[Snyk] Upgrade html-entities from 1.3.1 to 2.1.0 by snyk-bot · Pull Request #15 · turkdevops/create-react-app

snyk-bot · 2021-03-28T00:55:46Z

Snyk has created this PR to upgrade html-entities from 1.3.1 to 2.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 11 versions ahead of your current version.
The recommended version was released 2 months ago, on 2021-01-27.

Release notes

Package name: html-entities

2.1.0 - 2021-01-27
- Add extensive mode to encode() method. This mode encodes all non-printable characters, non-ASCII characters and all characters with named references.
2.0.6 - 2021-01-25
- Handle invalid numeric HTML entities: mimic browser behaviour.
2.0.5 - 2021-01-25
- Handling behaviour of ambiguous ampersands.
2.0.4 - 2021-01-22
- Fix webpack build warning.
2.0.3 - 2021-01-22
- Handle invalid numeric HTML entities.
2.0.2 - 2020-12-29
- Handle null and undefined text values.
2.0.1 - 2020-12-28
- Fix decoding numeric HTML entities.

2.0.0 - 2020-12-28

Performance was greatly improved.

New API: simpler and more flexible.

htmlEntitiesInstance.encode(text) -> encode(text)

Before:

import {AllHtmlEntities} from 'html-entities';
const entities = new AllHtmlEntities();

console.log(

entities.encode('<Hello & World>')

);

After:

import {encode} from 'html-entities';
console.log(

encode('<Hello & World>')

);

instance.encodeNonASCII(text) -> encode(text, {mode: 'nonAscii'})

Before:

import {AllHtmlEntities} from 'html-entities';
const entities = new AllHtmlEntities();

console.log(

entities.encodeNonASCII('& © ∆')

);

After:

import {encode} from 'html-entities';
console.log(

encode('& © ∆', {mode: 'nonAscii'})

);

instance.encodeNonASCII(text) -> encode(text, {mode: 'nonAsciiPrintable'})

Before:

import {AllHtmlEntities} from 'html-entities';
const entities = new AllHtmlEntities();

console.log(

entities.encodeNonASCII('& © ∆ \x01')

);

After:

import {encode} from 'html-entities';
console.log(

encode('& © ∆ \x01', {mode: 'nonAsciiPrintable'})

);

instance.decode(text) -> decode(text)

Before:

import {AllHtmlEntities} from 'html-entities';
const entities = new AllHtmlEntities();

console.log(

entities.decode('&lt;&gt;&amp;')

);

After:

import {decode} from 'html-entities';
console.log(

decode('&lt;&gt;&amp;')

);

Different XML/HTML versions are now implemented via options instead of different classes.

Before:

import {XmlEntities, Html4Entities, Html5Entities, AllHtmlEntities} from 'html-entities';
const xmlEntities = new XmlEntities();

const html4Entities = new Html4Entities();

const html5Entities = new Html5Entities();

const allHtmlEntities = new AllHtmlEntities();
console.log(xmlEntities.encode('<>&'));

console.log(html4Entities.encode('<>&©'));

console.log(html5Entities.encode('<>&©℞'));

console.log(allHtmlEntities.encode('<>&©℞'));
console.log(xmlEntities.decode('&lt;&gt;&amp;'));

console.log(html4Entities.decode('&lt;&gt;&amp;&copy;'));

console.log(html5Entities.decode('&lt;&gt;&amp;&copy;&rx;'));

console.log(allHtmlEntities.decode('&lt;&gt;&amp;&copy;&rx;'));

After:

import {encode, decode} from 'html-entities';
console.log(encode('<>&', {level: 'xml'}));

console.log(encode('<>&©', {level: 'html4', mode: 'nonAscii'}));

console.log(encode('<>&©℞', {level: 'html5', mode: 'nonAscii'}));

console.log(encode('<>&©℞', {level: 'all', mode: 'nonAscii'}));
console.log(decode('&lt;&gt;&amp;', {level: 'xml'}));

console.log(decode('&lt;&gt;&amp;&copy;', {level: 'html4'}));

console.log(decode('&lt;&gt;&amp;&copy;&rx;', {level: 'html5'}));

console.log(decode('&lt;&gt;&amp;&copy;&rx;', {level: 'all'}));

1.4.0 - 2020-12-19
v1.4.0
1.3.3 - 2020-12-13
v1.3.3
1.3.2 - 2020-12-13
1.3.1 - 2020-04-11

from html-entities GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade html-entities from 1.3.1 to 2.1.0. See this package in npm: https://www.npmjs.com/package/html-entities See this project in Snyk: https://app.snyk.io/org/turkdevops/project/17a6daf5-631c-43d1-8738-dc60e6a84e20?utm_source=github&utm_medium=upgrade-pr

mistaken-pull-closer · 2021-03-28T00:55:51Z

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

pull-dog · 2021-03-28T00:55:52Z

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

@pull-dog up to reprovision or provision the server.
@pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
0b950f90-8f61-11eb-9874-1b1a074f1d27

guardrails · 2021-03-28T00:58:42Z

⚠️ We detected security issues in this pull request:
Mode: paranoid | Total findings: 172 | Considered vulnerability: 0

Hard-Coded Secrets (12)

create-react-app/docusaurus/docs/deployment.md

Line 368 in f6c17c0

    
           2. `git remote set-url origin https://<user>:<token>@github.com/<user>/<repo>` .

create-react-app/docusaurus/website/docusaurus.config.js

Line 37 in f6c17c0

apiKey: '3be60f4f8ffc24c75da84857d6323791',

More info on how to fix Hard-Coded Secrets in General.

