[Snyk] Upgrade: babel-plugin-styled-components, eslint, eslint-plugin-prettier, eslint-plugin-react, eslint-plugin-security, node-fetch, next, prettier, webpack

[Tanver-Hasan]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

babel-plugin-styled-components
from 1.12.0 to 1.13.3 | 11 versions ahead of your current version | 3 years ago
on 2021-10-18
eslint
from 7.16.0 to 7.32.0 | 16 versions ahead of your current version | 3 years ago
on 2021-07-30
eslint-plugin-prettier
from 3.3.0 to 3.4.1 | 3 versions ahead of your current version | 3 years ago
on 2021-08-20
eslint-plugin-react
from 7.21.5 to 7.35.0 | 46 versions ahead of your current version | 2 months ago
on 2024-07-20
eslint-plugin-security
from 1.4.0 to 1.7.1 | 4 versions ahead of your current version | 2 years ago
on 2023-02-02
node-fetch
from 2.6.1 to 2.7.0 | 13 versions ahead of your current version | a year ago
on 2023-08-23
next
from 10.0.3 to 10.2.3 | 140 versions ahead of your current version | 3 years ago
on 2021-05-24
prettier
from 2.2.1 to 2.8.8 | 21 versions ahead of your current version | a year ago
on 2023-04-23
webpack
from 5.11.0 to 5.94.0 | 145 versions ahead of your current version | a month ago
on 2024-08-22

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	586	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	586	No Known Exploit
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	586	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	586	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	586	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	586	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	586	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	586	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	586	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	586	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	586	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	586	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	586	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	586	Mature
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	586	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	586	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	586	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	586	Proof of Concept
	Denial of Service SNYK-JS-NODEFETCH-674311	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	586	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	586	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	586	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	586	Proof of Concept

Release notes

Package name: babel-plugin-styled-components

• 1.13.3 - 2021-10-18
  
  • when there are multiple assignments prefer the outer name (#355) thanks @ rockwotj
  • minor dependency updates
• 1.13.2 - 2021-07-08
  
  • added some conditional guards to code paths that lead to errors for some consumers (0c16c1b)
  • dependency updates
  • teach babel plugin about certain spread application scenarios with "css" prop #339
  • handle namespace import (import * as styled from 'styled-components') properly #340
• 1.13.2-test.1 - 2021-07-06
  

  Teach the plugin how to handle namespace import syntax properly, fixes #315 e.g.

  import * as styled from 'styled-components'

  const css = styled.css</span> <span class="pl-s"> background: black;</span> <span class="pl-s">

  const GlobalStyle = styled.createGlobalStyle</span> <span class="pl-s"> html {</span> <span class="pl-s"> background: black;</span> <span class="pl-s"> }</span> <span class="pl-s">

  const Test = styled.default.div</span> <span class="pl-s"> color: red;</span> <span class="pl-s">

  const before = styled.default.div</span> <span class="pl-s"> color: blue;</span> <span class="pl-s">

  styled.default.div``

  export default styled.default.button``

  
  


• 
  1.13.2-test.0 - 2021-07-06
  

  Fix #337 #332 (spread application involving local variable inside of css prop resulting in build error)

  
  


• 
  1.13.1 - 2021-06-29
  

  Fix one edge case with object key interpolation from v1.13.0

  
  


• 
  1.13.0 - 2021-06-29
  

  • teach the plugin how to handle variable interpolation in object keys, e.g.

    css={{
      [theme.breakpoint.sm]: {
        color: 'red'
      } 
    }}

  • plugin now emits transient props when replacing css prop calls (cuts down on garbage in the DOM for s-c 5.1+)

  • merge withConfig arguments to allow for shouldForwardProp, thanks @ ithinkdancan #323

  • move injected components to end of file scope, thanks @ sfishel18

  • Ensure sc- prefix is always added #313, thanks @ chalbert

• 1.13.0-test.3 - 2021-06-29
• 1.13.0-test.2 - 2021-06-29
• 1.13.0-test.1 - 2021-06-29
• 1.13.0-test - 2021-06-29
• 1.12.1 - 2021-06-29
  

  • Resolve operability issue with rollup (see #327), thanks @ ktranada

  • Update dependencies

• 1.12.0 - 2020-11-20
  

  • Add topLevelImportPaths option (#288)

    This functionality allows the composer to specify alternate import locations for the "styled" constructor, for instance if you are using a third party library that wraps styled-components and does additional processing. See this test for how to use it.

  • preserve structure of JSX member expressions in generated ast nodes; this makes sure that other babel transformations that rename variables will be able to process the ast nodes created by this plugin. fixes #240

from babel-plugin-styled-components GitHub release notes

Package name: eslint

• 7.32.0 - 2021-07-30
  
  • 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841) (Bryan Mishkin)
  • faecf56 Update: change reporting location for curly rule (refs #12334) (#14766) (Nitin Kumar)
  • d7dc07a Fix: ignore lines with empty elements (fixes #12756) (#14837) (Soufiane Boutahlil)
  • 1bfbefd New: Exit on fatal error (fixes #13711) (#14730) (Antonios Katopodis)
  • ed007c8 Chore: Simplify internal no-invalid-meta rule (#14842) (Bryan Mishkin)
  • d53d906 Docs: Prepare data for website to indicate rules with suggestions (#14830) (Bryan Mishkin)
  • d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#14805) (Brett Zamir)
  • 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#14823) (Bryan Mishkin)
  • f9c164f Docs: New syntax issue template (#14826) (Nicholas C. Zakas)
  • eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #12334) (#14809) (Nitin Kumar)
  • ed945bd Docs: fix multiple broken links (#14833) (Sam Chen)
  • 60df44c Chore: use actions/setup-node@v2 (#14816) (Nitin Kumar)
  • 6641d88 Docs: Update README team and sponsors (ESLint Jenkins)
• 7.31.0 - 2021-07-17
  
  • efdbb12 Upgrade: @ eslint/eslintrc to v0.4.3 (#14808) (Brandon Mills)
  • a96b05f Update: add end location to report in consistent-return (refs #12334) (#14798) (Nitin Kumar)
  • e0e8e30 Docs: update BUG_REPORT template (#14787) (Nitin Kumar)
  • 39115c8 Docs: provide more context to no-eq-null (#14801) (gfyoung)
  • 9a3c73c Docs: fix a broken link (#14790) (Sam Chen)
  • ddffa8a Update: Indicating the operator in question (#14764) (Paul Smith)
  • bba714c Update: Clarifying what changes need to be made in no-mixed-operators (#14765) (Paul Smith)
  • b0d22e3 Docs: Mention benefit of providing meta.docs.url (#14774) (Bryan Mishkin)
  • 000cc79 Sponsors: Sync README with website (ESLint Jenkins)
  • a6a7438 Chore: pin fs-teardown@0.1.1 (#14771) (Milos Djermanovic)
• 7.30.0 - 2021-07-02
  
  • 5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #14744) (#14748) (Milos Djermanovic)
  • 19a871a Docs: Suggest linting plugins for ESLint plugin developers (#14754) (Bryan Mishkin)
  • aa87329 Docs: fix broken links (#14756) (Sam Chen)
  • 278813a Docs: fix and add more examples for new-cap rule (fixes #12874) (#14725) (Nitin Kumar)
  • ed1da5d Update: ecmaVersion allows "latest" (#14720) (薛定谔的猫)
  • 104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #14715) (#14718) (Nitin Kumar)
  • b08170b Update: Implement FlatConfigArray (refs #13481) (#14321) (Nicholas C. Zakas)
  • f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#14738) (薛定谔的猫)
  • 1b8997a Docs: Fix getRulesMetaForResults link syntax (#14723) (Brandon Mills)
  • aada733 Docs: fix two broken links (#14726) (Sam Chen)
  • 8972529 Docs: Update README team and sponsors (ESLint Jenkins)
• 7.29.0 - 2021-06-18
  
  • bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#73) (#14677) (Brandon Mills)
  • c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #13654) (#14716) (Nicholas C. Zakas)
  • eea7e0d Chore: remove duplicate code (#14719) (Nitin Kumar)
  • 6a1c7a0 Fix: allow fallthrough comment inside block (fixes #14701) (#14702) (Kevin Gibbons)
  • a47e5e3 Docs: Add Mega-Linter to the list of integrations (#14707) (Nicolas Vuillamy)
  • 353ddf9 Chore: enable reportUnusedDisableDirectives in eslint-config-eslint (#14699) (薛定谔的猫)
  • 757c495 Chore: add some rules to eslint-config-eslint (#14692) (薛定谔的猫)
  • c93a222 Docs: fix a broken link (#14697) (Sam Chen)
  • 655c118 Sponsors: Sync README with website (ESLint Jenkins)
  • e2bed2e Sponsors: Sync README with website (ESLint Jenkins)
  • 8490fb4 Sponsors: Sync README with website (ESLint Jenkins)
  • ddbe877 Sponsors: Sync README with website (ESLint Jenkins)
• 7.28.0 - 2021-06-04
  
  • 1237705 Upgrade: @ eslint/eslintrc to 0.4.2 (#14672) (Milos Djermanovic)
  • 123fb86 Docs: Add Feedback Needed triage description (#14670) (Nicholas C. Zakas)
  • c545163 Update: support multiline /eslint-env/ directives (fixes #14652) (#14660) (薛定谔的猫)
  • 8d1e75a Upgrade: glob-parent version in package.json (#14658) (Hamza Najeeb)
  • 1f048cb Fix: no-implicit-coercion false positive with String() (fixes #14623) (#14641) (Milos Djermanovic)
  • d709abf Chore: fix comment location in no-unused-vars (#14648) (Milos Djermanovic)
  • e44ce0a Fix: no-duplicate-imports allow unmergeable (fixes #12758, fixes #12760) (#14238) (Soufiane Boutahlil)
  • bb66a3d New: add getPhysicalFilename() method to rule context (fixes #11989) (#14616) (Nitin Kumar)
  • 2e43dac Docs: fix no-sequences example (#14643) (Nitin Kumar)
  • 958ff4e Docs: add note for arrow functions in no-seq rule (#14578) (Nitin Kumar)
  • e4f111b Fix: arrow-body-style crash with object pattern (fixes #14633) (#14635) (Milos Djermanovic)
  • ec28b5a Chore: upgrade eslint-plugin-eslint-plugin (#14590) (薛定谔的猫)
  • 85a2725 Docs: Update README team and sponsors (ESLint Jenkins)
• 7.27.0 - 2021-05-22
  
  • 2c0868c Chore: merge all html formatter files into html.js (#14612) (Milos Djermanovic)
  • 9e9b5e0 Update: no-unused-vars false negative with comma operator (fixes #14325) (#14354) (Nitin Kumar)
  • afe9569 Chore: use includes instead of indexOf (#14607) (Mikhail Bodrov)
  • c0f418e Chore: Remove lodash (#14287) (Stephen Wade)
  • 52655dd Update: no-restricted-imports custom message for patterns (fixes