[Snyk] Upgrade: , , , core-js, nuxt

[adrientaudiere]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@fortawesome/fontawesome-svg-core
from 1.2.35 to 1.2.36 | 1 version ahead of your current version | 3 years ago
on 2021-08-04
@fortawesome/free-brands-svg-icons
from 5.15.3 to 5.15.4 | 1 version ahead of your current version | 3 years ago
on 2021-08-04
@fortawesome/free-solid-svg-icons
from 5.15.3 to 5.15.4 | 1 version ahead of your current version | 3 years ago
on 2021-08-04
core-js
from 3.9.1 to 3.38.1 | 90 versions ahead of your current version | 25 days ago
on 2024-08-20
nuxt
from 2.15.3 to 2.18.1 | 16 versions ahead of your current version | 3 months ago
on 2024-06-28

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	586	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	586	Proof of Concept
	Information Exposure SNYK-JS-PARSEURL-2935947	586	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	586	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	586	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	586	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	586	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	586	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	586	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	586	Proof of Concept
	Improper Input Validation SNYK-JS-PARSEURL-3024398	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	586	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	586	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	586	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	586	Proof of Concept
	Information Exposure SNYK-JS-NANOID-2332193	586	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	586	Proof of Concept

Release notes

Package name: @fortawesome/fontawesome-svg-core

• 1.2.36 - 2021-08-04
• 1.2.35 - 2021-03-16

from @fortawesome/fontawesome-svg-core GitHub release notes

Package name: @fortawesome/free-brands-svg-icons

• 5.15.4 - 2021-08-04
• 5.15.3 - 2021-03-16

from @fortawesome/free-brands-svg-icons GitHub release notes

Package name: @fortawesome/free-solid-svg-icons

• 5.15.4 - 2021-08-04
• 5.15.3 - 2021-03-16

from @fortawesome/free-solid-svg-icons GitHub release notes

Package name: core-js

• 3.38.1 - 2024-08-20
  
  • Changes v3.38.0...v3.38.1
  • Fixed some cases of URLSearchParams percent decoding, #1357, #1361, thanks @ slowcheetah
  • Some stylistic changes and minor optimizations
  • Compat data improvements:
    • Iterator helpers proposal methods marked as shipped from FF131
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from Bun 1.1.23
    • RegExp.escape marked as shipped from Bun 1.1.22
    • Promise.try marked as shipped from Bun 1.1.22
    • Uint8Array to / from base64 and hex proposal methods marked as shipped from Bun 1.1.22
    • Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
    • Added Opera Android 84 compat data mapping
• 3.38.0 - 2024-08-04
  
  • Changes v3.37.1...v3.38.0
  • RegExp.escape proposal:
    • Built-ins:
      • RegExp.escape
    • Moved to stage 3, June 2024 and July 2024 TC39 meetings
    • Updated the way of escaping, regex-escaping/77
    • Throw an error on non-strings, regex-escaping/58
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Promise.try proposal:
    • Built-ins:
      • Promise.try
    • Moved to stage 3, June 2024 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Uint8Array to / from base64 and hex stage 3 proposal:
    • Built-ins:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.setFromBase64
      • Uint8Array.prototype.setFromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
    • Added Uint8Array.prototype.{ setFromBase64, setFromHex } methods
    • Added Uint8Array.fromBase64 and Uint8Array.prototype.setFromBase64 lastChunkHandling option, proposal-arraybuffer-base64/33
    • Added Uint8Array.prototype.toBase64 omitPadding option, proposal-arraybuffer-base64/60
    • Added throwing a TypeError on arrays backed by detached buffers
    • Unconditional forced replacement changed to feature detection
  • Fixed RegExp named capture groups polyfill in combination with non-capturing groups, #1352, thanks @ Ulop
  • Improved some cases of environment detection
  • Uses process.getBuiltinModule for getting built-in NodeJS modules where it's available
  • Uses https instead of http in URL constructor feature detection to avoid extra notifications from some overly vigilant security scanners, #1345
  • Some minor optimizations
  • Updated browserslist in core-js-compat dependencies that fixes an upstream issue with incorrect interpretation of some browserslist queries, #1344, browserslist/829, browserslist/836
  • Compat data improvements:
    • Added Safari 18.0 compat data:
      • Fixed Object.groupBy and Map.groupBy to work for non-objects
      • Fixed throwing a RangeError if Set methods are called on an object with negative size property
      • Fixed Set.prototype.symmetricDifference to call this.has in each iteration
      • Fixed Array.fromAsync to not call the Array constructor twice
      • Added URL.parse
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from FF129
    • Symbol.asyncDispose added and marked as supported from V8 ~ Chromium 127
    • Promise.try added and marked as supported from V8 ~ Chromium 128
    • Added Deno 1.44 and 1.45 compat data mapping
    • self descriptor is broken in Deno 1.45.3 (again)
    • Added Electron 32 and 33 compat data mapping
    • Added Opera Android 83 compat data mapping
    • Added Samsung Internet 27 compat data mapping
    • Added Oculus Quest Browser 34 compat data mapping
• 3.37.1 - 2024-05-14
  
  • Changes v3.37.0...v3.37.1
  • Fixed URL.parse feature detection for some specific cases
  • Compat data improvements:
    • Set methods proposal added and marked as supported from FF 127
    • Symbol.dispose added and marked as supported from V8 ~ Chromium 125
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } added and marked as supported from Deno 1.43
    • URL.parse added and marked as supported from Chromium 126
    • URL.parse added and marked as supported from NodeJS 22.0
    • URL.parse added and marked as supported from Deno 1.43
    • Added Rhino 1.7.15 compat data, many features marked as supported
    • Added NodeJS 22.0 compat data mapping
    • Added Deno 1.43 compat data mapping
    • Added Electron 31 compat data mapping
    • Updated Opera Android 82 compat data mapping
    • Added Samsung Internet 26 compat data mapping
    • Added Oculus Quest Browser 33 compat data mapping
• 3.37.0 - 2024-04-16
  
  • Changes v3.36.1...v3.37.0
  • New Set methods proposal:
    • Built-ins:
      • Set.prototype.intersection
      • Set.prototype.union
      • Set.prototype.difference
      • Set.prototype.symmetricDifference
      • Set.prototype.isSubsetOf
      • Set.prototype.isSupersetOf
      • Set.prototype.isDisjointFrom
    • Moved to stable ES, April 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Explicit Resource Management stage 3 proposal
    • Some minor updates like explicit-resource-management/217
  • Added Math.sumPrecise stage 2.7 proposal:
    • Built-ins:
      • Math.sumPrecise
  • Promise.try proposal:
    • Built-ins:
      • Promise.try
    • Added optional arguments support, promise-try/16
    • Moved to stage 2.7, April 2024 TC39 meeting
  • RegExp.escape stage 2 proposal:
    • Moved to hex-escape semantics, regex-escaping/67
      • It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
  • Pattern matching stage 1 proposal:
    • Built-ins:
      • Symbol.customMatcher
    • Once again, the used well-known symbol was renamed
    • Added new entries for that
  • Added Extractors stage 1 proposal:
    • Built-ins:
      • Symbol.customMatcher
    • Since the Symbol.customMatcher well-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposal
  • Added URL.parse, url/825
  • Engines bugs fixes:
    • Added a fix of Safari { Object, Map }.groupBy bug that does not support iterable primitives
    • Added a fix of Safari bug with double call of constructor in Array.fromAsync
  • Compat data improvements:
    • URL.parse added and marked as supported from FF 126
    • URL.parse added and marked as supported from Bun 1.1.4
    • URL.canParse fixed and marked as supported from Bun 1.1.0
    • New Set methods fixed in JavaScriptCore and marked as supported from Bun 1.1.1
    • Added Opera Android 82 compat data mapping
• 3.36.1 - 2024-03-19
  
  • Changes v3.36.0...v3.36.1
  • Fixed some validation cases in Object.setPrototypeOf, #1329, thanks @ minseok-choe
  • Fixed the order of validations in Array.from, #1331, thanks @ minseok-choe
  • Added a fix of Bun queueMicrotask arity
  • Added a fix of Bun URL.canParse arity
  • Added a fix of Bun SuppressedError extra arguments support and arity
  • Compat data improvements:
    • value argument of URLSearchParams.prototype.{ has, delete } marked as supported from Bun 1.0.31
    • Added React Native 0.74 Hermes compat data, Array.prototype.{ toSpliced, toReversed, with } and atob marked as supported
    • Added Deno 1.41.3 compat data mapping
    • Added Opera Android 81 compat data mapping
    • Added Samsung Internet 25 compat data mapping
    • Added Oculus Quest Browser 32 compat data mapping
    • Updated Electron 30 compat data mapping
• 3.36.0 - 2024-02-14
  
  • ArrayBuffer.prototype.transfer and friends proposal:
    • Built-ins:
      • ArrayBuffer.prototype.detached
      • ArrayBuffer.prototype.transfer
      • ArrayBuffer.prototype.transferToFixedLength
    • Moved to stable ES, Febrary 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Uint8Array to / from base64 and hex proposal:
    • Methods:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
    • Moved to stage 3, Febrary 2024 TC39 meeting
    • Added /actual/ namespace entries
    • Skipped adding new methods of writing to existing arrays to clarification some moments
  • Promise.try proposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meeting
  • Added an entry point for the new TC39 proposals stage - core-js/stage/2.7 - still empty
  • Fixed regression in Set.prototype.intersection feature detection
  • Fixed a missed check in Array.prototype.{ indexOf, lastIndexOf, includes }, #1325, thanks @ minseok-choe
  • Fixed a missed check in Array.prototype.{ reduce, reduceRight }, #1327, thanks @ minseok-choe
  • Fixed Array.from and some other methods with proxy targets, #1322, thanks @ minseok-choe
  • Fixed dependencies loading for modules from ArrayBuffer.prototype.transfer and friends proposal in some specific cases in IE10-
  • Dropped context workaround from collection static methods entries since with current methods semantic it's no longer required
  • Added instance methods polyfills to entries of collections static methods that produce collection instances
  • Added missed Date.prototype.toJSON to JSON.stringify entries dependencies
  • Added debugging info in some missed cases
  • Compat data improvements:
    • { Map, Object }.groupBy, Promise.withResolvers, ArrayBuffer.prototype.transfer and friends marked as supported from Safari 17.4
    • New Set methods fixed and marked as supported from V8 ~ Chrome 123
    • Added Deno 1.40 compat data mapping
    • Symbol.metadata marked as supported from Deno 1.40.4
    • Updated Electron 30 compat data mapping
• 3.35.1 - 2024-01-20
  
  • Fixed internal ToLength operation with bigints, #1318
  • Removed significant redundant code from String#split polyfill
  • Fixed setting names of methods with symbol keys in some old engines
  • Minor fix of prototype methods export logic in the pure version
  • Compat data improvements:
    • Iterator helpers proposal methods marked as supported from V8 ~ Chrome 122
    • Note that V8 ~ Chrome 122 add Set methods, but they have a bug similar to Safari
    • self marked as fixed from Bun 1.0.22
    • SuppressedError and Symbol.{ dispose, asyncDispose } marked as supported from Bun 1.0.23
    • Added Oculus Quest Browser 31 compat data mapping
    • Updated Electron 29 and added Electron 30 compat data mapping
• 3.35.0 - 2023-12-28
  
  • { Map, Set, WeakMap, WeakSet }.{ from, of } became non-generic, following this and some other notes. Now they can be invoked without this, but no longer return subclass instances
  • Fixed handling some cases of non-enumerable symbol keys from Symbol polyfill
  • Removed unneeded NodeJS domains-related logic from queueMicrotask polyfill
  • Fixed subclassing of wrapped ArrayBuffer
  • Refactoring, many different minor optimizations
  • Compat data improvements:
    • Array.fromAsync marked as supported from V8 ~ Chrome 121
    • It seems that the ancient Array.prototype.push bug is fixed in V8 ~ Chrome 122 (Hallelujah!)
    • ArrayBuffer.prototype.transfer and friends proposal features marked as supported from FF 122 and Bun 1.0.19
    • Object.groupBy and Map.groupBy marked as supported from Bun 1.0.19
    • Since Iterator helpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37
    • Added Opera Android 80 and updated Opera Android 79 compat data mapping
    • Added Samsung Internet 24 compat data mapping
• 3.34.0 - 2023-12-05
  
  • Array grouping proposal:
    • Methods:
      • Object.groupBy
      • Map.groupBy
    • Moved to stable ES, November 2023 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Promise.withResolvers proposal:
    • Method:
      • Promise.withResolvers
    • Moved to stable ES, November 2023 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Fixed a web incompatibility issue of Iterator helpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meeting
  • Added Uint8Array to / from base64 and hex stage 2 proposal:
    • Methods:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
  • Relaxed some specific cases of Number.fromString validation before clarification of proposal-number-fromstring/24
  • Fixed @@ toStringTag property descriptors on DOM collections, #1312
  • Fixed the order of arguments validation in Array iteration methods, #1313
  • Some minor atob / btoa improvements
  • Compat data improvements:
    • Promise.withResolvers marked as shipped from FF121
• 3.33.3 - 2023-11-19
• 3.33.2 - 2023-10-30
• 3.33.1 - 2023-10-20
• 3.33.0 - 2023-10-01
• 3.32.2 - 2023-09-07
• 3.32.1 - 2023-08-18
• 3.32.0 - 2023-07-27
• 3.31.1 - 2023-07-06
• 3.31.0 - 2023-06-11
• 3.30.2 - 2023-05-06
• 3.30.1 - 2023-04-13
• 3.30.0 - 2023-04-03
• 3.29.1 - 2023-03-13
• 3.29.0 - 2023-02-26
• 3.28.0 - 2023-02-13
• 3.27.2 - 2023-01-18
• 3.27.1 - 2022-12-29
• 3.27.0 - 2022-12-25
• 3.26.1 - 2022-11-13
• 3.26.0 - 2022-10-23
• 3.25.5 - 2022-10-03
• 3.25.4 - 2022-10-02
• 3.25.3 - 2022-09-25
• 3.25.2 - 2022-09-18
• 3.25.1 - 2022-09-07
• 3.25.0 - 2022-08-24
• 3.24.1 - 2022-07-29
• 3.24.0 - 2022-07-25
• 3.23.5 - 2022-07-17
• 3.23.4 - 2022-07-09
• 3.23.3 - 2022-06-25
• 3.23.2 - 2022-06-20
• 3.23.1 - 2022-06-14
• 3.23.0 - 2022-06-13
• 3.22.8 - 2022-06-01
• 3.22.7 - 2022-05-24
• 3.22.6 - 2022-05-22
• 3.22.5 - 2022-05-10
• 3.22.4 - 2022-05-02
• 3.22.3 - 2022-04-28
• 3.22.2 - 2022-04-21
• 3.22.1 - 2022-04-19
• 3.22.0 - 2022-04-15
• 3.21.1 - 2022-02-16
• 3.21.0 - 2022-02-01
• 3.20.3 - 2022-01-15
• 3.20.2 - 2022-01-01
• 3.20.1 - 2021-12-23
• 3.20.0 - 2021-12-15
• 3.19.3 - 2021-12-06
• 3.19.2 - 2021-11-29
• 3.19.1 - 2021-11-02
• 3.19.0 - 2021-10-25
• 3.18.3 - 2021-10-12
• 3.18.2 - 2021-10-05
• 3.18.1 - 2021-09-26
• 3.18.0 - 2021-09-19
• 3.17.3 - 2021-09-09
• 3.17.2 - 2021-09-02
• 3.17.1 - 2021-09-01
• 3.17.0 - 2021-09-01
• 3.16.4 - 2021-08-29
• 3.16.3 - 2021-08-24
• 3.16.2 - 2021-08-17
• 3.16.1 - 2021-08-08
• 3.16.0 - 2021-07-30
• 3.15.2 - 2021-06-29
• 3.15.1 - 2021-06-22
• 3.15.0 - 2021-06-20
• 3.14.0 - 2021-06-05
• 3.13.1 - 2021-05-29
• 3.13.0 - 2021-05-25
• 3.12.1 - 2021-05-08
• 3.12.0 - 2021-05-06
• 3.11.3 - 2021-05-05
• 3.11.2 - 2021-05-03
• 3.11.1 - 2021-04-28
• 3.11.0 - 2021-04-22
• 3.10.2 - 2021-04-19
• 3.10.1 - 2021-04-07
• 3.10.0 - 2021-03-31
• 3.9.1 - 2021-02-28

from core-js GitHub release notes

Package name: nuxt

• 2.18.1 - 2024-06-28
  

  👉 Changelog

  compare changes

  🩹 Fixes

  • webpack: Depend on earlier version of mkdirp (f67056b9e)

  ❤️ Contributors

  • Daniel Roe (@ danielroe)
• 2.18.0 - 2024-06-27
  

  👉 Changelog

  compare changes

  🚀 Enhancements

  • webpack: Migrate to memfs (#27652)

  🩹 Fixes

  • vue-app: Don't throw if we can't read sessionStorage (#27662)
  • config: Add back md4 monkey-patch for wider ecosystem (#27865)

  🏡 Chore

  • Bump internal versions (9e829b59a)
  • Add non-applicable advisory GHSA-3h5v-q93c-6h6q (5ef7311f0)

  ❤️ Contributors

  • Daniel Roe (@ danielroe)
• 2.17.4 - 2024-06-14
  

  👉 Changelog

  compare changes

  🩹 Fixes

  • types: Bump serve-static types to v1.15.7 (1c44c376d)
  • generator: Use maintained html-minifier-terser (#26914)
  • vue-app: Prevent double page mount (#10874)
  • core: Don't skip loading runtime modules if one is improperly resolved (#10193)
  • vue-app: Prevent error page mounting twice (#27484)

  🏡 Chore

  • Update repository field for @ nuxt/config (c283cc039)
  • Mark GHSA-2p57-rm9w-gvfp as not applicable (4782e3c90)
  • Update repository urls (07668eafb)
  • Mark GHSA-grv7-fg5c-xmjg as not applicable (eeb6207c9)
  • Refresh yarn lockfile (#27612)

  ✅ Tests

  • Properly close page in e2e tests (1700aa131)
  • Wait for navigation in redirect test (e74715606)
  • Don't register promise in external nav (#27468)

  🤖 CI

  • Add label PR workflow (#25580)
  • Make edge releases on commit basis (1eb08d1ba)
  • Remove ref for release workflows (06f91349f)
  • Don't skip tests from branch named dev (2a5d05257)
  • Update test conditions (940fc7dcb)

  ❤️ Contributors

  • Dmitriy (@ Kolobok12309)
  • Ivan Ehreshi (@ IvanEh)
  • Daniel Roe (@ danielroe)
  • Damian Głowala (@ DamianGlowala)
• 2.17.3 - 2024-01-12
• 2.17.2 - 2023-10-24
• 2.17.1 - 2023-07-14
• 2.17.0 - 2023-06-09
• 2.16.3 - 2023-03-17
• 2.16.2 - 2023-03-01
• 2.16.1 - 2023-02-13
• 2.16.0 - 2023-02-03
• 2.15.8 - 2021-08-11
• 2.15.7 - 2021-06-14
• 2.15.6 - 2021-05-12
• 2.15.5 - 2021-05-09
• 2.15.4 - 2021-04-01
• 2.15.3 - 2021-03-10

from nuxt GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"fortawesome/fontawesome-svg-core","to":"fortawesome/fontawesome-svg-core"},{"name":"","from":"fortawesome/free-brands-svg-icons","to":"fortawesome/free-brands-svg-icons"},{"name":"","from":"fortawesome/free-solid-svg-icons","to":"fortawesome/free-solid-svg-icons"},{"name":"core-js","from":"3.9.1","to":"3.38.1"},{"name":"nuxt","from":"2.15.3","to":"2.18.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIHTML-1296849","issue_id":"SNYK-JS-ANSIHTML-1296849","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BROWSERSLIST-1090194","issue_id":"SNYK-JS-BROWSERSLIST-1090194","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-2935944","issue_id":"SNYK-JS-PARSEURL-2935944","priority_score":591,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-2935947","issue_id":"SNYK-JS-PARSEURL-2935947","priority_score":561,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","issue_id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":691,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SHELLQUOTE-1766506","issue_id":"SNYK-JS-SHELLQUOTE-1766506","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NTHCHECK-1586032","issue_id":"SNYK-JS-NTHCHECK-1586032","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEPATH-2936439","issue_id":"SNYK-JS-PARSEPATH-2936439","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Authorization Bypass Through User-Controlled Key"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UGLIFYJS-1727251","issue_id":"SNYK-JS-UGLIFYJS-1727251","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ISSVG-1085627","issue_id":"SNYK-JS-ISSVG-1085627","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ISSVG-1243891","issue_id":"SNYK-JS-ISSVG-1243891","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTMLMINIFIER-3091181","issue_id":"SNYK-JS-HTMLMINIFIER-3091181","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-2942134","issue_id":"SNYK-JS-PARSEURL-2942134","priority_score":591,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-3023021","issue_id":"SNYK-JS-PARSEURL-3023021","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-3024398","issue_id":"SNYK-JS-PARSEURL-3024398","priority_score":571,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5","score":250},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PATHPARSE-1077067","issue_id":"SNYK-JS-PATHPARSE-1077067","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-POSTCSS-1090595","issue_id":"SNYK-JS-POSTCSS-1090595","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-POSTCSS-1255640","issue_id":"SNYK-JS-POSTCSS-1255640","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEND-7926862","issue_id":"SNYK-JS-SEND-7926862","priority_score":391,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERVESTATIC-7926865","issue_id":"SNYK-JS-SERVESTATIC-7926865","priority_score":391,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-2936249","issue_id":"SNYK-JS-PARSEURL-2936249","priority_score":791,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.4","score":470},{"type":"scoreVersion","label":"v1","score":1}],"severity":"cr...