[Snyk] Fix for 5 vulnerabilities #37

MaxMood96 · 2023-11-27T00:12:39Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- docs/_vendor/github.com/jquery/jquery-dist/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 7 commits.

ffa6775 1.4.0
63b2e89 Merge pull request Bump cffi from 1.14.5 to 1.14.6 in /tests nginx/kubernetes-ingress#1728 from gruntjs/update-deps-changelog
106ed17 Update changelog and util dep
49de70b Merge pull request Bump library/nginx from 1.21.0-alpine to 1.21.1-alpine in /build nginx/kubernetes-ingress#1727 from gruntjs/update-deps-apr
47cf8b6 Update CLI and nodeunit
e86db1c Merge pull request Helm chart global client-max-body-size nginx/kubernetes-ingress#1722 from gruntjs/update-through
4952368 Update deps

See the full diff

Package name: grunt-cli

The new version differs by 5 commits.

2293dc5 1.4.0
bbc4400 Update changelog
3fa5bf6 Ignore package-lock
c271173 Update deps, switch to actions (Auto scale workers nginx/kubernetes-ingress#141)
84ebcb8 Bump deps, required node version and ci (Is there an option for default domain completion? nginx/kubernetes-ingress#137)

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 25 commits.

a3f3f34 5.2.1
3c8d904 Update Readme
0850dcd update dependencies (Change version to edge in helm chart nginx/kubernetes-ingress#568)
c27ad5f Bump minimist from 1.2.5 to 1.2.6 (Update docs nginx/kubernetes-ingress#567)
98b4c5f Fix documentation in relation to issue Add configmap keys for Hash Related variables nginx/kubernetes-ingress#565 (Tests for virtual server nginx/kubernetes-ingress#566)
7228446 Bump minimist from 1.2.5 to 1.2.6 (Update dependencies nginx/kubernetes-ingress#563)
e410511 Update deps, v5.1.0 (Remove outdated OpenShift docs nginx/kubernetes-ingress#564)
2cb31be Update uglify-js to v3.15.2 (Make http/https targetPort configurable in charts nginx/kubernetes-ingress#562)
12ca0f2 Fix wording in README.md (Add custom resources nginx/kubernetes-ingress#560)
1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (Release 1.4 nginx/kubernetes-ingress#558)
0e4b1a0 Update uglify-js (Fix links in the docs nginx/kubernetes-ingress#557)
9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (Broken documentation links nginx/kubernetes-ingress#556)
4e83e45 Update UglifyJS to 3.13.3 (Add Ingress Controller Prometheus metrics nginx/kubernetes-ingress#554)
8674feb Bump ini from 1.3.5 to 1.3.8 (Add an example about wildcard cert nginx/kubernetes-ingress#552)
14b71da v5.0.0
9259448 Bump lodash from 4.17.11 to 4.17.19 (Change the condition of pods readiness nginx/kubernetes-ingress#550)
4645446 Bump js-yaml from 3.5.5 to 3.14.0 (Allow adding pod spec annotations to nginx plus daemonset/deployment chart template nginx/kubernetes-ingress#551)
b7bcde4 Delete .travis.yml
cba2631 Delete appveyor.yml
3dc53f0 ini github workflow
f65dbb9 v4.0.1. (Add new tests pipeline - TEST PR - IGNORE nginx/kubernetes-ingress#535)
b33a071 upgrade devDependencies (Add tests project documentation nginx/kubernetes-ingress#536)
1e40037 upgrade to uglify-js 3.5.0 (Add ConfigMap name to values.yaml and allow the option to specify the leader election lock name nginx/kubernetes-ingress#534)
33724cd update links to uglifyJS documentation (Refactor configs package nginx/kubernetes-ingress#530)

See the full diff

Package name: grunt-jsonlint

The new version differs by 33 commits.

0dda66a Ignore coverage report output from publish.
756a4d6 Version 2.0.0
52d2cff Remove the roadmap section since it's all implemented now.
a5e390c Merge pull request [Snyk] Fix for 1 vulnerabilities #32 from prantlf/schema-validator
ab4f80d Merge branch 'schema-validator' of github.com:prantlf/grunt-jsonlint into schema-validator
f6770c5 Merge remote-tracking branch 'upstream/master' into schema-validator
c0796ba fix: Handle schema validation exceptions, which do not contain the location
2a3b6c3 chore: Enable schema validation in unit tests
61c3bf1 chore: Add a negative unit test for schema validation
95dfab0 Code coverage measuring.
81b70eb Merge branch 'master' into schema-validator
e6e86f4 Switch to eslint and update all code styles to comply with airbnb.
4986e90 Test support for node v12.
6cd1fc3 Add @ prantlf to contributors list.
99701bc Drop support for node 4.x. Version 6 or higher is now required.
4949a7d Tidy up documentation.
00682e0 Add negative test.
6076f59 Merge branch 'master' into schema-validator
fe1f19a Merge pull request [Snyk] Security upgrade urllib3 from 1.26.6 to 1.26.17 #33 from prantlf/sort-object-keys
b1ff745 Merge branch 'master' into sort-object-keys
074f025 Merge branch 'master' into schema-validator
ca87aaa Merge pull request [Snyk] Security upgrade gevent from 22.10.2 to 23.9.0 #31 from prantlf/single-quoted-strings
eb3bbad Merge branch 'master' into single-quoted-strings
ddba895 Merge pull request [Snyk] Security upgrade certifi from 2021.5.30 to 2023.7.22 #30 from prantlf/ignore-comments

See the full diff

Package name: jsdom

The new version differs by 250 commits.

74a8d1e Version 16.6.0
f51f2ec Remove the dependency on request
2b6d5ae Update dependencies
b72b33b Disable now-crashing canvas test
39b7972 Handle null and undefined thrown as exceptions
04f6c13 Add ParentNode.replaceChildren() (Update packages for CVEs - 2.4 nginx/kubernetes-ingress#3176)
e4c4004 Version 16.5.3
2f41466 Fix MutationObserver infinite loop bugs (Bump grpcio from 1.49.1 to 1.50.0 in /tests nginx/kubernetes-ingress#3173)
b232f2a Run partially-failing WPTs in the custom-elements directory
35e103e Run partially-failing WPTs in the cors directory
77b660a Run partially-failing WPTs in the FileAPI directory
d8a245f Use `InnerHTML` mixin for `innerHTML` definition (Update DoS CRDs version to v0.9.2 nginx/kubernetes-ingress#2981)
bd50bbe Version 16.5.2
d5cfd69 Fix event handler ObjectEnvironment instantiation
93e3d4a Remove vestigial concurrentNodeIterators option-passing
c92f9c1 Check all associated elements for form validity
2202703 Fix failing WPTs calculation
21c7671 Upgrade dependencies
c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
a13d854 Use WeakRefs for NodeIterator tracking when supported
fdf97d8 Fix radio/checkbox to not fire events when disconnected
761d8cc Refactor <output>
b36d418 Make customElements.whenDefined() resolve with the constructor
c5d13bb Remove a variety of redundant to-port tests