[Snyk] Upgrade: react, react-dom, color, react-responsive, react-scripts, react-spinners, react-toggle, react-use-gesture, styled-components

[yash509]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

react
from 16.12.0 to 16.14.0 | 3 versions ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.12.0 to 16.14.0 | 3 versions ahead of your current version | 4 years ago
on 2020-10-14
color
from 3.1.2 to 3.2.1 | 4 versions ahead of your current version | 3 years ago
on 2021-07-18
react-responsive
from 8.0.3 to 8.2.0 | 3 versions ahead of your current version | 4 years ago
on 2020-11-30
react-scripts
from 3.4.0 to 3.4.4 | 4 versions ahead of your current version | 4 years ago
on 2020-10-20
react-spinners
from 0.8.1 to 0.14.1 | 52 versions ahead of your current version | 3 months ago
on 2024-06-26
react-toggle
from 4.1.1 to 4.1.3 | 2 versions ahead of your current version | 2 years ago
on 2022-07-16
react-use-gesture
from 7.0.5 to 7.0.16 | 11 versions ahead of your current version | 4 years ago
on 2020-08-31
styled-components
from 5.0.1 to 5.3.11 | 33 versions ahead of your current version | a year ago
on 2023-05-26

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	517	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	517	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	517	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	517	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	517	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	517	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	517	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	517	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	517	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	517	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	517	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	517	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	517	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	517	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	517	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	517	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	517	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	517	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	517	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	517	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	517	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	517	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	517	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	517	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	517	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	517	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	517	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	517	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	517	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	517	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	517	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	517	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	517	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	517	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	517	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	517	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	517	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	517	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	517	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	517	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	517	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	517	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	517	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	517	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	517	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	517	No Known Exploit
	Cross-site Scripting SNYK-JS-SEND-7926862	517	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	517	No Known Exploit

Release notes

Package name: react

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

from react GitHub release notes

Package name: react-dom

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

from react-dom GitHub release notes

Package name: color

• 3.2.1 - 2021-07-18
  

  Patch Release 3.2.1

  • Revert color-convert back down to <2 since v2 introduced ES6 syntax.

  If you need color-convert@>=2 then you'll need to have ES6 support. It's 2021, embrace it. 🙂

• 3.2.0 - 2021-07-17
  

  Minor Release 3.2.0

  NOTE: This is the final release of color that uses ES5 syntax. For those following along, 4.0.0 was just released that switches to ES6 (const/let) syntax, which will (at some point) be followed by another major release that further switches to ES Modules entirely. This will be a sweeping change across the color package suite (color, color-string, color-convert). Keep a look out if these issues have been bothering you.

  • Bumps color convert to latest (fixes some issues with HCG)
  • Bumps mocha to latest
• 3.1.4 - 2021-07-17
• 3.1.3 - 2020-10-09
• 3.1.2 - 2019-06-03

from color GitHub release notes

Package name: react-responsive

• 8.2.0 - 2020-11-30
  

  tag version 8.2.0

• 8.1.1 - 2020-11-10
• 8.1.0 - 2020-06-02
• 8.0.3 - 2020-01-22

from react-responsive GitHub release notes

Package name: react-scripts

• 3.4.4 - 2020-10-20
• 3.4.3 - 2020-08-12
• 3.4.2 - 2020-08-11
• 3.4.1 - 2020-03-21
• 3.4.0 - 2020-02-14

from react-scripts GitHub release notes

Package name: react-spinners

• 0.14.1 - 2024-06-26
  

  What's Changed

  • Revert "fix: multiple hash loader with different color renders as the same color" by @ davidhu2000 in #605

  Full Changelog: 0.14.0...0.14.1

• 0.14.0 - 2024-06-26
  

  What's Changed

  • feat: color prop can accept rgb colors by @ Roman178 in #586
  • fix: multiple hash loader with different color renders as the same color by @ davidhu2000 in #602
  • fix: moon loader wobble by @ davidhu2000 in #603

