[Snyk] Fix for 8 vulnerabilities #36

awaisab172 · 2023-11-28T17:28:45Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- src/mapboxgl/package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: canvg

The new version differs by 100 commits.

98a12cb Merge pull request #712 from canvg/2.0.0
9eb51a5 rm beta
435d906 npm audit
4b9dee3 build
088abbe wip
d04bb60 Merge pull request #710 from IronGeek/issue_709
c2b43c6 fix build
67e33ec Merge pull request #711 from canvg/fix_build
4a9c313 lock node version
4eb5337 Parse number with scientific notation
fbebf8e Merge pull request #707 from fargyriou/702-font-parsing
55d67f0 Issue 702: Fixed font parsing when defined as "font" and not through font properties
cef40f0 Merge pull request #689 from canvg/2.0.0-beta.1
aa8e62e 2.0.0-beta.1
4497122 Merge pull request #684 from bz2/browser_optional
2d75e00 Update docs for 2.0 dependency changes
a98c42d Support browser dist without canvas dependency
f79c146 Merge pull request #687 from canvg/dgorbash_master
d9a772e adding test
fe49c3b Merge branch 'textPath_support'
fecc100 Backport upstream/master, minor code format fix
79c85e5 Sync master with upstream
f236319 Merge pull request #678 from canvg/beta_readme
b9c9223 spacing

Package name: mapbox-gl

The new version differs by 250 commits.

9df0494 v1.10.0 (#9634)
4632600 Reverse tap-drag-zoom direction (#9618) (#9633)
ffd5b5d Documentation improvements sprint (#9607) (#9629)
a60e952 Add changelog for 1.10.0 (#9542)
65b914d update changlogs to add 1.9.1 and style-spec@v13.13.1 (#9541)
5be4ca3 fix mapTouchEvent.point for touchend events (#9536)
516f44f export isExpressionFilter from spec (#9530) (#9534)
388424a [master] Fix style-spec isolation for within expression (#9522)
f4c148f fix #9519 click map event on touch devices (#9526)
3f08a28 Fix for issue 9518 (#9520)
acb48ab remove handler event listeners when map is removed (#9508) (#9517)
97037a4 fix DragRotateHandler#isActive (#9511) (#9515)
164b0be refactor and expand gesture handling (#9365)
6088941 Remove docs pages from .gitignore file (#9504)
c10c618 Add methods to mapboxgl namespace to allow preloading of workers. (#9391)
e7deb5c Fix several listener leaks in popups (#9498)
d912efb Allow client to retry RTLTextPlugin load after NetworkError (#9489)
274d215 Add `slice` and `index-of` expressions (#9450)
469b9ff Ensure each tile symbol tile uses its own unique Program based on its state (#9493)
cfc57d7 fix documented type of the locale option to Map (#9486)
0a7ecc5 Update per mdn webgl recommendations (#9474)
928f3dd optimize tail calls in feature state sorting (#9463)
2faf0ab Fix pattern attributes vertex layout (#9482)
8131815 Ensure padding is not propagated from fitBounds to transform padding (#9481)