Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: babel-plugin-styled-components, eslint, eslint-plugin-prettier, eslint-plugin-react, eslint-plugin-security, node-fetch, next, prettier, webpack #2001

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Tanver-Hasan
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

babel-plugin-styled-components
from 1.12.0 to 1.13.3 | 11 versions ahead of your current version | 3 years ago
on 2021-10-18
eslint
from 7.16.0 to 7.32.0 | 16 versions ahead of your current version | 3 years ago
on 2021-07-30
eslint-plugin-prettier
from 3.3.0 to 3.4.1 | 3 versions ahead of your current version | 3 years ago
on 2021-08-20
eslint-plugin-react
from 7.21.5 to 7.35.0 | 46 versions ahead of your current version | 2 months ago
on 2024-07-20
eslint-plugin-security
from 1.4.0 to 1.7.1 | 4 versions ahead of your current version | 2 years ago
on 2023-02-02
node-fetch
from 2.6.1 to 2.7.0 | 13 versions ahead of your current version | a year ago
on 2023-08-23
next
from 10.0.3 to 10.2.3 | 140 versions ahead of your current version | 3 years ago
on 2021-05-24
prettier
from 2.2.1 to 2.8.8 | 21 versions ahead of your current version | a year ago
on 2023-04-23
webpack
from 5.11.0 to 5.94.0 | 145 versions ahead of your current version | a month ago
on 2024-08-22

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
586 Proof of Concept
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
586 No Known Exploit
high severity Sandbox Bypass
SNYK-JS-WEBPACK-3358798
586 Proof of Concept
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683
586 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
586 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
586 Proof of Concept
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683
586 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
586 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026
586 No Known Exploit
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
586 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939
586 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899
586 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366
586 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
586 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
586 Proof of Concept
medium severity Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109
586 No Known Exploit
critical severity Heap-based Buffer Overflow
SNYK-JS-SHARP-5922108
586 Mature
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
586 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
586 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-WEBPACK-7840298
586 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-WEBPACK-7840298
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366
586 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366
586 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
586 No Known Exploit
medium severity Information Exposure
SNYK-JS-NANOID-2332193
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
586 Proof of Concept
medium severity Denial of Service
SNYK-JS-NODEFETCH-674311
586 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
586 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
586 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916
586 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917
586 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918
586 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
586 Proof of Concept
Release notes
Package name: babel-plugin-styled-components
  • 1.13.3 - 2021-10-18
    • when there are multiple assignments prefer the outer name (#355) thanks @ rockwotj
    • minor dependency updates
  • 1.13.2 - 2021-07-08
    • added some conditional guards to code paths that lead to errors for some consumers (0c16c1b)
    • dependency updates
    • teach babel plugin about certain spread application scenarios with "css" prop #339
    • handle namespace import (import * as styled from 'styled-components') properly #340
  • 1.13.2-test.1 - 2021-07-06

    Teach the plugin how to handle namespace import syntax properly, fixes #315 e.g.

    import * as styled from 'styled-components'

    const css = styled.css</span> <span class="pl-s"> background: black;</span> <span class="pl-s">

    const GlobalStyle = styled.createGlobalStyle</span> <span class="pl-s"> html {</span> <span class="pl-s"> background: black;</span> <span class="pl-s"> }</span> <span class="pl-s">

    const Test = styled.default.div</span> <span class="pl-s"> color: red;</span> <span class="pl-s">

    const before = styled.default.div</span> <span class="pl-s"> color: blue;</span> <span class="pl-s">

    styled.default.div``

    export default styled.default.button``




  • 1.13.2-test.0 - 2021-07-06

    Fix #337 #332 (spread application involving local variable inside of css prop resulting in build error)




  • 1.13.1 - 2021-06-29

    Fix one edge case with object key interpolation from v1.13.0




  • 1.13.0 - 2021-06-29

    • teach the plugin how to handle variable interpolation in object keys, e.g.

      css={{
        [theme.breakpoint.sm]: {
          color: 'red'
        } 
      }}
    • plugin now emits transient props when replacing css prop calls (cuts down on garbage in the DOM for s-c 5.1+)

    • merge withConfig arguments to allow for shouldForwardProp, thanks @ ithinkdancan #323

    • move injected components to end of file scope, thanks @ sfishel18

    • Ensure sc- prefix is always added #313, thanks @ chalbert

  • 1.13.0-test.3 - 2021-06-29
  • 1.13.0-test.2 - 2021-06-29
  • 1.13.0-test.1 - 2021-06-29
  • 1.13.0-test - 2021-06-29
  • 1.12.1 - 2021-06-29
    • Resolve operability issue with rollup (see #327), thanks @ ktranada

    • Update dependencies

  • 1.12.0 - 2020-11-20
    • Add topLevelImportPaths option (#288)

      This functionality allows the composer to specify alternate import locations for the "styled" constructor, for instance if you are using a third party library that wraps styled-components and does additional processing. See this test for how to use it.

