Skip to content

[Snyk] Fix for 16 vulnerabilities #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
inputdrive merged 1 commit into from
Dec 9, 2025
Merged

[Snyk] Fix for 16 vulnerabilities #1

inputdrive merged 1 commit into from
Dec 9, 2025

Conversation

@inputdrive
Copy link
Owner

@inputdrive inputdrive commented Dec 9, 2025

snyk-top-banner

Snyk has created this PR to fix 16 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

  • package.json
⚠️ Warning 
Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Improper Authorization
SNYK-JS-NEXT-9508709		   529  
high severity Uncaught Exception
SNYK-JS-MULTER-10185673		   225  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-NEXT-12299318		   192  
high severity Insertion of Sensitive Information Into Sent Data
SNYK-JS-SENTRYNEXTJS-14105054		   190  
high severity Missing Release of Memory after Effective Lifetime
SNYK-JS-MULTER-10185675		   165  
high severity Insertion of Sensitive Information Into Sent Data
SNYK-JS-SENTRYCORE-14105053		   142  
high severity Insertion of Sensitive Information Into Sent Data
SNYK-JS-SENTRYNODECORE-14105055		   142  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   131  
high severity Insecure Default Initialization of Resource
SNYK-JS-MODELCONTEXTPROTOCOLSDK-14171914		   121  
medium severity Interpretation Conflict
SNYK-JS-NODEMAILER-13378253		   89  
medium severity Race Condition
SNYK-JS-NEXT-10176058		   61  
medium severity Prototype Pollution
SNYK-JS-JSYAML-13961110		   49  
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-NEXT-8602067		   49  
medium severity Use of Cache Containing Sensitive Information
SNYK-JS-NEXT-12301496		   44  
low severity Missing Origin Validation in WebSockets
SNYK-JS-NEXT-10259370		   38  
low severity Missing Source Correlation of Multiple Independent Data
SNYK-JS-NEXT-12265451		   33  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Uncaught Exception
🦉 Missing Release of Memory after Effective Lifetime
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json to reduce vulnerabilities
8ec45a5 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
- https://snyk.io/vuln/SNYK-JS-MULTER-10185673
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-SENTRYNEXTJS-14105054
- https://snyk.io/vuln/SNYK-JS-MULTER-10185675
- https://snyk.io/vuln/SNYK-JS-SENTRYCORE-14105053
- https://snyk.io/vuln/SNYK-JS-SENTRYNODECORE-14105055
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-MODELCONTEXTPROTOCOLSDK-14171914
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-13378253
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-NEXT-8602067
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
@inputdrive
Copy link
Owner Author

inputdrive commented Dec 9, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@inputdrive inputdrive merged commit f078aa6 into main Dec 9, 2025
2 checks passed
@inputdrive
Copy link
Owner Author

inputdrive commented Dec 9, 2025

Failed to update the pnpm-lock.yaml, please update manually if ERROR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@inputdrive @snyk-bot