Skip to content

[Snyk] Fix for 17 vulnerabilities#37

Open
FinnDore wants to merge 1 commit intomainfrom
snyk-fix-fdfa7a324042e45fdecb4f0e05727426
Open

[Snyk] Fix for 17 vulnerabilities#37
FinnDore wants to merge 1 commit intomainfrom
snyk-fix-fdfa7a324042e45fdecb4f0e05727426

Conversation

@FinnDore
Copy link
Owner

@FinnDore FinnDore commented Jan 12, 2026

snyk-top-banner

Snyk has created this PR to fix 17 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

  • apps/client/package.json
⚠️ Warning 
Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Improper Authorization
SNYK-JS-NEXT-9508709		   851  
high severity Deserialization of Untrusted Data
SNYK-JS-NEXT-14400636		   796  
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		   786  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-NEXT-12299318		   736  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   696  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ZOD-5925617		   696  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELHELPERS-9397697		   666  
medium severity Race Condition
SNYK-JS-NEXT-10176058		   636  
high severity Uncontrolled Recursion
SNYK-JS-NEXT-8186172		   624  
high severity Missing Authorization
SNYK-JS-NEXT-8520073		   624  
medium severity Resource Exhaustion
SNYK-JS-NEXT-6032387		   586  
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-NEXT-8602067		   559  
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		   529  
medium severity Use of Cache Containing Sensitive Information
SNYK-JS-NEXT-12301496		   529  
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692		   479  
low severity Missing Origin Validation in WebSockets
SNYK-JS-NEXT-10259370		   329  
low severity Missing Source Correlation of Multiple Independent Data
SNYK-JS-NEXT-12265451		   329  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 Race Condition
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: apps/client/package.json to reduce vulnerabilities
63c21cc 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-9508709
- https://snyk.io/vuln/SNYK-JS-NEXT-14400636
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
- https://snyk.io/vuln/SNYK-JS-NEXT-12299318
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-ZOD-5925617
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-NEXT-10176058
- https://snyk.io/vuln/SNYK-JS-NEXT-8186172
- https://snyk.io/vuln/SNYK-JS-NEXT-8520073
- https://snyk.io/vuln/SNYK-JS-NEXT-6032387
- https://snyk.io/vuln/SNYK-JS-NEXT-8602067
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-NEXT-12301496
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
- https://snyk.io/vuln/SNYK-JS-NEXT-12265451
@FinnDore FinnDore self-assigned this Jan 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@FinnDore FinnDore

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FinnDore @snyk-bot