[Snyk] Fix for 7 vulnerabilities #4

snyk-bot · 2022-02-16T11:46:40Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
544/1000 Why? Has a fix available, CVSS 6.6	Cross-site Scripting (XSS) SNYK-JS-ADMINLTE-1047343	Yes	No Known Exploit
669/1000 Why? Has a fix available, CVSS 9.1	Cross-site Scripting (XSS) SNYK-JS-ADMINLTE-584564	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-CHARTJS-1018716	Yes	Proof of Concept
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-JSPDF-1073626	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JSPDF-568273	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JSPDF-575256	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PAPAPARSE-564258	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: admin-lte

The new version differs by 250 commits.

c641d7f update docs assets
229ec8e update dist files
c45bfe8 bump version number
2f5db1b Bump eslint-plugin-unicorn from 28.0.2 to 29.0.0 (Get full Asset excel report snipe/snipe-it#3527)
0e5d965 Fix: sidebar light in dark-mode ([Question] Recommended Asset label printer? snipe/snipe-it#3526)
c81bc3c bump bundlewatch size
aceb8c6 bump bundlewatch sizes
9cd655d add permanent-btn-iframe-close class
d7678db Merge pull request V4 : ADDED (Experimental) Ability to check assets out to users, locations and other assets snipe/snipe-it#3525 from danny007in/example-branch
5a2c03c update plugin files
164354c update dependencies & devDependencies
22e087a fixed nav tabs border inside card header
c09d842 update url of Bootstrap 4 - Tempus Dominus
4e5cb3e add datetime example
4b73f9c Merge pull request Feature Request : assign asset to another asset or trackable component snipe/snipe-it#3522 from danny007in/dark-mode-in-docs
3810eb2 add mt-2 to sidebar-search in docs
e7ed74d Enhance: dark-mode in docs
18bc68f Adding Lua Server Pages implementation info in Docs (Snipe-IT directory problem snipe/snipe-it#3512)
4a43243 update docs (Whoops Something Went Wrong snipe/snipe-it#3511)
ce8e766 Bump rollup from 2.40.0 to 2.41.2 (Generate app key not working snipe/snipe-it#3509)
5f0f0aa Bump datatables.net-bs4 from 1.10.23 to 1.10.24 (Active Directory User Can't Log in snipe/snipe-it#3504)
2517f63 Bump @ babel/core from 7.13.8 to 7.13.10 (SQLSTATE[HY000] [1044] Access denied for user 'snipe_user'@'localhost' to database 'snipeit' snipe/snipe-it#3503)
7ac5e82 Bump datatables.net from 1.10.23 to 1.10.24 (additional modules for admins only snipe/snipe-it#3508)
e32abe9 Bump @ babel/preset-env from 7.13.9 to 7.13.10 (QUESTION: How is the userid persisted throughout the session? snipe/snipe-it#3506)

See the full diff

Package name: papaparse

The new version differs by 72 commits.

4b192de Minor version bump
235a127 Avoid ReDOS on float dynamic typing (Composer Install d11wtq/boris v1.0.8 download issues snipe/snipe-it#779)
a4cf371 Improve downloadRequestBody documentation
e934deb Support POST method when download is true
7ec146c Using self instead of this to preserve binding. (Interface request - set sort order for Accessory Category when creating a new Accessory. snipe/snipe-it#769)
3497ded Patch version bump
ae73d2a Use chunk size to determine the processed length
a318396 Reword newline docs
47b356d [Feature Request] Make Asset Tag Clickable Again snipe/snipe-it#727 update delimiter and newline index if they are earlier than the current position before tested. (Fix #723 - Add view to list users of group snipe/snipe-it#728)
7ad8dda Address deepEqual using compare by JSON strings. (Missing Entries snipe/snipe-it#724)
e536351 Refactor substr calls to substring calls. (Snipe-it on windows 7 32bit Server Error: 500 (Internal Server Error) snipe/snipe-it#725)
e0b474d Correct small typo (Feature request: Be able to list users by group in admin panel snipe/snipe-it#723)
6f7e43e Fix step callback function when skipping empty lines (iis error when click on report it ask for authentication. snipe/snipe-it#714)
ec26e72 Bump open from 0.0.5 to 7.0.0 (Incorrect version showing after upgrade to 1.2.6.1 snipe/snipe-it#721)
5219809 Minor version bump
9b54b11 Fix Range Header processing logic for NetworkStreamer (Feature Request : E-mail Additional Asset Info when checked out and checked in snipe/snipe-it#709)
94d7bf9 Fix CSV parsing issue when first cell is empty (Fix link to the demo snipe/snipe-it#707)
bacf4f2 Adds Hua Explore to list of lovers (Issue : Recent Activity Date in Dashboard - Demo Site snipe/snipe-it#705)
45c1455 Fix README typos (Fix processing stuck on exit print view snipe/snipe-it#704)
80a1044 Implement quotes config optionally as function (Snipe with Apache Mod_Proxy snipe/snipe-it#703)
874161a Fix misplaced quotes parsing (Method [checkModel] does not exist. snipe/snipe-it#702)
98e3102 Use latest PapaParse version on demo page
d2206b3 Update download version from webpage
788631f Patch version bump

See the full diff

Package name: tableexport.jquery.plugin

The new version differs by 20 commits.

a3446cd Release 1.20.0
10efcb8 To ensure compatibility with newer jsPDF versions, jsPDF-AutoTable 2.0.17 has been integrated and adapted.
d2134fb Updated jsPDF to version 2.3.1
67b2252 Updated jsPDF to version 2.3.1 (release)
b87ddf2 Updated jsPDF to version 2.3.1
c80fd58 SheetJS/js-xlsx v0.17.0
37bcc96 Filesaver.js updated to version 2.0.4
578472e Updated html2canvas to version 1.3.2
9cb9682 issue Adding/Editing Assets snipe/snipe-it#326: npm install of latest version is missing the libs folder
3145607 Release 1.10.25
80966b7 pdfmake v0.1.71
3d11f5c Release 1.10.24
07d2c68 Removed previously added libs and revoke release 1.10.23 with that
7d38edc Release 1.10.23
320ace2 Issue 326: Added libs folder
582d5e5 Issue 326: Added libs folder
1870e72 Sample for issue 327
5b489c2 Updated to recent bootstrap and bootstrap table version
ac867b5 - Release 1.10.22
8844eac Updated files to ignore

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ADMINLTE-1047343 - https://snyk.io/vuln/SNYK-JS-ADMINLTE-584564 - https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716 - https://snyk.io/vuln/SNYK-JS-JSPDF-1073626 - https://snyk.io/vuln/SNYK-JS-JSPDF-568273 - https://snyk.io/vuln/SNYK-JS-JSPDF-575256 - https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258

Benjamin-KY merged commit 505488d into master Feb 16, 2022

Benjamin-KY deleted the snyk-fix-afdecfa3325bbac9c0004b845d6b33b1 branch February 16, 2022 11:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 7 vulnerabilities #4

[Snyk] Fix for 7 vulnerabilities #4

snyk-bot commented Feb 16, 2022

[Snyk] Fix for 7 vulnerabilities #4

[Snyk] Fix for 7 vulnerabilities #4

Conversation

snyk-bot commented Feb 16, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: