From 7a3cb3ee935f02e7cc4257d2179365ee403e6d48 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Mon, 6 Sep 2021 15:08:18 +0200 Subject: [PATCH 1/2] fix: cvat-core/package.json & cvat-core/package-lock.json to reduce vulnerabilities (#3641) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1579269 --- cvat-core/package-lock.json | 14 +++++++------- cvat-core/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cvat-core/package-lock.json b/cvat-core/package-lock.json index 697ef85b..f0a18dc0 100644 --- a/cvat-core/package-lock.json +++ b/cvat-core/package-lock.json @@ -3785,11 +3785,11 @@ "integrity": "sha512-3YDiu347mtVtjpyV3u5kVqQLP242c06zwDOgpeRnybmXlYYsLbtTrUBUm8i8srONt+FWobl5aibnU1030PeeuA==" }, "axios": { - "version": "0.21.1", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz", - "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==", + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.3.tgz", + "integrity": "sha512-JtoZ3Ndke/+Iwt5n+BgSli/3idTvpt5OjKyoCmz4LX5+lPiY5l7C1colYezhlxThjNa/NhngCUWZSZFypIFuaA==", "requires": { - "follow-redirects": "^1.10.0" + "follow-redirects": "^1.14.0" } }, "babel-code-frame": { @@ -13562,9 +13562,9 @@ } }, "follow-redirects": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.1.tgz", - "integrity": "sha512-SSG5xmZh1mkPGyKzjZP8zLjltIfpW32Y5QpdNJyjcfGxK3qo3NDDkZOZSFiGn1A6SclQxY9GzEwAHQ3dmYRWpg==" + "version": "1.14.3", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.3.tgz", + "integrity": "sha512-3MkHxknWMUtb23apkgz/83fDoe+y+qr0TdgacGIA7bew+QLBo3vdgEN2xEsuXNivpFy4CyDhBBZnNZOtalmenw==" }, "for-in": { "version": "1.0.2", diff --git a/cvat-core/package.json b/cvat-core/package.json index d5abde0a..2ca27952 100644 --- a/cvat-core/package.json +++ b/cvat-core/package.json @@ -39,7 +39,7 @@ "webpack-cli": "^3.3.2" }, "dependencies": { - "axios": "^0.21.1", + "axios": "^0.21.3", "browser-or-node": "^1.2.1", "cvat-data": "../cvat-data", "detect-browser": "^5.2.0", From 6d0042c5dc0dabbe77c0380a8370743f997724e5 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Mon, 6 Sep 2021 15:09:44 +0200 Subject: [PATCH 2/2] fix: upgrade react-cookie from 4.1.0 to 4.1.1 (#3635) Snyk has created this PR to upgrade react-cookie from 4.1.0 to 4.1.1. See this package in npm: https://www.npmjs.com/package/react-cookie See this project in Snyk: https://app.snyk.io/org/cvat/project/c1f463ee-3776-44c4-b0fa-cd2254d0a094?utm_source=github&utm_medium=upgrade-pr --- cvat-ui/package-lock.json | 6 +++--- cvat-ui/package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cvat-ui/package-lock.json b/cvat-ui/package-lock.json index 8e9d0876..f7934f42 100644 --- a/cvat-ui/package-lock.json +++ b/cvat-ui/package-lock.json @@ -54132,9 +54132,9 @@ } }, "react-cookie": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/react-cookie/-/react-cookie-4.1.0.tgz", - "integrity": "sha512-CUq222HHxGPt/XOcQjV/1/5shClAxHlp0pLSbsRfCk/DHgLgREW3TxD0SaZOxaPR4QmTHIEq189zF52c8Vb0lA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/react-cookie/-/react-cookie-4.1.1.tgz", + "integrity": "sha512-ffn7Y7G4bXiFbnE+dKhHhbP+b8I34mH9jqnm8Llhj89zF4nPxPutxHT1suUqMeCEhLDBI7InYwf1tpaSoK5w8A==", "requires": { "@types/hoist-non-react-statics": "^3.0.1", "hoist-non-react-statics": "^3.0.0", diff --git a/cvat-ui/package.json b/cvat-ui/package.json index b7c9181b..5b347dd5 100644 --- a/cvat-ui/package.json +++ b/cvat-ui/package.json @@ -83,7 +83,7 @@ "react": "^16.14.0", "react-awesome-query-builder": "^3.0.0", "react-color": "^2.19.3", - "react-cookie": "^4.1.0", + "react-cookie": "^4.1.1", "react-dom": "^16.14.0", "react-moment": "^1.1.1", "react-redux": "^7.2.4",