[Snyk] Fix for 12 vulnerabilities #18

snyk-bot · 2022-09-23T11:49:58Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
449/1000 Why? Has a fix available, CVSS 4.7	Open Redirect SNYK-JS-NEXT-1540422	Yes	No Known Exploit
434/1000 Why? Has a fix available, CVSS 4.4	Path Traversal SNYK-JS-NEXT-561584	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-SWIPER-1088062	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 250 commits.

ce4adfc v11.1.0
092a476 v11.0.2-canary.31
ebb6a30 Revert "Add warning during `next build` when sharp is missing (#27933)"
52486ce v11.0.2-canary.30
8ac3254 Revert "Next swc publish flow (#27932)"
6014b6e v11.0.2-canary.29
4cd45aa Add rootDir setting to eslint-plugin-next (#27918)
e61ea6f Add manifest check step and add missing items (#27934)
94fc6f0 Next swc publish flow (#27932)
51a2a02 Add warning during `next build` when sharp is missing (#27933)
459b391 Add experimental `concurrentFeatures` config (#27768)
3c837ed test(next): add tests for Node-like hashbang support (#27906)
12eb812 Add data-nimg attribute to image component (#27899)
b4be678 Remove duplicate type for StaticImageData (#27931)
83b3ceb Update release stats job name (#27923)
681d298 update to webpack 5.50.0 (#27929)
b881d65 Adding a missing a period (#27928)
43393d5 Fix `next/script` unhandled promise rejection (#27903)
eb871d3 Replace `placeholder` with `blurDataURL` in global `StaticImageData` type (#27916)
0cc4a98 Little typo (#27911)
8cbaa40 v11.0.2-canary.28
97174ac Add with-cypress example (#27900)
6a32d85 Update with-jest example (#27894)
9d3e895 Upgrade styled-jsx to v4 (#27890)