Skip to content

[Snyk] Fix for 61 vulnerabilities #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-io wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 61 vulnerabilities #58

snyk-io wants to merge 1 commit into from

Conversation

@snyk-io
Copy link

@snyk-io snyk-io bot commented Dec 14, 2025

snyk-top-banner

Snyk has created this PR to fix 61 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

  • client/package.json
  • client/.snyk
⚠️ Warning 
Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Heap-based Buffer Overflow
SNYK-JS-SHARP-5922108		   834  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIM-1017038		   351  
critical severity Predictable Value Range from Previous Values
SNYK-JS-FORMDATA-10841150		   311  
medium severity Cross-site Scripting (XSS)
SNYK-JS-WEBPACK-7840298		   298  
high severity Denial of Service (DoS)
SNYK-JS-DICER-2311764		   277  
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9292519		   233  
medium severity Validation Bypass
SNYK-JS-SANITIZEHTML-1070780		   232  
low severity Arbitrary Code Injection
SNYK-JS-PRISMJS-9055448		   230  
high severity Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506		   221  
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118		   217  
high severity Uncaught Exception
SNYK-JS-MULTER-10185673		   211  
medium severity Cross-site Scripting (XSS)
SNYK-JS-SANITIZEHTML-585892		   209  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		   199  
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727		   199  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   199  
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		   199  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		   198  
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		   194  
high severity Authorization Bypass Through User-Controlled Key
SNYK-JS-PARSEPATH-2936439		   186  
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		   184  
high severity Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		   178  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELHELPERS-9397697		   175  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504		   175  
critical severity Uncaught Exception
SNYK-JS-MULTER-10299078		   172  
medium severity Prototype Pollution
SNYK-JS-IMMER-1540542		   171  
medium severity Prototype Pollution
SNYK-JS-OBJECTPATH-1569453		   171  
medium severity Access Restriction Bypass
SNYK-JS-SANITIZEHTML-1070786		   166  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   164  
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9403194		   162  
medium severity Symlink Attack
SNYK-JS-TMP-11501554		   162  
high severity Missing Release of Memory after Effective Lifetime
SNYK-JS-MULTER-10185675		   155  
high severity Uncaught Exception
SNYK-JS-MULTER-10773732		   155  
high severity Denial of Service (DoS)
SNYK-JS-ENGINEIO-3136336		   147  
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		   144  
high severity Uncaught Exception
SNYK-JS-SOCKETIO-7278048		   142  
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-3023021		   140  
medium severity Improper Input Validation
SNYK-JS-PARSEURL-3024398		   140  
high severity Prototype Pollution
SNYK-JS-OBJECTPATH-1585658		   134  
medium severity Information Exposure
SNYK-JS-SANITIZEHTML-6256334		   132  
medium severity Information Exposure
SNYK-JS-GATSBY-5671647		   122  
medium severity Information Exposure
SNYK-JS-GATSBYTRANSFORMERREMARK-5671901		   98  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SANITIZEHTML-2957526		   93  
medium severity Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109		   92  
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-12613773		   83  
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		   82  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		   79  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PROMPTS-1729737		   79  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		   79  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		   78  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		   78  
medium severity Open Redirect
SNYK-JS-GOT-2932019		   77  
medium severity Information Exposure
SNYK-JS-GATSBYCLI-5671903		   74  
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		   72  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		   59  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		   57  
medium severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		   56  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		   56  
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692		   56  
medium severity Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		   50  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Allocation of Resources Without Limits or Throttling
🦉 Cross-site Request Forgery (CSRF)
🦉 More lessons are available in Snyk Learn

@snyk-io
fix: client/package.json & client/.snyk to reduce vulnerabilities
1de06a4 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SHARP-5922108
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038
- https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
- https://snyk.io/vuln/SNYK-JS-AXIOS-9292519
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780
- https://snyk.io/vuln/SNYK-JS-PRISMJS-9055448
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-MULTER-10185673
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892
- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-AXIOS-6032459
- https://snyk.io/vuln/SNYK-JS-PARSEPATH-2936439
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-MULTER-10299078
- https://snyk.io/vuln/SNYK-JS-IMMER-1540542
- https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-AXIOS-9403194
- https://snyk.io/vuln/SNYK-JS-TMP-11501554
- https://snyk.io/vuln/SNYK-JS-MULTER-10185675
- https://snyk.io/vuln/SNYK-JS-MULTER-10773732
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-7278048
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3023021
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3024398
- https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1585658
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
- https://snyk.io/vuln/SNYK-JS-GATSBY-5671647
- https://snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526
- https://snyk.io/vuln/SNYK-JS-SHARP-2848109
- https://snyk.io/vuln/SNYK-JS-AXIOS-12613773
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-AXIOS-6124857
- https://snyk.io/vuln/SNYK-JS-PROMPTS-1729737
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:ms:20170412
@semanticdiff-com
Copy link

semanticdiff-com bot commented Dec 14, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  client/package.json  59% smaller
  client/.snyk Unsupported file format

@snyk-io
Copy link
Author

snyk-io bot commented Dec 14, 2025

⚠️ Snyk checks are incomplete.

Status Scanner Critical High Medium Low Total (0)
⚠️ Open Source Security 0 0 0 0 See details

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant