[Snyk] Upgrade razzle from 3.0.0 to 3.4.5 #270

snyk-bot · 2023-01-05T09:26:26Z

Snyk has created this PR to upgrade razzle from 3.0.0 to 3.4.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 42 versions ahead of your current version.
The recommended version was released 2 years ago, on 2021-03-15.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-598677	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MERGE-1042987	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MERGE-1040469	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Command Injection SNYK-JS-LODASHTEMPLATE-1088054	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-2407770	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Authorization Bypass SNYK-JS-URLPARSE-2407759	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Open Redirect SNYK-JS-URLPARSE-1533425	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-EVENTSOURCE-2823375	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-EVENTSOURCE-2823375	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-DOTPROP-543489	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:braces:20180219	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: razzle

3.4.5 - 2021-03-15
Patches
- Dev-infra: fix release workflow: 11e7f60
3.4.2 - 2021-03-13
Patches
- Fix: fix release workflow: 8c33231
3.3.13 - 2021-02-04
3.3.12 - 2021-02-03
3.3.11 - 2021-01-10
3.3.10 - 2021-01-08
3.3.9 - 2020-12-30
3.3.8 - 2020-12-08
3.3.7 - 2020-10-16
3.3.6 - 2020-10-14
3.3.5 - 2020-10-12
3.3.4 - 2020-10-06
3.3.3 - 2020-10-04
3.3.2 - 2020-10-02
3.3.1 - 2020-09-29
3.3.0 - 2020-09-28
3.3.0-canary.9 - 2020-09-24
3.3.0-canary.8 - 2020-09-23
3.3.0-canary.7 - 2020-09-23
3.3.0-canary.6 - 2020-09-23
3.3.0-canary.5 - 2020-09-11
3.3.0-canary.4 - 2020-08-30
3.3.0-canary.3 - 2020-08-30
3.3.0-canary.2 - 2020-08-30
3.3.0-canary.0 - 2020-08-30
3.2.0-canary.4 - 2020-08-10
3.2.0-canary.3 - 2020-08-09
3.2.0-canary.2 - 2020-08-09
3.2.0-canary.1 - 2020-07-28
3.2.0-canary.0 - 2020-07-28
3.1.8 - 2020-09-23
3.1.7 - 2020-08-25
3.1.6 - 2020-07-26
3.1.5 - 2020-07-04
3.1.4 - 2020-06-26
3.1.3 - 2020-05-14
3.1.2 - 2020-05-13
3.1.1 - 2020-05-10
3.1.0 - 2020-04-25
3.1.0-canary.9 - 2020-04-25
3.1.0-canary.8 - 2020-04-22
3.1.0-canary.7 - 2020-04-22
3.0.0 - 2019-04-16

from razzle GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade razzle from 3.0.0 to 3.4.5. See this package in npm: https://www.npmjs.com/package/razzle See this project in Snyk: https://app.snyk.io/org/bolt-checkout-everywhere/project/6c7ef6b5-887f-4277-87ab-a12ded78949f?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade razzle from 3.0.0 to 3.4.5 #270

[Snyk] Upgrade razzle from 3.0.0 to 3.4.5 #270

Uh oh!

snyk-bot commented Jan 5, 2023

Patches

Patches

Uh oh!

Uh oh!

[Snyk] Upgrade razzle from 3.0.0 to 3.4.5 #270

Are you sure you want to change the base?

[Snyk] Upgrade razzle from 3.0.0 to 3.4.5 #270

Uh oh!

Conversation

snyk-bot commented Jan 5, 2023

Snyk has created this PR to upgrade razzle from 3.0.0 to 3.4.5.

Patches

Patches

Uh oh!

Uh oh!