Skip to content

[Snyk] Fix for 91 vulnerabilities#12

Merged
hashim21223445 merged 1 commit into
canaryfrom
snyk-fix-35c9e88f660ae9d5527fbc0ec301dbd9
Aug 24, 2025
Merged

[Snyk] Fix for 91 vulnerabilities#12
hashim21223445 merged 1 commit into
canaryfrom
snyk-fix-35c9e88f660ae9d5527fbc0ec301dbd9

Conversation

@hashim21223445
Copy link
Copy Markdown
Owner

@hashim21223445 hashim21223445 commented Aug 24, 2025

snyk-top-banner

Snyk has created this PR to fix 91 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Incorrect Calculation of Buffer Size
SNYK-JS-ELECTRON-10906462		   1000  
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302899		   1000  
medium severity Improper Isolation or Compartmentalization
SNYK-JS-ELECTRON-9572084		   686  
high severity Privilege Context Switching Error
SNYK-JS-ELECTRON-6854260		   406  
medium severity Race Condition
SNYK-JS-ELECTRON-7707754		   403  
critical severity Type Confusion
SNYK-JS-ELECTRON-6515651		   402  
critical severity Type Confusion
SNYK-JS-ELECTRON-8186889		   399  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-6613086		   276  
critical severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-11023267		   272  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8604279		   268  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8604283		   267  
high severity Use After Free
SNYK-JS-ELECTRON-8381010		   266  
high severity Out-of-Bounds
SNYK-JS-ELECTRON-6564965		   265  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-8230426		   265  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302893		   265  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302895		   265  
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302897		   265  
high severity Use After Free
SNYK-JS-ELECTRON-11023258		   264  
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-11023263		   264  
high severity Use After Free
SNYK-JS-ELECTRON-11502178		   264  
high severity Type Confusion
SNYK-JS-ELECTRON-8097217		   264  
high severity Type Confusion
SNYK-JS-ELECTRON-8186838		   264  
high severity Use After Free
SNYK-JS-ELECTRON-8302881		   264  
high severity External Control of Assumed-Immutable Web Parameter
SNYK-JS-ELECTRON-8302883		   264  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8302885		   264  
high severity Use After Free
SNYK-JS-ELECTRON-8302887		   264  
critical severity Out-of-Bounds Write
SNYK-JS-ELECTRON-8302889		   264  
high severity Type Confusion
SNYK-JS-ELECTRON-8302891		   264  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8310517		   264  
medium severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-8310519		   264  
medium severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-8352921		   264  
high severity Use After Free
SNYK-JS-ELECTRON-8604281		   264  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8738830		   264  
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8738832		   264  
high severity Use After Free
SNYK-JS-ELECTRON-8738834		   264  
high severity Use After Free
SNYK-JS-ELECTRON-9056160		   264  
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-9486047		   264  
medium severity Information Exposure
SNYK-JS-ELECTRON-10188824		   260  
high severity Use After Free
SNYK-JS-ELECTRON-6261583		   248  
critical severity Out-of-bounds Read
SNYK-JS-ELECTRON-7707759		   245  
critical severity Use After Free
SNYK-JS-ELECTRON-6253729		   244  
critical severity Use After Free
SNYK-JS-ELECTRON-6515650		   244  
high severity Improper Restriction of Operations within the Bounds of a Memory Buffer
SNYK-JS-ELECTRON-6579648		   242  
high severity Out-of-Bounds Write
SNYK-JS-ELECTRON-7411381		   242  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-8302877		   242  
high severity Improper Access Control
SNYK-JS-ELECTRON-8310521		   242  
high severity Use After Free
SNYK-JS-ELECTRON-7411376		   239  
high severity Use After Free
SNYK-JS-ELECTRON-7411382		   239  
high severity Use After Free
SNYK-JS-ELECTRON-6515652		   238  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-6613085		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7411377		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7411378		   238  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7411379		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7411386		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7411388		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7443355		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7443356		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7707753		   238  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7707756		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7707757		   238  
high severity Use After Free
SNYK-JS-ELECTRON-7707760		   238  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-6253728		   237  
high severity Use After Free
SNYK-JS-ELECTRON-6515649		   237  
high severity Use After Free
SNYK-JS-ELECTRON-6613084		   237  
high severity Type Confusion
SNYK-JS-ELECTRON-7411383		   237  
high severity Use After Free
SNYK-JS-ELECTRON-7443353		   237  
high severity Use After Free
SNYK-JS-ELECTRON-7443354		   237  
high severity Use After Free
SNYK-JS-ELECTRON-7577919		   237  
high severity Use After Free
SNYK-JS-ELECTRON-7577921		   237  
high severity Use After Free
SNYK-JS-ELECTRON-7707755		   237  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-7707758		   237  
high severity Function Call with Incorrectly Specified Arguments
SNYK-JS-ELECTRON-10245168		   232  
medium severity Integer Overflow or Wraparound
SNYK-JS-ELECTRON-6613087		   218  
high severity Use After Free
SNYK-JS-ELECTRON-6226524		   213  
medium severity Type Confusion
SNYK-JS-ELECTRON-8302879		   195  
high severity NULL Pointer Dereference
SNYK-JS-ELECTRON-6476870		   191  
high severity Use After Free
SNYK-JS-ELECTRON-7411387		   190  
high severity Denial of Service (DoS)
SNYK-JS-ELECTRON-6405830		   189  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7411384		   178  
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-7411385		   178  
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-7411389		   171  
medium severity Integer Overflow or Wraparound
SNYK-JS-ELECTRON-11023254		   162  
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8738839		   162  
medium severity Type Confusion
SNYK-JS-ELECTRON-7411390		   151  
medium severity Access Restriction Bypass
SNYK-JS-ELECTRON-8381013		   144  
medium severity Use After Free
SNYK-JS-ELECTRON-6346758		   142  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   131  
medium severity Symlink Attack
SNYK-JS-TMP-11501554		   130  
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-10568318		   122  
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531		   114  
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		   57  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Use After Free
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json to reduce vulnerabilities
e210036 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-10906462
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302899
- https://snyk.io/vuln/SNYK-JS-ELECTRON-9572084
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6854260
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707754
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515651
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8186889
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613086
- https://snyk.io/vuln/SNYK-JS-ELECTRON-11023267
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8604279
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8604283
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8381010
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6564965
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8230426
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302893
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302895
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302897
- https://snyk.io/vuln/SNYK-JS-ELECTRON-11023258
- https://snyk.io/vuln/SNYK-JS-ELECTRON-11023263
- https://snyk.io/vuln/SNYK-JS-ELECTRON-11502178
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8097217
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8186838
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302881
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302883
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302885
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302887
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302889
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302891
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8310517
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8310519
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8352921
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8604281
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738830
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738832
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738834
- https://snyk.io/vuln/SNYK-JS-ELECTRON-9056160
- https://snyk.io/vuln/SNYK-JS-ELECTRON-9486047
- https://snyk.io/vuln/SNYK-JS-ELECTRON-10188824
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6261583
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707759
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6253729
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515650
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6579648
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411381
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302877
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8310521
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411376
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411382
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515652
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613085
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411377
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411378
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411379
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411386
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411388
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443355
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443356
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707753
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707756
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707757
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707760
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6253728
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6515649
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613084
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411383
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443353
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7443354
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7577919
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7577921
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707755
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7707758
- https://snyk.io/vuln/SNYK-JS-ELECTRON-10245168
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6613087
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6226524
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8302879
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6476870
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411387
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6405830
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411384
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411385
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411389
- https://snyk.io/vuln/SNYK-JS-ELECTRON-11023254
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8738839
- https://snyk.io/vuln/SNYK-JS-ELECTRON-7411390
- https://snyk.io/vuln/SNYK-JS-ELECTRON-8381013
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6346758
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-TMP-11501554
- https://snyk.io/vuln/SNYK-JS-ELECTRON-10568318
- https://snyk.io/vuln/SNYK-JS-IP-7148531
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
@semanticdiff-com
Copy link
Copy Markdown

semanticdiff-com Bot commented Aug 24, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  package.json  10% smaller

@snyk-io
Copy link
Copy Markdown

snyk-io Bot commented Aug 24, 2025

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

@hashim21223445 hashim21223445 self-assigned this Aug 24, 2025
@hashim21223445 hashim21223445 added merge when passing Merge the PR automatically once all status checks have passed patch version Automatically create a new patch version tag after PR is merged minor version Automatically create a new minor version tag after PR is merged major version Automatically create a new major version tag after PR is merged dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code github_actions Pull requests that update GitHub Actions code labels Aug 24, 2025
@hashim21223445 hashim21223445 added this to the Andoka Xx milestone Aug 24, 2025
@hashim21223445 hashim21223445 merged commit 17e1d6f into canary Aug 24, 2025
5 of 11 checks passed
@hashim21223445 hashim21223445 deleted the snyk-fix-35c9e88f660ae9d5527fbc0ec301dbd9 branch August 24, 2025 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@hashim21223445 hashim21223445

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code javascript Pull requests that update javascript code major version Automatically create a new major version tag after PR is merged merge when passing Merge the PR automatically once all status checks have passed minor version Automatically create a new minor version tag after PR is merged patch version Automatically create a new patch version tag after PR is merged

Projects

None yet

Milestone

Andoka Xx

Development

Successfully merging this pull request may close these issues.

2 participants

@hashim21223445 @snyk-bot