[Snyk] Fix for 4 vulnerabilities#149
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-15274295 - https://snyk.io/vuln/SNYK-JS-QS-15268416 - https://snyk.io/vuln/SNYK-JS-WEBPACK-15235959 - https://snyk.io/vuln/SNYK-JS-WEBPACK-15235969
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 081bb0b1cd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "css-loader": "6.7.1", | ||
| "dotenv": "16.0.1", | ||
| "eslint": "8.18.0", | ||
| "eslint": "10.0.0", |
There was a problem hiding this comment.
Upgrading to eslint 10.0.0 drops support for the runtime this package declares ("node": ">=12.0" in package.json), because the resolved package now requires ^20.19.0 || ^22.13.0 || >=24 (package-lock.json node_modules/eslint engines). In Node 12/14/16/18 environments, lint/install workflows will break or become unsupported after this change, so this is a compatibility regression introduced by the bump.
Useful? React with 👍 / 👎.
| "autoprefixer": "10.4.7", | ||
| "babel-jest": "28.1.1", | ||
| "babel-loader": "8.2.5", | ||
| "babel-loader": "10.0.0", |
There was a problem hiding this comment.
Bumping babel-loader to 10.0.0 also raises the minimum Node version beyond the project’s stated support range: the resolved package requires ^18.20.0 || ^20.10.0 || >=22.0.0 (package-lock.json node_modules/babel-loader engines), whereas this repo still advertises Node >=12. That means builds using webpack/babel on Node 12/14/16/18 are no longer supported by this dependency set.
Useful? React with 👍 / 👎.
2 participants
Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AJV-15274295
SNYK-JS-QS-15268416
SNYK-JS-WEBPACK-15235959
SNYK-JS-WEBPACK-15235969
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Allocation of Resources Without Limits or Throttling
🦉 Server-side Request Forgery (SSRF)