from 9.8.0 to 9.18.5 | 26 versions ahead of your current version | 4 years ago
on 2020-11-19
html-to-react
from 1.3.4 to 1.7.0 | 13 versions ahead of your current version | a year ago
on 2023-10-04
loglevel
from 1.4.1 to 1.9.1 | 16 versions ahead of your current version | 7 months ago
on 2024-01-26
marked
from 0.3.6 to 0.8.2 | 22 versions ahead of your current version | 4 years ago
on 2020-03-22
material-ui
from 0.18.7 to 0.20.0 | 6 versions ahead of your current version | 7 years ago
on 2017-12-04
mobx
from 2.6.0 to 2.7.0 | 7 versions ahead of your current version | 8 years ago
on 2016-12-09
mobx-react
from 3.5.8 to 3.5.9 | 1 version ahead of your current version | 8 years ago
on 2016-11-07
mobx-react-devtools
from 4.2.9 to 4.2.15 | 6 versions ahead of your current version | 7 years ago
on 2017-06-17
moment
from 2.22.2 to 2.30.1 | 16 versions ahead of your current version | 8 months ago
on 2023-12-27
monaco-editor
from 0.7.0 to 0.50.0 | 805 versions ahead of your current version | 3 months ago
on 2024-06-20
nan
from 2.5.1 to 2.20.0 | 24 versions ahead of your current version | 3 months ago
on 2024-06-12
pako
from 1.0.5 to 1.0.11 | 6 versions ahead of your current version | 5 years ago
on 2020-01-29
react-autosuggest
from 9.0.1 to 9.4.3 | 11 versions ahead of your current version | 6 years ago
on 2019-01-05
react-datetime
from 2.7.5 to 2.16.3 | 27 versions ahead of your current version | 6 years ago
on 2018-12-03
react-json-tree
from 0.10.9 to 0.19.0 | 16 versions ahead of your current version | 5 months ago
on 2024-04-07
react-notification-system
from 0.2.11 to 0.4.0 | 8 versions ahead of your current version | 4 years ago
on 2020-05-06
react-resizable
from 1.4.5 to 1.11.1 | 14 versions ahead of your current version | 4 years ago
on 2021-03-05
regedit
from 2.2.6 to 2.2.7 | 1 version ahead of your current version | 7 years ago
on 2017-06-07
request
from 2.88.0 to 2.88.2 | 1 version ahead of your current version | 5 years ago
on 2020-02-11
request-promise
from 4.1.1 to 4.2.6 | 7 versions ahead of your current version | 4 years ago
on 2020-07-22
simple-git
from 1.65.0 to 1.132.0 | 67 versions ahead of your current version | 4 years ago
on 2020-03-12
string-similarity
from 1.2.0 to 1.2.2 | 2 versions ahead of your current version | 6 years ago
on 2018-09-12
uuid
from 3.0.1 to 3.4.0 | 7 versions ahead of your current version | 5 years ago
on 2020-01-16
xterm
from 2.8.1 to 2.9.2 | 3 versions ahead of your current version | 7 years ago
on 2017-08-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Poisoning
SNYK-JS-QS-3153490
696 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746
696 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086
696 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
696 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASHMERGE-173732
696 Proof of Concept
high severity Prototype Pollution
SNYK-JS-AJV-584908
696 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1023599
696 Proof of Concept
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922
696 No Known Exploit
high severity Code Injection
SNYK-JS-LODASH-1040724
696 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-450202
696 Proof of Concept
high severity Cross-site Scripting (XSS)
npm:marked:20170112
696 No Known Exploit
high severity Cross-site Scripting (XSS)
npm:marked:20170815
696 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20170907
696 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20180225
696 Proof of Concept
high severity Directory Traversal
SNYK-JS-MOMENT-2440688
696 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238
696 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-610226
696 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
696 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370
696 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-LODASHMERGE-173733
696 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116
696 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1072471
696 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326
696 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
696 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540
696 No Known Exploit
medium severity Cross-site Scripting (XSS)
npm:marked:20170815-1
696 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
696 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
696 Proof of Concept
medium severity Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
696 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
696 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
696 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:ms:20170412
696 No Known Exploit
Release notes
Package name: pouchdb-browser
  • 6.4.3 - 2018-02-02
  • 6.4.2 - 2018-01-24
  • 6.4.1 - 2017-12-18
  • 6.4.0 - 2017-12-17
  • 6.3.4 - 2017-07-15
  • 6.3.3 - 2017-07-14
  • 6.3.2 - 2017-07-13
  • 6.3.1 - 2017-07-13
  • 6.3.0 - 2017-07-13
  • 6.2.1-prerelease - 2017-07-13
  • 6.2.0 - 2017-04-20
from pouchdb-browser GitHub release notes
Package name: pouchdb-find
  • 6.4.3 - 2018-02-02
  • 6.4.2 - 2018-01-24
  • 6.4.1 - 2017-12-18
  • 6.4.0 - 2017-12-17
  • 6.3.4 - 2017-07-15
  • 6.3.3 - 2017-07-14
  • 6.3.2 - 2017-07-13
  • 6.3.1 - 2017-07-13
  • 6.3.0 - 2017-07-13
  • 6.2.1-prerelease - 2017-07-13
  • 6.2.0 - 2017-04-20
from pouchdb-find GitHub release notes
Package name: react
  • 15.7.0 - 2020-10-14

    React

  • 15.6.2 - 2017-09-26
  • 15.6.1 - 2017-06-15
  • 15.6.0 - 2017-06-13
  • 15.6.0-rc.1 - 2017-06-01
  • 15.5.4 - 2017-04-11
  • 15.5.3 - 2017-04-08
  • 15.5.2 - 2017-04-08
  • 15.5.1 - 2017-04-07
  • 15.5.0 - 2017-04-07
  • 15.5.0-rc.2 - 2017-04-06
  • 15.5.0-rc.1 - 2017-04-05
  • 15.4.2 - 2017-01-06
from react GitHub release notes
Package name: react-dom
  • 15.7.0 - 2020-10-14

    React

  • 15.6.2 - 2017-09-26
  • 15.6.1 - 2017-06-15
  • 15.6.0 - 2017-06-13
  • 15.6.0-rc.1 - 2017-06-01
  • 15.5.4 - 2017-04-11
  • 15.5.3 - 2017-04-08
  • 15.5.2 - 2017-04-08
  • 15.5.1 - 2017-04-07
  • 15.5.0 - 2017-04-07
  • 15.5.0-rc.2 - 2017-04-06
  • 15.5.0-rc.1 - 2017-04-05
  • 15.4.2 - 2017-01-06
from react-dom GitHub release notes
Package name: bluebird
  • 3.7.2 - 2019-11-28

    Bugfixes:

    • Fixes firefox settimeout not initialized error (#1623)
  • 3.7.1 - 2019-10-15

    Features:

    • feature

    Bugfixes:

  • 3.7.0 - 2019-10-01

    Features:

  • 3.6.0 - 2019-10-01

    Features:

    • Add support for AsyncResource (#1403)

    Bugfixes:

  • 3.5.5 - 2019-05-24

    Features:

    • Added Symbol.toStringTag support to Promise (#1421)

    Bugfixes:

    • Fix error in IE9 (#1591, #1592)
    • Fix error with undefined stack trace (#1537)
    • Fix #catch throwing an error later rather than immediately when passed non-function handler (#1517)
  • 3.5.4 - 2019-04-03
    • Proper version check supporting VSCode(#1576)
  • 3.5.3 - 2018-11-06

    Bugfixes:

    • Update acorn dependency
  • 3.5.2 - 2018-09-03

    Bugfixes:

    • Fix PromiseRejectionEvent to contain .reason and .promise properties. (#1509, #1464)
    • Fix promise chain retaining memory until the entire chain is resolved (#1544, #1529)

    id: changelog
    title: Changelog

  • 3.5.1 - 2017-10-04

    Bugfixes:

    • Fix false positive unhandled rejection when using async await (#1404)
    • Fix false positive when reporting error as non-error (#990)
from bluebird GitHub release notes
Package name: d3
  • 4.13.0 - 2018-01-29
  • 4.12.2 - 2017-12-26
  • 4.12.1 - 2017-12-26
  • 4.12.0 - 2017-11-21
  • 4.11.0 - 2017-10-03
from d3 GitHub release notes
Package name: debug
  • 3.2.7 - 2020-11-19

    3.2.7

  • 3.2.6 - 2018-10-10
  • 3.2.5 - 2018-09-11
  • 3.2.4 - 2018-09-11
  • 3.2.3 - 2018-09-11
  • 3.2.2 - 2018-09-11
  • 3.2.1 - 2018-09-11
  • 3.2.0 - 2018-09-11
  • 3.1.0 - 2017-09-26
from debug GitHub release notes
Package name: draggabilly
  • 2.4.1 - 2021-12-19

    🐞 Fixed bug for dragging on iOS 15

  • 2.4.0 - 2021-12-19

    2.4.0

  • 2.3.0 - 2020-05-16
    • 🐞 fix Safari 9 drag bug.
    • Deploy to Netlify
    • Switch to npm for front-end dependencies, off of Bower
    • Switch to vanilla node for scripts, remove Gulp
    • Add linting with ESLint
    • Add CI with GitHub actions
  • 2.2.0 - 2018-03-27

    🔔 Added setPosition method. #147
    🐞 Fixed contain top down, not bottom-up. #185
    🐞 Enabled clicks in text inputs. #181
    🐞 Disabled preventDefault when disabled. #165
    ⬆️ Updated dependencies Unipointer 2.3, Unidragger 2.3
    🛠 Breaking change. Drop vendor prefixes. Drop support for Android 4

  • 2.1.1 - 2016-06-10
    • 🛠 allow fixed positioning. Fixed #134
    • 🐞 Fixed Firefox % position, not-in-DOM bug. Fixed #131
from draggabilly GitHub release notes
Package name: electron-context-menu from electron-context-menu GitHub release notes
Package name: semver from semver GitHub release notes
Package name: q from q GitHub release notes
Package name: winreg
  • 1.2.5 - 2023-10-20
    • fixes a possible security issue if an attacker is able to pollute Object.prototype (thanks to Mikhail Shcherbakov KTH Royal Institute of Technology for reporting)
    • adds support for electron apps
    • updates the development dependencies
    • updates the mocha tests
  • 1.2.4 - 2017-05-12

    1.2.4

from winreg GitHub release notes
Package name: electron-squirrel-startup from electron-squirrel-startup GitHub release notes
Package name: glob from glob GitHub release notes
Package name: highlight.js
  • 9.18.5 - 2020-11-19
  • 9.18.4 - 2020-11-18
  • 9.18.3 - 2020-07-29
  • 9.18.2 - 2020-07-28
  • 9.18.1 - 2020-02-01
  • 9.18.0 - 2020-01-20
  • 9.17.1 - 2019-12-12
  • 9.17.0 - 2019-12-11
  • 9.16.2 - 2019-11-01
  • 9.16.1 - 2019-10-31
  • 9.15.10 - 2019-08-20
  • 9.15.9 - 2019-07-31
  • 9.15.8 - 2019-05-29
  • 9.15.7 - 2019-05-29
  • 9.15.6 - 2019-02-26
  • 9.15.5 - 2019-02-25
  • 9.15.2 - 2019-02-25
  • 9.15.1 - 2019-02-25
  • 9.14.2 - 2019-02-01
  • 9.14.1 - 2019-01-30
  • 9.13.1 - 2018-10-17
  • 9.13.0 - 2018-10-13
  • 9.12.0 - 2017-05-31
  • 9.11.0 - 2017-04-19
  • 9.10.0 - 2017-03-08
  • 9.9.0 - 2016-12-14
  • 9.8.0 - 2016-11-02
from highlight.js GitHub release notes
Package name: html-to-react from html-to-react GitHub release notes
Package name: loglevel from loglevel GitHub release notes
Package name: marked
  • 0.8.2 - 2020-03-22

    Fixes

    • Add html to TextRenderer for html in headings #1622
    • Remove html tags in heading ids #1622

    Docs

    • Update comment about GitHub breaks #1620
  • 0.8.1 - 2020-03-18

    Fixes

    • Fix marked --help #1588
    • Fix GFM Example 116 code fences #1600
    • Send inline html to renderer #1602 (fixes #1601)
    • Improve docs example for invoking highlight.js #1603
    • Fix block-level elements breaking tables #1598 (fixes #1467)
    • break nptables on block-level structures #1617
  • 0.8.0 - 2019-12-12

    Breaking changes

    Fixes

    • Fix relative urls in baseUrl option #1526
    • Loose task list #1535
    • Fix image parentheses #1557
    • remove module field & update devDependencies #1581

    Docs

    • Update examples with es6+ #1521
    • Fix link to USING_PRO.md page #1552
    • Fix typo in USING_ADVANCED.md #1558
    • Node worker threads are stable

Snyk has created this PR to upgrade:
  - pouchdb-browser from 6.2.0 to 6.4.3.
    See this package in npm: https://www.npmjs.com/package/pouchdb-browser
  - pouchdb-find from 6.2.0 to 6.4.3.
    See this package in npm: https://www.npmjs.com/package/pouchdb-find
  - react from 15.4.2 to 15.7.0.
    See this package in npm: https://www.npmjs.com/package/react
  - react-dom from 15.4.2 to 15.7.0.
    See this package in npm: https://www.npmjs.com/package/react-dom
  - bluebird from 3.5.1 to 3.7.2.
    See this package in npm: https://www.npmjs.com/package/bluebird
  - d3 from 4.11.0 to 4.13.0.
    See this package in npm: https://www.npmjs.com/package/d3
  - debug from 3.1.0 to 3.2.7.
    See this package in npm: https://www.npmjs.com/package/debug
  - draggabilly from 2.1.1 to 2.4.1.
    See this package in npm: https://www.npmjs.com/package/draggabilly
  - electron-context-menu from 0.8.0 to 0.16.0.
    See this package in npm: https://www.npmjs.com/package/electron-context-menu
  - semver from 5.4.1 to 5.7.2.
    See this package in npm: https://www.npmjs.com/package/semver
  - q from 1.5.0 to 1.5.1.
    See this package in npm: https://www.npmjs.com/package/q
  - winreg from 1.2.4 to 1.2.5.
    See this package in npm: https://www.npmjs.com/package/winreg
  - electron-regedit from 1.0.6 to 1.1.2.
    See this package in npm: https://www.npmjs.com/package/electron-regedit
  - electron-squirrel-startup from 1.0.0 to 1.0.1.
    See this package in npm: https://www.npmjs.com/package/electron-squirrel-startup
  - glob from 7.1.2 to 7.2.3.
    See this package in npm: https://www.npmjs.com/package/glob
  - highlight.js from 9.8.0 to 9.18.5.
    See this package in npm: https://www.npmjs.com/package/highlight.js
  - html-to-react from 1.3.4 to 1.7.0.
    See this package in npm: https://www.npmjs.com/package/html-to-react
  - loglevel from 1.4.1 to 1.9.1.
    See this package in npm: https://www.npmjs.com/package/loglevel
  - marked from 0.3.6 to 0.8.2.
    See this package in npm: https://www.npmjs.com/package/marked
  - material-ui from 0.18.7 to 0.20.0.
    See this package in npm: https://www.npmjs.com/package/material-ui
  - mobx from 2.6.0 to 2.7.0.
    See this package in npm: https://www.npmjs.com/package/mobx
  - mobx-react from 3.5.8 to 3.5.9.
    See this package in npm: https://www.npmjs.com/package/mobx-react
  - mobx-react-devtools from 4.2.9 to 4.2.15.
    See this package in npm: https://www.npmjs.com/package/mobx-react-devtools
  - moment from 2.22.2 to 2.30.1.
    See this package in npm: https://www.npmjs.com/package/moment
  - monaco-editor from 0.7.0 to 0.50.0.
    See this package in npm: https://www.npmjs.com/package/monaco-editor
  - nan from 2.5.1 to 2.20.0.
    See this package in npm: https://www.npmjs.com/package/nan
  - pako from 1.0.5 to 1.0.11.
    See this package in npm: https://www.npmjs.com/package/pako
  - react-autosuggest from 9.0.1 to 9.4.3.
    See this package in npm: https://www.npmjs.com/package/react-autosuggest
  - react-datetime from 2.7.5 to 2.16.3.
    See this package in npm: https://www.npmjs.com/package/react-datetime
  - react-json-tree from 0.10.9 to 0.19.0.
    See this package in npm: https://www.npmjs.com/package/react-json-tree
  - react-notification-system from 0.2.11 to 0.4.0.
    See this package in npm: https://www.npmjs.com/package/react-notification-system
  - react-resizable from 1.4.5 to 1.11.1.
    See this package in npm: https://www.npmjs.com/package/react-resizable
  - regedit from 2.2.6 to 2.2.7.
    See this package in npm: https://www.npmjs.com/package/regedit
  - request from 2.88.0 to 2.88.2.
    See this package in npm: https://www.npmjs.com/package/request
  - request-promise from 4.1.1 to 4.2.6.
    See this package in npm: https://www.npmjs.com/package/request-promise
  - simple-git from 1.65.0 to 1.132.0.
    See this package in npm: https://www.npmjs.com/package/simple-git
  - string-similarity from 1.2.0 to 1.2.2.
    See this package in npm: https://www.npmjs.com/package/string-similarity
  - uuid from 3.0.1 to 3.4.0.
    See this package in npm: https://www.npmjs.com/package/uuid
  - xterm from 2.8.1 to 2.9.2.
    See this package in npm: https://www.npmjs.com/package/xterm

See this project in Snyk:
https://app.snyk.io/org/atlslscsrv-app/project/3e513fc7-e9c6-42c3-b739-ebd4b35f1df7?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants