[Snyk] Upgrade yup from 0.32.9 to 0.32.11

[gzacharski]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade yup from 0.32.9 to 0.32.11.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2021-10-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	425/1000 Why? CVSS 8.5	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	425/1000 Why? CVSS 8.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LUXON-3225081	425/1000 Why? CVSS 8.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	425/1000 Why? CVSS 8.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	425/1000 Why? CVSS 8.5	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	425/1000 Why? CVSS 8.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	425/1000 Why? CVSS 8.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	425/1000 Why? CVSS 8.5	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	425/1000 Why? CVSS 8.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	425/1000 Why? CVSS 8.5	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	425/1000 Why? CVSS 8.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	425/1000 Why? CVSS 8.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	425/1000 Why? CVSS 8.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	425/1000 Why? CVSS 8.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	425/1000 Why? CVSS 8.5	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	425/1000 Why? CVSS 8.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	425/1000 Why? CVSS 8.5	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	425/1000 Why? CVSS 8.5	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	425/1000 Why? CVSS 8.5	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	425/1000 Why? CVSS 8.5	Proof of Concept
	Information Exposure SNYK-JS-NANOID-2332193	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	425/1000 Why? CVSS 8.5	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	425/1000 Why? CVSS 8.5	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	425/1000 Why? CVSS 8.5	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	425/1000 Why? CVSS 8.5	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	425/1000 Why? CVSS 8.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	425/1000 Why? CVSS 8.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	425/1000 Why? CVSS 8.5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	425/1000 Why? CVSS 8.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: yup

• 0.32.11 - 2021-10-12
  

  v0.32.11

• 0.32.10 - 2021-10-11
  

  v0.32.10

• 0.32.9 - 2021-02-17
  

  v0.32.9

from yup GitHub release notes

Commit messages

Package name: yup

• d072af3 Publish v0.32.11
• 2015c0f fix: dep ranges
• 846161e Publish v0.32.10
• 1d767b4 chore: fix ts compilation
• 2778b88 Merge pull request #1483 from jquense/bug-bash
• 4bdc4e4 chore: bump deps and clean up tooling
• 5334349 fix: carry over excluded edges when concating objects
• f3056f2 fix: missing transforms on concat
• 03584f6 feat: add resolved to params (#1437)
• 7842afb fix: oneOf, notOneOf swallowing multiple errors (#1434)
• 7576cd8 feat: add types to setLocale (#1427)
• eab974f Update typescript.md
• 877f777 chore(deps): update dependency lint-staged to v11 (#1359)
• 94cfd11 feat: allows custom types to be passed to avoid cast to ObjectSchema (#1358)
• 70d0b67 fix: update lodash/lodash-es to fix CVEs flagged in 4.17.20 (#1334)
• acbb8b4 fix(utils): use named functions for default exports (#1329)
• 5eda549 fix: prevent unhandled Promise rejection when returning rejected Promise inside test function (#1327)
• 91ace1e fix: SchemaOf<>'s treatment of Date objects. (#1305)
• 0fca0a4 docs: clarify wording
• 4c17508 fix: fix the typo for the array length validation (#1287)
• bbd44d0 chore(deps): update dependency husky to v5 (#1251)
• 357ffa4 docs: Fix typo (#1272)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs