Skip to content

[Snyk] Fix for 128 vulnerabilities #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 128 vulnerabilities #1

wants to merge 1 commit into from

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented Apr 23, 2025

snyk-top-banner

Snyk has created this PR to fix 128 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • packages/react-devtools/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity External Control of Assumed-Immutable Web Parameter
SNYK-JS-ELECTRON-8302883		   ****  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302885		   ****  
high severity Use After Free
SNYK-JS-ELECTRON-8302887		   ****  
critical severity Out-of-Bounds Write
SNYK-JS-ELECTRON-8302889		   ****  
high severity Type Confusion
SNYK-JS-ELECTRON-8302891		   ****  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302893		   ****  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302895		   ****  
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302897		   ****  
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302899		   ****  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8310517		   ****  
medium severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-8310519		   ****  
high severity Improper Access Control
SNYK-JS-ELECTRON-8310521		   ****  
medium severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-8352921		   ****  
high severity Use After Free
SNYK-JS-ELECTRON-8381010		   ****  
medium severity Access Restriction Bypass
SNYK-JS-ELECTRON-8381013		   ****  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8604279		   ****  
high severity Use After Free
SNYK-JS-ELECTRON-8604281		   ****  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8604283		   ****  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8738830		   ****  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8738832		   ****  
high severity Use After Free
SNYK-JS-ELECTRON-8738834		   ****  
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8738839		   ****  
high severity Use After Free
SNYK-JS-ELECTRON-9056160		   ****  
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-9486047		   ****  
medium severity Improper Isolation or Compartmentalization
SNYK-JS-ELECTRON-9572084		   ****  
medium severity Open Redirect
SNYK-JS-GOT-2932019		   ****  
high severity Prototype Pollution
SNYK-JS-INI-1048974		   ****  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		   ****  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   ****  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-6179663		   869  
high severity Integer Overflow or Wraparound
SNYK-JS-ELECTRON-5462056		   809  
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-5425841		   804  
critical severity Type Confusion
SNYK-JS-ELECTRON-6515651		   801  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-5923343		   794  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-6137744		   794  
critical severity Type Confusion
SNYK-JS-ELECTRON-8186889		   791  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		   756  
medium severity Denial of Service (DoS)
SNYK-JS-ELECTRON-5672160		   754  
high severity Out-of-Bounds
SNYK-JS-ELECTRON-5880432		   751  
critical severity Use After Free
SNYK-JS-ELECTRON-5596903		   704  
critical severity Use After Free
SNYK-JS-ELECTRON-5663563		   704  
critical severity Use After Free
SNYK-JS-ELECTRON-6253729		   694  
critical severity Use After Free
SNYK-JS-ELECTRON-6515650		   694  
critical severity Out-of-bounds Read
SNYK-JS-ELECTRON-7707759		   684  
high severity Use After Free
SNYK-JS-ELECTRON-3369913		   654  
high severity Double Free
SNYK-JS-ELECTRON-5563118		   654  
high severity Use After Free
SNYK-JS-ELECTRON-5596902		   654  
high severity Use After Free
SNYK-JS-ELECTRON-5710620		   654  
high severity Use After Free
SNYK-JS-ELECTRON-5710626		   654  
high severity Use After Free
SNYK-JS-ELECTRON-5747794		   654  
high severity Use After Free
SNYK-JS-ELECTRON-5747796		   654  
high severity Use After Free
SNYK-JS-ELECTRON-5812138		   654  
high severity Use After Free
SNYK-JS-ELECTRON-5812149		   654  
high severity Use After Free
SNYK-JS-ELECTRON-6146929		   654  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-6146931		   654  
high severity Use After Free
SNYK-JS-ELECTRON-6226524		   654  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-6253728		   654  
high severity Use After Free
SNYK-JS-ELECTRON-6515649		   654  
high severity Use After Free
SNYK-JS-ELECTRON-6515652		   654  
high severity Improper Restriction of Operations within the Bounds of a Memory Buffer
SNYK-JS-ELECTRON-6579648		   654  
high severity Use After Free
SNYK-JS-ELECTRON-6613084		   654  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-6613085		   654  
high severity Privilege Context Switching Error
SNYK-JS-ELECTRON-6854260		   654  
high severity Use After Free
SNYK-JS-ELECTRON-7411376		   654  
high severity Use After Free
SNYK-JS-ELECTRON-7411377		   654  
high severity Use After Free
SNYK-JS-ELECTRON-7411378		   654  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7411379		   654  
high severity Out-of-Bounds Write
SNYK-JS-ELECTRON-7411381		   654  
high severity Use After Free
SNYK-JS-ELECTRON-7411382		   654  
high severity Type Confusion
SNYK-JS-ELECTRON-7411383		   654  
high severity Use After Free
SNYK-JS-ELECTRON-7411386		   654  
high severity Use After Free
SNYK-JS-ELECTRON-7411387		   654  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-7411389		   654  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-8302877		   654  
high severity Use After Free
SNYK-JS-ELECTRON-7411388		   649  
high severity Use After Free
SNYK-JS-ELECTRON-7443353		   649  
high severity Use After Free
SNYK-JS-ELECTRON-7443354		   649  
high severity Use After Free
SNYK-JS-ELECTRON-7443355		   649  
high severity Use After Free
SNYK-JS-ELECTRON-7443356		   649  
high severity Use After Free
SNYK-JS-ELECTRON-7577919		   649  
high severity Use After Free
SNYK-JS-ELECTRON-7577921		   649  
high severity Type Confusion
SNYK-JS-ELECTRON-8097217		   649  
high severity Use After Free
SNYK-JS-ELECTRON-8302881		   649  
high severity Out-of-Bounds
SNYK-JS-ELECTRON-5488389		   644  
high severity Out-of-Bounds
SNYK-JS-ELECTRON-5710514		   644  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-6173171		   644  
high severity Use After Free
SNYK-JS-ELECTRON-6261583		   644  
high severity Out-of-Bounds
SNYK-JS-ELECTRON-6564965		   644  
high severity Use After Free
SNYK-JS-ELECTRON-7707753		   644  
high severity Use After Free
SNYK-JS-ELECTRON-7707755		   644  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7707756		   644  
high severity Use After Free
SNYK-JS-ELECTRON-7707757		   644  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-7707758		   644  
high severity Use After Free
SNYK-JS-ELECTRON-7707760		   644  
high severity Type Confusion
SNYK-JS-ELECTRON-8186838		   644  
high severity Improper Access Control
SNYK-JS-ELECTRON-5885098		   639  
medium severity Prototype Pollution
SNYK-JS-DOTPROP-543489		   636  
medium severity Race Condition
SNYK-JS-ELECTRON-7707754		   631  
high severity Use After Free
SNYK-JS-ELECTRON-6146930		   619  
high severity Use After Free
SNYK-JS-ELECTRON-6146932		   619  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-6613086		   619  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-5812567		   594  
high severity Improper Input Validation
SNYK-JS-ELECTRON-6043905		   594  
high severity Integer Overflow or Wraparound
SNYK-JS-ELECTRON-6043907		   594  
high severity NULL Pointer Dereference
SNYK-JS-ELECTRON-6476870		   594  
high severity Use After Free
SNYK-JS-ELECTRON-5425842		   589  
high severity Denial of Service (DoS)
SNYK-JS-ELECTRON-5462008		   589  
high severity Denial of Service (DoS)
SNYK-JS-ELECTRON-5747795		   589  
high severity Denial of Service (DoS)
SNYK-JS-ELECTRON-6405830		   589  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-5418305		   579  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-5462123		   579  
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-5596904		   579  
high severity Use After Free
SNYK-JS-ELECTRON-5710425		   579  
high severity Use After Free
SNYK-JS-ELECTRON-5710556		   579  
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-5710600		   579  
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-5710601		   579  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-5710623		   579  
high severity Type Confusion
SNYK-JS-ELECTRON-6173170		   579  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7411384		   579  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7411385		   579  
high severity Use After Free
SNYK-JS-ELECTRON-6105391		   569  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-8230426		   564  
medium severity Type Confusion
SNYK-JS-ELECTRON-8302879		   559  
medium severity Integer Overflow or Wraparound
SNYK-JS-ELECTRON-6613087		   554  
medium severity Use After Free
SNYK-JS-ELECTRON-6346758		   524  
medium severity Arbitrary Code Execution
SNYK-JS-ELECTRON-5885041		   519  
medium severity Origin Validation Error
SNYK-JS-ELECTRON-5416285		   484  
medium severity Type Confusion
SNYK-JS-ELECTRON-7411390		   479  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Use After Free
🦉 More lessons are available in Snyk Learn

