oak,p3ol

Name	Description
`@oakjs/react`	A render for React	documentation
`@oakjs/theme`	A base theme for Oak	documentation
`@oakjs/addon-remirror`	WYSIWYG text field for the React renderer using Remirror	documentation
`@oakjs/addon-ckeditor5-react`	WYSIWYG text field for the React renderer using CKEditor 5	documentation
`@oakjs/strapi-plugin`	A plugin to add a custom Oak field to Strapi	documentation
`@oakjs/core`	The core of the famous builder	documentation

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.memoize:4.1.2

Vulnerabilities

DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• @storybook/addon-storysource:5.3.19
        └─ @storybook/components:5.3.19
              └─ simplebar-react:1.2.3
                    └─ simplebar:4.2.3
                          └─ lodash.memoize:4.1.2

• rollup-plugin-postcss:3.1.5
        └─ cssnano:4.1.10
              └─ cssnano-preset-default:4.0.7
                    └─ postcss-merge-rules:4.0.3
                          └─ caniuse-api:3.0.0
                                └─ lodash.memoize:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.throttle:4.1.1

Vulnerabilities

DepShield reports that this application's usage of lodash.throttle:4.1.1 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.throttle:4.1.1 is a transitive dependency introduced by the following direct dependency(s):

• @storybook/addon-storysource:5.3.19
        └─ @storybook/components:5.3.19
              └─ simplebar-react:1.2.3
                    └─ simplebar:4.2.3
                          └─ lodash.throttle:4.1.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.uniq:4.5.0

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.22.1
        └─ @lerna/version:3.22.1
              └─ @lerna/github-client:3.22.0
                    └─ @octokit/rest:16.43.2
                          └─ lodash.uniq:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:5.1.0

Vulnerabilities

DepShield reports that this application's usage of kind-of:5.1.0 results in the following vulnerability(s):

(CVSS 5.3) CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Occurrences

kind-of:5.1.0 is a transitive dependency introduced by the following direct dependency(s):

• webpack:4.44.1
        └─ micromatch:3.1.10
              └─ snapdragon:0.8.2
                    └─ define-property:0.2.5
                          └─ is-descriptor:0.1.6
                                └─ kind-of:5.1.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.sortby:4.7.0

Vulnerabilities

DepShield reports that this application's usage of lodash.sortby:4.7.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.sortby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.22.1
        └─ @lerna/create:3.22.0
              └─ whatwg-url:7.1.0
                    └─ lodash.sortby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.5) Vulnerability due to usage of express:4.17.1

Vulnerabilities

DepShield reports that this application's usage of express:4.17.1 results in the following vulnerability(s):

(CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

express:4.17.1 is a transitive dependency introduced by the following direct dependency(s):

• @storybook/react:5.3.19
└─ @storybook/core:5.3.19
└─ express:4.17.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:4.0.0

Vulnerabilities

DepShield reports that this application's usage of kind-of:4.0.0 results in the following vulnerability(s):

(CVSS 5.3) CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Occurrences

kind-of:4.0.0 is a transitive dependency introduced by the following direct dependency(s):

• webpack:4.44.1
        └─ micromatch:3.1.10
              └─ snapdragon:0.8.2
                    └─ base:0.11.2
                          └─ cache-base:1.0.1
                                └─ has-value:1.0.0
                                      └─ has-values:1.0.0
                                            └─ kind-of:4.0.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.debounce:4.0.8

Vulnerabilities

DepShield reports that this application's usage of lodash.debounce:4.0.8 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.debounce:4.0.8 is a transitive dependency introduced by the following direct dependency(s):

• @storybook/addon-storysource:5.3.19
        └─ @storybook/components:5.3.19
              └─ simplebar-react:1.2.3
                    └─ simplebar:4.2.3
                          └─ lodash.debounce:4.0.8

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:2.0.1

Vulnerabilities

DepShield reports that this application's usage of kind-of:2.0.1 results in the following vulnerability(s):

(CVSS 5.3) CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Occurrences

kind-of:2.0.1 is a transitive dependency introduced by the following direct dependency(s):

• @storybook/react:5.3.19
        └─ @svgr/webpack:4.3.3
              └─ @svgr/plugin-svgo:4.3.1
                    └─ merge-deep:3.0.2
                          └─ clone-deep:0.2.4
                                └─ shallow-clone:0.1.2
                                      └─ kind-of:2.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.5) Vulnerability due to usage of yargs-parser:5.0.0-security.0

Vulnerabilities

DepShield reports that this application's usage of yargs-parser:5.0.0-security.0 results in the following vulnerability(s):

(CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
(CVSS 7.5) [CVE-2020-7608] yargs-parser could be tricked into adding or modifying properties of Object.prot...

Occurrences

yargs-parser:5.0.0-security.0 is a transitive dependency introduced by the following direct dependency(s):

• @percy/storybook:3.3.0
└─ yargs:7.1.1
└─ yargs-parser:5.0.0-security.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

preview only mode

it support preview only mode?

[DepShield] (CVSS 7.5) Vulnerability due to usage of acorn:6.4.1

Vulnerabilities

DepShield reports that this application's usage of acorn:6.4.1 results in the following vulnerability(s):

(CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

acorn:6.4.1 is a transitive dependency introduced by the following direct dependency(s):

• webpack:4.44.1
└─ acorn:6.4.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

Branch master

github-actions

.github/workflows/ci.yml

actions/checkout v4

actions/setup-node v4

actions/checkout v4

actions/setup-node v4

codecov/codecov-action v4.5.0

actions/checkout v4

actions/setup-node v4

.github/workflows/gh-pages.yml

actions/checkout v4

actions/setup-node v4

actions/configure-pages v5

actions/upload-pages-artifact v3

actions/deploy-pages v4

npm

package.json

@babel/eslint-plugin 7.25.1

@ckeditor/ckeditor5-alignment 41.4.2

@ckeditor/ckeditor5-basic-styles 41.4.2

@ckeditor/ckeditor5-block-quote 41.4.2

@ckeditor/ckeditor5-core 41.4.2

@ckeditor/ckeditor5-dev-translations 40.2.3

@ckeditor/ckeditor5-dev-utils 40.2.3

@ckeditor/ckeditor5-editor-classic 41.4.2

@ckeditor/ckeditor5-editor-multi-root 41.4.2

@ckeditor/ckeditor5-engine 41.4.2

@ckeditor/ckeditor5-essentials 41.4.2

@ckeditor/ckeditor5-font 41.4.2

@ckeditor/ckeditor5-horizontal-line 41.4.2

@ckeditor/ckeditor5-indent 41.4.2

@ckeditor/ckeditor5-link 41.4.2

@ckeditor/ckeditor5-list 41.4.2

@ckeditor/ckeditor5-paragraph 41.4.2

@ckeditor/ckeditor5-react 7.0.0

@ckeditor/ckeditor5-remove-format 41.4.2

@ckeditor/ckeditor5-table 41.4.2

@ckeditor/ckeditor5-theme-lark 41.4.2

@ckeditor/ckeditor5-typing 41.4.2

@ckeditor/ckeditor5-ui 41.4.2

@ckeditor/ckeditor5-utils 41.4.2

@ckeditor/ckeditor5-watchdog 41.4.2

@junipero/core 3.7.1

@junipero/tailwind-plugin 3.7.1

@percy/storybook 6.0.1

@poool/eslint-config 3.0.1

@poool/eslint-config-react 3.0.1

@poool/eslint-plugin 3.0.0

@remirror/pm 2.0.9

@remirror/react 2.0.35

@rollup/plugin-alias 5.1.0

@rollup/plugin-commonjs 26.0.1

@rollup/plugin-node-resolve 15.2.3

@rollup/plugin-swc 0.3.1

@rollup/plugin-terser 0.4.4

@storybook/addon-actions 8.2.7

@storybook/addon-storysource 8.2.7

@storybook/addon-styling-webpack 1.0.0

@storybook/addon-themes 8.2.7

@storybook/addon-webpack5-compiler-swc 1.0.5

@storybook/react 8.2.7

@storybook/react-webpack5 8.2.7

@storybook/theming 8.2.7

@swc/core 1.7.4

@swc/jest 0.2.36

@testing-library/dom 10.4.0

@testing-library/jest-dom 6.4.8

@testing-library/react 16.0.0

@types/jest 29.5.12

@types/node 22.0.2

@types/react ^18.3.3

@types/react-dom ^18.3.0

@typescript-eslint/parser 8.0.0

autoprefixer 10.4.19

ckeditor5 41.4.2

css-loader 7.1.2

eslint 8.57.0

eslint-config-standard 17.1.0

eslint-plugin-import 2.29.1

eslint-plugin-n 17.10.1

eslint-plugin-promise 7.0.0

eslint-plugin-react 7.35.0

jest 29.7.0

jest-css-modules-transform 4.4.2

jest-environment-jsdom 29.7.0

jest-transform-stub 2.0.0

lerna 8.1.7

lerna-changelog 2.2.0

postcss 8.4.40

postcss-loader 8.1.1

react 18.3.1

react-dom 18.3.1

remirror 2.0.40

rollup 4.19.2

rollup-plugin-postcss 4.0.2

sass 1.77.8

sass-loader 14.2.1

storybook 8.2.7

storybook-dark-mode 4.0.2

style-loader 4.0.0

swc-loader 0.2.6

tailwindcss 3.4.7

terser-webpack-plugin 5.3.10

typescript 5.5.4

webpack 5.93.0

webpack-cli 5.1.4

yarn 4.3.1

packages/addon-ckeditor5-react/package.json

@ckeditor/ckeditor5-react ^6.0.0 || ^7.0.0

react ^18.0.0

react-dom ^18.0.0

node >= 18

packages/addon-remirror/package.json

@remirror/pm ^2.0.0

@remirror/react ^2.0.0

react ^18.0.0

react-dom ^18.0.0

remirror ^2.0.0

node >= 18

packages/ckeditor5-build-custom/package.json

react ^18.0.0

react-dom ^18.0.0

node >= 18

packages/core/package.json

@junipero/core 3.7.1

uuid 10.0.0

node >= 18

packages/react/package.json

@floating-ui/react 0.26.20

@junipero/hooks 3.7.0

@junipero/react 3.7.3

@junipero/transitions 3.7.3

uuid 10.0.0

react ^18.0.0

react-dom ^18.0.0

node >= 18

packages/strapi-plugin/package.json

@ckeditor/ckeditor5-react 7.0.0

@remirror/pm 2.0.9

@remirror/react 2.0.35

@strapi/design-system 1.19.0

@strapi/icons 1.19.0

remirror 2.0.40

styled-components 6.1.12

@strapi/strapi ^4.4.0

react ^17.0.2 || ^18.0.0

react-dom ^17.0.2 || ^18.0.0

node >= 18

packages/theme/package.json

@junipero/theme 3.7.0

node >= 18

Branch develop

github-actions

.github/workflows/ci.yml

actions/checkout v4

actions/setup-node v4

actions/checkout v4

actions/setup-node v4

codecov/codecov-action v4.5.0

actions/checkout v4

actions/setup-node v4

.github/workflows/gh-pages.yml

actions/checkout v4

actions/setup-node v4

actions/configure-pages v5

actions/upload-pages-artifact v3

actions/deploy-pages v4

npm

package.json

@babel/eslint-plugin 7.25.1

@ckeditor/ckeditor5-alignment 41.4.2

@ckeditor/ckeditor5-basic-styles 41.4.2

@ckeditor/ckeditor5-block-quote 41.4.2

@ckeditor/ckeditor5-core 41.4.2

@ckeditor/ckeditor5-dev-translations 40.2.3

@ckeditor/ckeditor5-dev-utils 40.2.3

@ckeditor/ckeditor5-editor-classic 41.4.2

@ckeditor/ckeditor5-editor-multi-root 41.4.2

@ckeditor/ckeditor5-engine 41.4.2

@ckeditor/ckeditor5-essentials 41.4.2

@ckeditor/ckeditor5-font 41.4.2

@ckeditor/ckeditor5-horizontal-line 41.4.2

@ckeditor/ckeditor5-indent 41.4.2

@ckeditor/ckeditor5-link 41.4.2

@ckeditor/ckeditor5-list 41.4.2

@ckeditor/ckeditor5-paragraph 41.4.2

@ckeditor/ckeditor5-react 7.0.0

@ckeditor/ckeditor5-remove-format 41.4.2

@ckeditor/ckeditor5-table 41.4.2

@ckeditor/ckeditor5-theme-lark 41.4.2

@ckeditor/ckeditor5-typing 41.4.2

@ckeditor/ckeditor5-ui 41.4.2

@ckeditor/ckeditor5-utils 41.4.2

@ckeditor/ckeditor5-watchdog 41.4.2

@junipero/core 3.7.1

@junipero/tailwind-plugin 3.7.1

@percy/storybook 6.0.1

@poool/eslint-config 3.0.1

@poool/eslint-config-react 3.0.1

@poool/eslint-plugin 3.0.0

@remirror/pm 2.0.9

@remirror/react 2.0.35

@rollup/plugin-alias 5.1.0

@rollup/plugin-commonjs 26.0.1

@rollup/plugin-node-resolve 15.2.3

@rollup/plugin-swc 0.3.1

@rollup/plugin-terser 0.4.4

@storybook/addon-actions 8.2.7

@storybook/addon-storysource 8.2.7

@storybook/addon-styling-webpack 1.0.0

@storybook/addon-themes 8.2.7

@storybook/addon-webpack5-compiler-swc 1.0.5

@storybook/react 8.2.7

@storybook/react-webpack5 8.2.7

@storybook/theming 8.2.7

@swc/core 1.7.4

@swc/jest 0.2.36

@testing-library/dom 10.4.0

@testing-library/jest-dom 6.4.8

@testing-library/react 16.0.0

@types/jest 29.5.12

@types/node 22.0.2

@types/react ^18.3.3

@types/react-dom ^18.3.0

@typescript-eslint/parser 8.0.0

autoprefixer 10.4.19

ckeditor5 41.4.2

css-loader 7.1.2

eslint 8.57.0

eslint-config-standard 17.1.0

eslint-plugin-import 2.29.1

eslint-plugin-n 17.10.1

eslint-plugin-promise 7.0.0

eslint-plugin-react 7.35.0

jest 29.7.0

jest-css-modules-transform 4.4.2

jest-environment-jsdom 29.7.0

jest-transform-stub 2.0.0

lerna 8.1.7

lerna-changelog 2.2.0

postcss 8.4.40

postcss-loader 8.1.1

react 18.3.1

react-dom 18.3.1

remirror 2.0.40

rollup 4.19.2

rollup-plugin-postcss 4.0.2

sass 1.77.8

sass-loader 14.2.1

storybook 8.2.7

storybook-dark-mode 4.0.2

style-loader 4.0.0

swc-loader 0.2.6

tailwindcss 3.4.7

terser-webpack-plugin 5.3.10

typescript 5.5.4

webpack 5.93.0

webpack-cli 5.1.4

yarn 4.3.1

packages/addon-ckeditor5-react/package.json

@ckeditor/ckeditor5-react ^6.0.0 || ^7.0.0

react ^18.0.0

react-dom ^18.0.0

node >= 18

packages/addon-remirror/package.json

@remirror/pm ^2.0.0

@remirror/react ^2.0.0

react ^18.0.0

react-dom ^18.0.0

remirror ^2.0.0

node >= 18

packages/ckeditor5-build-custom/package.json

react ^18.0.0

react-dom ^18.0.0

node >= 18

packages/core/package.json

@junipero/core 3.7.1

uuid 10.0.0

node >= 18

packages/react/package.json

@floating-ui/react 0.26.20

@junipero/hooks 3.7.0

@junipero/react 3.7.3

@junipero/transitions 3.7.3

uuid 10.0.0

react ^18.0.0

react-dom ^18.0.0

node >= 18

packages/strapi-plugin/package.json

@ckeditor/ckeditor5-react 7.0.0

@remirror/pm 2.0.9

@remirror/react 2.0.35

@strapi/design-system 1.19.0

@strapi/icons 1.19.0

remirror 2.0.40

styled-components 6.1.12

@strapi/strapi ^4.4.0

react ^17.0.2 || ^18.0.0

react-dom ^17.0.2 || ^18.0.0

node >= 18

packages/theme/package.json

@junipero/theme 3.7.0

node >= 18

Check this box to trigger a request for Renovate to run again on this repository

Looking for a starter example or Documentation

Is there any starter example or documentation for oak with reactjs?

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.camelcase:4.3.0

Vulnerabilities

DepShield reports that this application's usage of lodash.camelcase:4.3.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.camelcase:4.3.0 is a transitive dependency introduced by the following direct dependency(s):

• rollup-plugin-postcss:3.1.5
└─ postcss-modules:2.0.0
└─ lodash.camelcase:4.3.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.clonedeep:4.5.0

Vulnerabilities

DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.22.1
        └─ @lerna/publish:3.22.1
              └─ @lerna/npm-publish:3.18.5
                    └─ @evocateur/libnpmpublish:1.2.2
                          └─ lodash.clonedeep:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:3.2.2

Vulnerabilities

DepShield reports that this application's usage of kind-of:3.2.2 results in the following vulnerability(s):

(CVSS 5.3) CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Occurrences

kind-of:3.2.2 is a transitive dependency introduced by the following direct dependency(s):

• webpack:4.44.1
        └─ micromatch:3.1.10
              └─ braces:2.3.2
                    └─ fill-range:4.0.0
                          └─ is-number:3.0.0
                                └─ kind-of:3.2.2
                    └─ snapdragon-node:2.1.1
                          └─ snapdragon-util:3.0.1
                                └─ kind-of:3.2.2
              └─ snapdragon:0.8.2
                    └─ base:0.11.2
                          └─ cache-base:1.0.1
                                └─ to-object-path:0.3.0
                                      └─ kind-of:3.2.2
                          └─ class-utils:0.3.6
                                └─ static-extend:0.1.2
                                      └─ object-copy:0.1.0
                                            └─ kind-of:3.2.2
                    └─ define-property:0.2.5
                          └─ is-descriptor:0.1.6
                                └─ is-accessor-descriptor:0.1.6
                                      └─ kind-of:3.2.2
                                └─ is-data-descriptor:0.1.4
                                      └─ kind-of:3.2.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash._reinterpolate:3.0.0

Vulnerabilities

DepShield reports that this application's usage of lodash._reinterpolate:3.0.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._reinterpolate:3.0.0 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.22.1
        └─ @lerna/version:3.22.1
              └─ @lerna/conventional-commits:3.22.0
                    └─ lodash.template:4.5.0
                          └─ lodash._reinterpolate:3.0.0
                          └─ lodash.templatesettings:4.2.0
                                └─ lodash._reinterpolate:3.0.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.get:4.4.2

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.22.1
        └─ @lerna/version:3.22.1
              └─ @lerna/github-client:3.22.0
                    └─ @octokit/rest:16.43.2
                          └─ lodash.get:4.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.5) Vulnerability due to usage of q:1.5.1

Vulnerabilities

DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):

(CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.22.1
        └─ @lerna/version:3.22.1
              └─ @lerna/conventional-commits:3.22.0
                    └─ conventional-changelog-angular:5.0.11
                          └─ q:1.5.1
                    └─ conventional-changelog-core:3.2.3
                          └─ q:1.5.1
                    └─ conventional-recommended-bump:5.0.1
                          └─ q:1.5.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.set:4.3.2

Vulnerabilities

DepShield reports that this application's usage of lodash.set:4.3.2 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.set:4.3.2 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.22.1
        └─ @lerna/version:3.22.1
              └─ @lerna/github-client:3.22.0
                    └─ @octokit/rest:16.43.2
                          └─ lodash.set:4.3.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.5) Vulnerability due to usage of debug:2.6.9

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

(CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• @percy/storybook:3.3.0
        └─ @percy/react-percy-api-client:0.4.6
              └─ debug:2.6.9
        └─ puppeteer:1.20.0
              └─ extract-zip:1.7.0
                    └─ debug:2.6.9

• eslint-plugin-import:2.22.0
        └─ eslint-import-resolver-node:0.3.4
              └─ debug:2.6.9
        └─ eslint-module-utils:2.6.0
              └─ debug:2.6.9
        └─ debug:2.6.9

• webpack:4.44.1
        └─ micromatch:3.1.10
              └─ extglob:2.0.4
                    └─ expand-brackets:2.1.4
                          └─ debug:2.6.9
              └─ snapdragon:0.8.2
                    └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

p3ol / oak Goto Github PK

oak's Introduction

Packages

Documentation

Development

Contributing

License

oak's People

Contributors

Stargazers

Watchers

Forkers

oak's Issues

Rate-Limited

Open

Detected dependencies

Recommend Projects

Recommend Topics

Recommend Org