  New Contributors

  • @ Roman178 made their first contribution in #586

  Full Changelog: v0.13.8...0.14.0

• 0.13.8 - 2023-01-19
  

  What's Changed

  • Bump decode-uri-component from 0.2.0 to 0.2.2 by @ dependabot in #555
  • chore: update devDependencies to latest versions by @ davidhu2000 in #556
  • Bump json5 from 1.0.1 to 1.0.2 by @ dependabot in #559
  • Remove Animation Fill Mode by @ Lucien950 in #558
  • docs: fix radius prop type in storybook to be number instead of object by @ davidhu2000 in #561

  New Contributors

  • @ Lucien950 made their first contribution in #558

  Full Changelog: v0.13.7...v0.13.8

• 0.13.7 - 2022-12-03
  

  What's Changed

  fix: PacmanLoader container height/width to adjust with size prop

• 0.13.6 - 2022-10-08
  

  0.13.6

• 0.13.5 - 2022-10-04
  

  0.13.5

• 0.13.4 - 2022-07-30
• 0.13.3 - 2022-07-01
  

  0.13.3

• 0.13.2 - 2022-06-28
  

  0.13.2

• 0.13.1 - 2022-06-25
• 0.13.0 - 2022-06-25
  

  Major Changes

  Feature: Removed @ emotion/react as a dependency and rewrote all components as functional components. This library now has ZERO dependencies.

  This resulted in a huge component size reduction. As compared between 0.12.0 and 0.13.0

  0.13.0
  
  0.12.0
  

  Feature: Add support for custom props such as aria-label
  Feature: Updated RiseLoader rise amount to be the same as size prop instead of hard coded 30px

  Breaking Change: css prop is renamed to cssOverride to avoid conflicts with css-in-js libraries

  Storybook is introduced to better demo the components. The demo site is simplified to only allow color changes.

  Minor Changes

  • replaced enzyme with react testing library
  • bugfix: add display: inherit to the default styles to fix the rendering issue
  • bugfix: GridLoader's rendering issue
• 0.13.0-beta.7 - 2022-06-25
• 0.13.0-beta.6 - 2022-06-25
• 0.13.0-beta.5 - 2022-06-07
• 0.13.0-beta.4 - 2022-06-05
• 0.13.0-beta.3 - 2022-05-26
• 0.13.0-beta.2 - 2022-05-26
• 0.13.0-beta.1 - 2022-05-26
• 0.13.0-alpha.5 - 2022-05-22
• 0.13.0-alpha.4 - 2022-05-22
• 0.13.0-alpha.3 - 2022-05-16
• 0.13.0-alpha.1 - 2022-05-16
• 0.12.0 - 2022-05-16
• 0.12.0-beta.1 - 2022-05-16
• 0.12.0-alpha.3 - 2022-05-03
• 0.12.0-alpha.2 - 2021-10-06
• 0.12.0-alpha.1 - 2021-09-25
• 0.11.0 - 2021-05-21
• 0.11.0-beta.1 - 2021-05-02
• 0.11.0-alpha.8 - 2021-03-21
• 0.11.0-alpha.7 - 2021-03-21
• 0.11.0-alpha.6 - 2021-02-22
• 0.11.0-alpha.5 - 2021-02-21
• 0.11.0-alpha.4 - 2021-02-21
• 0.11.0-alpha.3 - 2021-02-21
• 0.11.0-alpha.2 - 2020-12-31
• 0.11.0-alpha.1 - 2020-12-30
• 0.10.6 - 2021-02-13
• 0.10.4 - 2021-01-02
• 0.10.3 - 2021-01-02
• 0.10.2 - 2021-01-02
• 0.10.1 - 2020-12-30
• 0.10.0 - 2020-12-30
• 0.10.0-beta.3 - 2020-12-30
• 0.10.0-beta.2 - 2020-12-30
• 0.10.0-beta.1 - 2020-12-30
• 0.10.0-alpha.3 - 2020-12-27
• 0.10.0-alpha.2 - 2020-10-06
• 0.10.0-alpha.1 - 2020-10-06
• 0.9.0 - 2020-06-20
• 0.8.3 - 2020-05-02
• 0.8.2 - 2020-05-02
• 0.8.1 - 2020-03-08

from react-spinners GitHub release notes

Package name: react-toggle

• 4.1.3 - 2022-07-16
• 4.1.2 - 2021-03-12
• 4.1.1 - 2019-09-30

from react-toggle GitHub release notes

Package name: react-use-gesture

• 7.0.16 - 2020-08-31
• 7.0.15 - 2020-04-17
• 7.0.14 - 2020-04-15
• 7.0.13 - 2020-04-11
• 7.0.12 - 2020-04-09
• 7.0.11 - 2020-04-05
• 7.0.10 - 2020-04-05
• 7.0.9 - 2020-04-03
• 7.0.8 - 2020-04-02
• 7.0.7 - 2020-04-02
• 7.0.6 - 2020-03-29
• 7.0.5 - 2020-03-08

from react-use-gesture GitHub release notes

Package name: styled-components

• 5.3.11 - 2023-05-26
• 5.3.10 - 2023-04-23
• 5.3.9 - 2023-03-13
• 5.3.8 - 2023-03-02
• 5.3.7 - 2023-03-02
• 5.3.6 - 2022-09-27
• 5.3.5 - 2022-03-24
• 5.3.4 - 2022-03-24
• 5.3.3 - 2021-10-19
• 5.3.2 - 2021-10-19
• 5.3.1 - 2021-08-24
• 5.3.1-pr3564 - 2021-08-21
• 5.3.1-pr3563 - 2021-08-21
• 5.3.0 - 2021-05-05
• 5.2.3 - 2021-03-31
• 5.2.2 - 2021-03-30
• 5.2.1 - 2020-10-30
• 5.2.0 - 2020-09-04
• 5.2.0-test.12 - 2020-09-02
• 5.2.0-test.11 - 2020-08-31
• 5.2.0-test.10 - 2020-08-30
• 5.2.0-test.9 - 2020-08-30
• 5.2.0-test.8 - 2020-08-30
• 5.2.0-test.7 - 2020-08-30
• 5.2.0-test.6 - 2020-08-30
• 5.2.0-test.5 - 2020-08-28
• 5.2.0-test.4 - 2020-08-28
• 5.2.0-test.3 - 2020-08-28
• 5.2.0-test.2 - 2020-08-27
• 5.2.0-test.1 - 2020-08-27
• 5.2.0-test.0 - 2020-08-27
• 5.1.1 - 2020-05-25
• 5.1.0 - 2020-04-07
• 5.0.1 - 2020-02-04

from styled-components GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"react","from":"16.12.0","to":"16.14.0"},{"name":"react-dom","from":"16.12.0","to":"16.14.0"},{"name":"color","from":"3.1.2","to":"3.2.1"},{"name":"react-responsive","from":"8.0.3","to":"8.2.0"},{"name":"react-scripts","from":"3.4.0","to":"3.4.4"},{"name":"react-spinners","from":"0.8.1","to":"0.14.1"},{"name":"react-toggle","from":"4.1.1","to":"4.1.3"},{"name":"react-use-gesture","from":"7.0.5","to":"7.0.16"},{"name":"styled-components","from":"5.0.1","to":"5.3.11"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBSOCKETEXTENSIONS-570623","issue_id":"SNYK-JS-WEBSOCKETEXTENSIONS-570623","priority_score":517,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":481,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":492,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ASYNC-2441827","issue_id":"SNYK-JS-ASYNC-2441827","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-URLPARSE-1078283","issue_id":"SNYK-JS-URLPARSE-1078283","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":572,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-7577916","issue_id":"SNYK-JS-ELLIPTIC-7577916","priority_score":562,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-7577917","issue_id":"SNYK-JS-ELLIPTIC-7577917","priority_score":562,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-7577918","issue_id":"SNYK-JS-ELLIPTIC-7577918","priority_score...