    • preserve structure of JSX member expressions in generated ast nodes; this makes sure that other babel transformations that rename variables will be able to process the ast nodes created by this plugin. fixes #240

from babel-plugin-styled-components GitHub release notes
Package name: eslint
  • 7.32.0 - 2021-07-30
    • 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841) (Bryan Mishkin)
    • faecf56 Update: change reporting location for curly rule (refs #12334) (#14766) (Nitin Kumar)
    • d7dc07a Fix: ignore lines with empty elements (fixes #12756) (#14837) (Soufiane Boutahlil)
    • 1bfbefd New: Exit on fatal error (fixes #13711) (#14730) (Antonios Katopodis)
    • ed007c8 Chore: Simplify internal no-invalid-meta rule (#14842) (Bryan Mishkin)
    • d53d906 Docs: Prepare data for website to indicate rules with suggestions (#14830) (Bryan Mishkin)
    • d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#14805) (Brett Zamir)
    • 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#14823) (Bryan Mishkin)
    • f9c164f Docs: New syntax issue template (#14826) (Nicholas C. Zakas)
    • eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #12334) (#14809) (Nitin Kumar)
    • ed945bd Docs: fix multiple broken links (#14833) (Sam Chen)
    • 60df44c Chore: use actions/setup-node@v2 (#14816) (Nitin Kumar)
    • 6641d88 Docs: Update README team and sponsors (ESLint Jenkins)
  • 7.31.0 - 2021-07-17
    • efdbb12 Upgrade: @ eslint/eslintrc to v0.4.3 (#14808) (Brandon Mills)
    • a96b05f Update: add end location to report in consistent-return (refs #12334) (#14798) (Nitin Kumar)
    • e0e8e30 Docs: update BUG_REPORT template (#14787) (Nitin Kumar)
    • 39115c8 Docs: provide more context to no-eq-null (#14801) (gfyoung)
    • 9a3c73c Docs: fix a broken link (#14790) (Sam Chen)
    • ddffa8a Update: Indicating the operator in question (#14764) (Paul Smith)
    • bba714c Update: Clarifying what changes need to be made in no-mixed-operators (#14765) (Paul Smith)
    • b0d22e3 Docs: Mention benefit of providing meta.docs.url (#14774) (Bryan Mishkin)
    • 000cc79 Sponsors: Sync README with website (ESLint Jenkins)
    • a6a7438 Chore: pin fs-teardown@0.1.1 (#14771) (Milos Djermanovic)
  • 7.30.0 - 2021-07-02
    • 5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #14744) (#14748) (Milos Djermanovic)
    • 19a871a Docs: Suggest linting plugins for ESLint plugin developers (#14754) (Bryan Mishkin)
    • aa87329 Docs: fix broken links (#14756) (Sam Chen)
    • 278813a Docs: fix and add more examples for new-cap rule (fixes #12874) (#14725) (Nitin Kumar)
    • ed1da5d Update: ecmaVersion allows "latest" (#14720) (薛定谔的猫)
    • 104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #14715) (#14718) (Nitin Kumar)
    • b08170b Update: Implement FlatConfigArray (refs #13481) (#14321) (Nicholas C. Zakas)
    • f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#14738) (薛定谔的猫)
    • 1b8997a Docs: Fix getRulesMetaForResults link syntax (#14723) (Brandon Mills)
    • aada733 Docs: fix two broken links (#14726) (Sam Chen)
    • 8972529 Docs: Update README team and sponsors (ESLint Jenkins)
  • 7.29.0 - 2021-06-18
    • bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#73) (#14677) (Brandon Mills)
    • c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #13654) (#14716) (Nicholas C. Zakas)
    • eea7e0d Chore: remove duplicate code (#14719) (Nitin Kumar)
    • 6a1c7a0 Fix: allow fallthrough comment inside block (fixes #14701) (#14702) (Kevin Gibbons)
    • a47e5e3 Docs: Add Mega-Linter to the list of integrations (#14707) (Nicolas Vuillamy)
    • 353ddf9 Chore: enable reportUnusedDisableDirectives in eslint-config-eslint (#14699) (薛定谔的猫)
    • 757c495 Chore: add some rules to eslint-config-eslint (#14692) (薛定谔的猫)
    • c93a222 Docs: fix a broken link (#14697) (Sam Chen)
    • 655c118 Sponsors: Sync README with website (ESLint Jenkins)
    • e2bed2e Sponsors: Sync README with website (ESLint Jenkins)
    • 8490fb4 Sponsors: Sync README with website (ESLint Jenkins)
    • ddbe877 Sponsors: Sync README with website (ESLint Jenkins)
  • 7.28.0 - 2021-06-04
    • 1237705 Upgrade: @ eslint/eslintrc to 0.4.2 (#14672) (Milos Djermanovic)
    • 123fb86 Docs: Add Feedback Needed triage description (#14670) (Nicholas C. Zakas)
    • c545163 Update: support multiline /eslint-env/ directives (fixes #14652) (#14660) (薛定谔的猫)
    • 8d1e75a Upgrade: glob-parent version in package.json (#14658) (Hamza Najeeb)
    • 1f048cb Fix: no-implicit-coercion false positive with String() (fixes #14623) (#14641) (Milos Djermanovic)
    • d709abf Chore: fix comment location in no-unused-vars (#14648) (Milos Djermanovic)
    • e44ce0a Fix: no-duplicate-imports allow unmergeable (fixes #12758, fixes #12760) (#14238) (Soufiane Boutahlil)
    • bb66a3d New: add getPhysicalFilename() method to rule context (fixes #11989) (#14616) (Nitin Kumar)
    • 2e43dac Docs: fix no-sequences example (#14643) (Nitin Kumar)
    • 958ff4e Docs: add note for arrow functions in no-seq rule (#14578) (Nitin Kumar)
    • e4f111b Fix: arrow-body-style crash with object pattern (fixes #14633) (#14635) (Milos Djermanovic)
    • ec28b5a Chore: upgrade eslint-plugin-eslint-plugin (#14590) (薛定谔的猫)
    • 85a2725 Docs: Update README team and sponsors (ESLint Jenkins)
  • 7.27.0 - 2021-05-22
    • 2c0868c Chore: merge all html formatter files into html.js (#14612) (Milos Djermanovic)
    • 9e9b5e0 Update: no-unused-vars false negative with comma operator (fixes #14325) (#14354) (Nitin Kumar)
    • afe9569 Chore: use includes instead of indexOf (#14607) (Mikhail Bodrov)
    • c0f418e Chore: Remove lodash (#14287) (Stephen Wade)
    • 52655dd Update: no-restricted-imports custom message for patterns (fixes

Snyk has created this PR to upgrade:
  - babel-plugin-styled-components from 1.12.0 to 1.13.3.
    See this package in npm: https://www.npmjs.com/package/babel-plugin-styled-components
  - eslint from 7.16.0 to 7.32.0.
    See this package in npm: https://www.npmjs.com/package/eslint
  - eslint-plugin-prettier from 3.3.0 to 3.4.1.
    See this package in npm: https://www.npmjs.com/package/eslint-plugin-prettier
  - eslint-plugin-react from 7.21.5 to 7.35.0.
    See this package in npm: https://www.npmjs.com/package/eslint-plugin-react
  - eslint-plugin-security from 1.4.0 to 1.7.1.
    See this package in npm: https://www.npmjs.com/package/eslint-plugin-security
  - node-fetch from 2.6.1 to 2.7.0.
    See this package in npm: https://www.npmjs.com/package/node-fetch
  - next from 10.0.3 to 10.2.3.
    See this package in npm: https://www.npmjs.com/package/next
  - prettier from 2.2.1 to 2.8.8.
    See this package in npm: https://www.npmjs.com/package/prettier
  - webpack from 5.11.0 to 5.94.0.
    See this package in npm: https://www.npmjs.com/package/webpack

See this project in Snyk:
https://app.snyk.io/org/tanver-hasan/project/6e934631-b657-40d6-bf89-59ee9faa0c93?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment