[Snyk] Upgrade classnames from 2.2.6 to 2.3.1 #23

snyk-bot · 2021-05-25T23:32:34Z

Snyk has created this PR to upgrade classnames from 2.2.6 to 2.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 2 versions ahead of your current version.
The recommended version was released 2 months ago, on 2021-04-02.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-OBJECTPATH-1017036	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: classnames

2.3.1 - 2021-04-02
2.3.1
2.3.0 - 2021-04-01
v2.3.0
2.2.6 - 2018-06-08
v2.2.6

from classnames GitHub release notes

Commit messages

Package name: classnames

667f0ea 2.3.1
1140a0d Bump browserify devDependency (cont)
0e64fe8 Fix bind types
77fd7e0 Export default for dedupe
7dc67bd Bump browserify devDependency
ee5a710 Merge pull request #234 from remcohaszing/fix-argument-types
560cc18 Merge pull request #232 from remcohaszing/fix-types
eed5f71 Fix value types
e953107 Remove named exports from type definitions
f2379c3 v2.3.0
958203b Updating changelog for 2.3.0
e4b1576 Remove Node 9 (broken)
1432ad1 Merge pull request #229 from JedWatson/cleanup
6c684f8 Remove 'Class' prefix on types, and mappings are non-strict
9382ce0 Re-order types, with recursive definitions at the end
f918536 Fix indentation
6ee7f72 Remove open-cli
7c73e81 bump devDependencies
da5b7e6 Change default branch to String.toString
a8593b2 Fix indentation
c866e9b Merge pull request #196 from xobotyi/types-definition-improvements
d85b18a Merge branch 'master' into types-definition-improvements
33363a4 Merge pull request #228 from JedWatson/dependabot/npm_and_yarn/acorn-6.4.2
394005f Merge pull request #217 from JedWatson/dependabot/npm_and_yarn/benchmarks/lodash-4.17.19