Skip to content

[Snyk] Fix for 1 vulnerabilities #208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #208

wants to merge 1 commit into from

Conversation

TheRedHatter
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
low severity Missing Release of Memory after Effective Lifetime
SNYK-JS-UNDICI-10176064		   508  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Missing Release of Memory after Effective Lifetime

@TheRedHatter
Copy link
Owner Author

TheRedHatter commented May 16, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

@socket-security Socket Security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​babel/​traverse@​7.16.3100257894100
Added@​nicolo-ribaudo/​eslint-scope-5-internals@​5.1.1-v11001004675100
Addedarray-flatten@​1.1.1671007851100
Updatedavailable-typed-arrays@​1.0.5 ⏵ 1.0.76710083 +451100
Addedarray.prototype.findlast@​1.2.5661009251100
Addedarray-includes@​3.1.86610010051100
Addedarray-buffer-byte-length@​1.0.1671007751100
Addedarraybuffer.prototype.slice@​1.0.3661008751100
Updatedarray.prototype.flat@​1.3.1 ⏵ 1.3.2671009152100
Addedarray.prototype.tosorted@​1.1.4671009152100
Addedarray.prototype.reduce@​1.0.7661009052100
Addedarray.prototype.flatmap@​1.3.2671009452100
Addedarray.prototype.findlastindex@​1.2.5661009252100
Addedboolbase@​1.0.01001005276100
Updated@​types/​parse-json@​4.0.0 ⏵ 4.0.210010053 -177100
Updated@​webassemblyjs/​helper-api-error@​1.11.0 ⏵ 1.11.6100 +110059 -180100
Updated@​types/​graceful-fs@​4.1.6 ⏵ 4.1.5100 +110059 -976100
Updated@​webassemblyjs/​ieee754@​1.11.0 ⏵ 1.11.6100 +110059 -180100
Addedbabel-plugin-named-asset-import@​0.3.81001006082100
Added@​babel/​plugin-syntax-dynamic-import@​7.8.31001006081100
Added@​babel/​plugin-syntax-export-namespace-from@​7.8.31001006081100
Added@​babel/​plugin-syntax-private-property-in-object@​7.14.51001006081100
Added@​svgr/​babel-plugin-remove-jsx-empty-expression@​5.0.11001006176100
Added@​babel/​plugin-syntax-class-static-block@​7.14.51001006181100
See 311 more rows in the dashboard

View full report

@socket-security Socket Security
Copy link

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Warn Critical
@babel/[email protected] has a Critical CVE.

CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL)

Affected versions: < 7.23.2

Patched version: 7.23.2

From: package-lock.jsonnpm/@babel/[email protected]

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@babel/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@TheRedHatter
Copy link
Owner Author

Logo
Checkmarx One – Scan Summary & Details63e52ee8-433a-4e41-824a-ae4450d20493

Fixed Issues (4)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CVE-2024-24758 Npm-undici-5.21.0
MEDIUM CVE-2024-30260 Npm-undici-5.21.0
LOW CVE-2023-45143 Npm-undici-5.21.0
LOW CVE-2024-30261 Npm-undici-5.21.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TheRedHatter @snyk-bot