@snyk-io
fix: packages/react-devtools/package.json to reduce vulnerabilities
1e9b771 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302883
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302885
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302887
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302889
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302891
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302893
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302895
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302897
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302899
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8310517
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8310519
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8310521
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8352921
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8381010
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8381013
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8604279
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8604281
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8604283
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738830
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738832
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738834
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738839
- https://snyk.io/vuln/SNYK-JS-ELECTRON-9056160
- https://snyk.io/vuln/SNYK-JS-ELECTRON-9486047
- https://snyk.io/vuln/SNYK-JS-ELECTRON-9572084
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6179663
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5462056
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5425841
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515651
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5923343
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6137744
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8186889
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5672160
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5880432
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5596903
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5663563
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6253729
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515650
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707759
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3369913
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5563118
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5596902
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710620
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710626
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5747794
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5747796
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5812138
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5812149
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146929
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146931
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6226524
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6253728
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515649
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515652
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6579648
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613084
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613085
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6854260
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411376
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411377
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411378
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411379
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411381
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411382
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411383
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411386
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411387
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411389
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302877
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411388
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443353
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443354
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443355
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443356
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7577919
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7577921
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8097217
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302881
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5488389
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710514
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6173171
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6261583
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6564965
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707753
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707755
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707756
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707757
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707758
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707760
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8186838
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5885098
- https://snyk.io/vuln/SNYK-JS-DOTPROP-543489
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707754
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146930
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146932
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613086
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5812567
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6043905
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6043907
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6476870
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5425842
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5462008
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5747795
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6405830
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5418305
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5462123
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5596904
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710425
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710556
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710600
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710601
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5710623
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6173170
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411384
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411385
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6105391
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8230426
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302879
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613087
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6346758
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5885041
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5416285
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411390
@snyk-io Snyk.io
Copy link
Author

snyk-io bot commented Apr 23, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

code/snyk check is complete. No issues have been found. (View Details)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants