Resolve deprecations/vulnerabilities frontend #625
Description
Summary
From time to time it's good to check for vulnerabilities and deprecations in our libraries.
Acceptance criteria:
- Run
yarn auditandyarn check— fix the easy wins. - For bigger issues, create separate stories or add comments.
Extra info:
At this time this is the result for yarn check:
yarn check
yarn check v1.22.22
warning "@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/[email protected]"
warning "http-proxy-middleware#debug@^4.3.6" could be deduped from "4.4.3" to "[email protected]"
error "react-json-view#react@^17.0.0 || ^16.3.0 || ^15.5.4" doesn't satisfy found match of "[email protected]"
error "react-json-view#react-dom@^17.0.0 || ^16.3.0 || ^15.5.4" doesn't satisfy found match of "[email protected]"
warning Resolution field "[email protected]" is incompatible with requested version "eslint-plugin-react#semver@^6.3.1"
warning "react-codemirror#prop-types@^15.5.4" could be deduped from "15.8.1" to "[email protected]"
error "react-codemirror#react@>=15.5 <16" doesn't satisfy found match of "[email protected]"
error "react-codemirror#react-dom@>=15.5 <16" doesn't satisfy found match of "[email protected]"
warning "react-copy-to-clipboard#prop-types@^15.5.8" could be deduped from "15.8.1" to "[email protected]"
error "react-copy-to-clipboard#react@^15.3.0 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
error "react-highlight#react@^15.0.0 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
error "react-highlight#react-dom@^15.0.0 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
warning "react-json-pretty#prop-types@^15.6.2" could be deduped from "15.8.1" to "[email protected]"
error "react-modal#react@^0.14.0 || ^15.0.0 || ^16 || ^17" doesn't satisfy found match of "[email protected]"
error "react-modal#react-dom@^0.14.0 || ^15.0.0 || ^16 || ^17" doesn't satisfy found match of "[email protected]"
warning "react-select#prop-types@^15.6.0" could be deduped from "15.8.1" to "[email protected]"
error "react-select#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
error "react-select#react-dom@^16.8.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
error "vite#@types/node@^20.19.0 || >=22.12.0" doesn't satisfy found match of "@types/[email protected]"
warning Resolution field "[email protected]" is incompatible with requested version "vite#yaml@^2.4.2"
error "vitest#@types/node@^20.0.0 || ^22.0.0 || >=24.0.0" doesn't satisfy found match of "@types/[email protected]"
warning "eslint-plugin-react-hooks#@babel/core#debug@^4.1.0" could be deduped from "4.4.3" to "[email protected]"
warning Resolution field "[email protected]" is incompatible with requested version "eslint-plugin-react-hooks#@babel/core#semver@^6.3.1"
warning "react-select#@emotion/react#@emotion/serialize@^1.0.2" could be deduped from "1.1.3" to "@emotion/[email protected]"
error "react-json-view#flux#react@^15.0.2 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
error "react-json-view#react-textarea-autosize#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
warning "react-select#react-transition-group#prop-types@^15.6.2" could be deduped from "15.8.1" to "[email protected]"
warning "@babel/core#@babel/generator#@jridgewell/gen-mapping@^0.3.12" could be deduped from "0.3.13" to "@jridgewell/[email protected]"
warning Resolution field "[email protected]" is incompatible with requested version "@babel/core#@babel/helper-compilation-targets#semver@^6.3.1"
warning "@babel/core#@jridgewell/remapping#@jridgewell/gen-mapping@^0.3.5" could be deduped from "0.3.13" to "@jridgewell/[email protected]"
warning "@types/babel__core#@types/babel__generator#@babel/types@^7.0.0" could be deduped from "7.29.0" to "@babel/[email protected]"
warning "@types/babel__core#@types/babel__template#@babel/parser@^7.1.0" could be deduped from "7.29.0" to "@babel/[email protected]"
warning "@types/babel__core#@types/babel__template#@babel/types@^7.0.0" could be deduped from "7.29.0" to "@babel/[email protected]"
warning "@types/babel__core#@types/babel__traverse#@babel/types@^7.3.0" could be deduped from "7.29.0" to "@babel/[email protected]"
error "@uiw/react-markdown-preview#react-markdown#@types/react@>=18" doesn't satisfy found match of "@types/[email protected]"
error "react-textarea-autosize#use-composed-ref#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
error "react-textarea-autosize#use-latest#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
warning "@emotion/babel-plugin#@babel/helper-module-imports#@babel/types@^7.16.7" could be deduped from "7.29.0" to "@babel/[email protected]"
warning "@types/babel__generator#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/[email protected]"
warning "@types/babel__template#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/[email protected]"
warning "@types/babel__traverse#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/[email protected]"
warning "@jridgewell/remapping#@jridgewell/gen-mapping#@jridgewell/sourcemap-codec@^1.4.10" could be deduped from "1.4.15" to "@jridgewell/[email protected]"
warning "refractor#@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/[email protected]"
warning "remark-gfm#@types/mdast#@types/unist@*" could be deduped from "3.0.2" to "@types/[email protected]"
error "use-latest#use-isomorphic-layout-effect#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "[email protected]"
warning "@babel/helper-module-imports#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/[email protected]"
warning "hastscript#@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/[email protected]"
warning Resolution field "[email protected]" is incompatible with requested version "babel-plugin-macros#cosmiconfig#yaml@^1.10.0"
warning "babel-plugin-macros#resolve#is-core-module@^2.8.1" could be deduped from "2.16.1" to "[email protected]"
warning "mdast-util-mdx-expression#@types/estree-jsx#@types/estree@*" could be deduped from "1.0.5" to "@types/[email protected]"
warning "hast-util-parse-selector#@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/[email protected]"
warning "mdast-util-from-markdown#micromark#debug@^4.0.0" could be deduped from "4.4.3" to "[email protected]"
warning "cosmiconfig#parse-json#@babel/code-frame@^7.0.0" could be deduped from "7.29.0" to "@babel/[email protected]"
warning "babel-plugin-macros#is-core-module#has#function-bind@^1.1.1" could be deduped from "1.1.2" to "[email protected]"
warning "parse-json#@babel/code-frame#@babel/highlight#@babel/helper-validator-identifier@^7.10.4" could be deduped from "7.28.5" to "@babel/[email protected]"
info Found 36 warnings.
error Found 19 errors.
info Visit https://yarnpkg.com/en/docs/cli/check for documentation about this command.
At this time this is the result for yarn audit:
yarn audit
yarn audit v1.22.22
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ eslint > minimatch > brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ eslint > @eslint/config-array > minimatch > brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ jsondiffpatch is vulnerable to Cross-site Scripting (XSS) │
│ │ via HtmlFormatter::nodeBegin │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ jsondiffpatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.7.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jsondiffpatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ jsondiffpatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1108189 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > yargs > string-width > strip-ansi > │
│ │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1094092 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > yargs > cliui > string-width > │
│ │ strip-ansi > ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1094092 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > yargs > cliui > wrap-ansi > │
│ │ string-width > strip-ansi > ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1094092 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ node-fetch forwards secure headers to untrusted sites │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node-fetch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.6.7 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-codemirror │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-codemirror > create-react-class > fbjs > │
│ │ isomorphic-fetch > node-fetch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1095073 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > ejs > jake > minimatch > │
│ │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > ejs > jake > filelist > minimatch > │
│ │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105444 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > temp > rimraf > glob > minimatch > │
│ │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
10 vulnerabilities found - Packages audited: 760
Severity: 5 Low | 1 Moderate | 4 High
✨ Done in 0.55s.