Insecure Use of Dangerous Function (31)

create-react-app/packages/create-react-app/createReactApp.js

Line 37 in f6c17c0

const execSync = require('child_process').execSync;

create-react-app/packages/create-react-app/createReactApp.js

Line 724 in f6c17c0

const { name, version } = require(path.join(

create-react-app/packages/create-react-app/createReactApp.js

Line 762 in f6c17c0

const { name, version } = require(path.join(

create-react-app/packages/create-react-app/createReactApp.js

Line 830 in f6c17c0

const packageJson = require(packageJsonPath);

create-react-app/packages/create-react-app/createReactApp.js

Line 910 in f6c17c0

const packageJson = require(packagePath);

create-react-app/packages/react-dev-utils/getCacheIdentifier.js

Line 15 in f6c17c0

cacheIdentifier += require(`${packageName}/package.json`).version;

create-react-app/packages/react-dev-utils/getProcessForPort.js

Line 11 in f6c17c0

var execSync = require('child_process').execSync;

create-react-app/packages/react-dev-utils/getProcessForPort.js

Line 37 in f6c17c0

return require(packagePath).name;

create-react-app/packages/react-dev-utils/launchEditor.js

Line 11 in f6c17c0

const child_process = require('child_process');

create-react-app/packages/react-dev-utils/openBrowser.js

Line 11 in f6c17c0

var execSync = require('child_process').execSync;

create-react-app/packages/react-scripts/config/modules.js

Line 119 in f6c17c0

const ts = require(resolve.sync('typescript', {

create-react-app/packages/react-scripts/config/modules.js

Line 126 in f6c17c0

config = require(paths.appJsConfig);

create-react-app/packages/react-scripts/config/paths.js

Line 28 in f6c17c0

require(resolveApp('package.json')).homepage,

create-react-app/packages/react-scripts/config/webpack.config.js

Line 42 in f6c17c0

const appPackageJson = require(paths.appPackageJson);

create-react-app/packages/react-scripts/config/webpackDevServer.config.js

Line 123 in f6c17c0

require(paths.proxySetup)(app);

create-react-app/packages/react-scripts/scripts/build.js

Line 116 in f6c17c0

const appPackage = require(paths.appPackageJson);

create-react-app/packages/react-scripts/scripts/eject.js

Line 20 in f6c17c0

const execSync = require('child_process').execSync;

create-react-app/packages/react-scripts/scripts/eject.js

Line 169 in f6c17c0

const ownPackage = require(path.join(ownPath, 'package.json'));

create-react-app/packages/react-scripts/scripts/eject.js

Line 170 in f6c17c0

const appPackage = require(path.join(appPath, 'package.json'));

create-react-app/packages/react-scripts/scripts/init.js

Line 20 in f6c17c0

const execSync = require('child_process').execSync;

create-react-app/packages/react-scripts/scripts/init.js

Line 91 in f6c17c0

const appPackage = require(path.join(appPath, 'package.json'));

create-react-app/packages/react-scripts/scripts/init.js

Line 124 in f6c17c0

templateJson = require(templateJsonPath);

create-react-app/packages/react-scripts/scripts/start.js

Line 52 in f6c17c0

const react = require(require.resolve('react', { paths: [paths.appPath] }));

create-react-app/packages/react-scripts/scripts/start.js

Line 101 in f6c17c0

const appName = require(paths.appPackageJson).name;

create-react-app/packages/react-scripts/scripts/start.js

Line 129 in f6c17c0

const proxySetting = require(paths.appPackageJson).proxy;

create-react-app/packages/react-scripts/scripts/test.js

Line 36 in f6c17c0

const execSync = require('child_process').execSync;

create-react-app/packages/react-scripts/scripts/utils/createJestConfig.js

Line 74 in f6c17c0

const overrides = Object.assign({}, require(paths.appPackageJson).jest);

create-react-app/packages/react-scripts/scripts/utils/verifyTypeScriptSetup.js

Line 80 in f6c17c0

ts = require(resolve.sync('typescript', {

create-react-app/tasks/compile-lockfile.js

Line 11 in f6c17c0

const cprocess = require('child_process');

create-react-app/tasks/cra.js

Line 13 in f6c17c0

const cp = require('child_process');

create-react-app/tasks/screencast.js

Line 41 in f6c17c0

const data = require(cast);

More info on how to fix Insecure Use of Dangerous Function in Javascript.

Insecure File Management (111)

create-react-app/packages/create-react-app/createReactApp.js

Line 269 in f6c17c0

fs.writeFileSync(

create-react-app/packages/create-react-app/createReactApp.js

Line 506 in f6c17c0

const nodeArgs = fs.existsSync(pnpPath) ? ['--require', pnpPath] : [];

create-react-app/packages/create-react-app/createReactApp.js

Line 548 in f6c17c0

const currentFiles = fs.readdirSync(path.join(root));

create-react-app/packages/create-react-app/createReactApp.js

Line 558 in f6c17c0

const remainingFiles = fs.readdirSync(path.join(root));

create-react-app/packages/create-react-app/createReactApp.js

Line 719 in f6c17c0

stream = fs.createReadStream(installPackage);

create-react-app/packages/create-react-app/createReactApp.js

Line 826 in f6c17c0

if (!fs.existsSync(packageJsonPath)) {

create-react-app/packages/create-react-app/createReactApp.js

Line 926 in f6c17c0

fs.writeFileSync(packagePath, JSON.stringify(packageJson, null, 2) + os.EOL);

create-react-app/packages/create-react-app/createReactApp.js

Line 964 in f6c17c0

const conflicts = fs

create-react-app/packages/create-react-app/createReactApp.js

Line 979 in f6c17c0

const stats = fs.lstatSync(path.join(root, file));

create-react-app/packages/create-react-app/createReactApp.js

Line 998 in f6c17c0

fs.readdirSync(root).forEach(file => {

create-react-app/packages/react-dev-utils/FileSizeReporter.js

Line 42 in f6c17c0

var fileContents = fs.readFileSync(path.join(root, asset.name));

create-react-app/packages/react-dev-utils/FileSizeReporter.js

Line 139 in f6c17c0

var contents = fs.readFileSync(fileName);

create-react-app/packages/react-dev-utils/WebpackDevServerUtils.js

Line 387 in f6c17c0

const isPublicFileRequest = fs.existsSync(maybePublicPath);

create-react-app/packages/react-dev-utils/browsersHelper.js

Line 75 in f6c17c0

const pkg = JSON.parse(fs.readFileSync(filePath));

create-react-app/packages/react-dev-utils/browsersHelper.js

Line 77 in f6c17c0

fs.writeFileSync(filePath, JSON.stringify(pkg, null, 2) + os.EOL);

create-react-app/packages/react-dev-utils/launchEditor.js

Line 288 in f6c17c0

if (!fs.existsSync(fileName)) {

create-react-app/packages/react-dev-utils/printHostingInstructions.js

Line 118 in f6c17c0

if (!fs.existsSync(`${globalModules}/serve`)) {

create-react-app/packages/react-dev-utils/typescriptFormatter.js

Line 27 in f6c17c0

const source = file && fs.existsSync(file) && fs.readFileSync(file, 'utf-8');

create-react-app/packages/react-error-overlay/src/__tests__/get-source-map.js

Line 13 in f6c17c0

const file = fs

create-react-app/packages/react-error-overlay/src/__tests__/get-source-map.js

Line 17 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/get-source-map.js

Line 33 in f6c17c0

const file = fs

create-react-app/packages/react-error-overlay/src/__tests__/get-source-map.js

Line 36 in f6c17c0

const fileO = fs

create-react-app/packages/react-error-overlay/src/__tests__/get-source-map.js

Line 52 in f6c17c0

const file = fs

create-react-app/packages/react-error-overlay/src/__tests__/mapper.js

Line 19 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/mapper.js

Line 24 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/mapper.js

Line 31 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/mapper.js

Line 44 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/mapper.js

Line 49 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/mapper.js

Line 56 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/unmapper.js

Line 23 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/unmapper.js

Line 28 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/unmapper.js

Line 35 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/unmapper.js

Line 42 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/unmapper.js

Line 47 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/unmapper.js

Line 61 in f6c17c0

fs

create-react-app/packages/react-error-overlay/src/__tests__/unmapper.js

Line 66 in f6c17c0

fs

create-react-app/packages/react-scripts/config/env.js

Line 42 in f6c17c0

if (fs.existsSync(dotenvFile)) {

create-react-app/packages/react-scripts/config/env.js

Line 60 in f6c17c0

const appDirectory = fs.realpathSync(process.cwd());

create-react-app/packages/react-scripts/config/getHttpsConfig.js

Line 44 in f6c17c0

if (!fs.existsSync(file)) {

create-react-app/packages/react-scripts/config/getHttpsConfig.js

Line 51 in f6c17c0

return fs.readFileSync(file);

create-react-app/packages/react-scripts/config/modules.js

Line 104 in f6c17c0

const hasTsConfig = fs.existsSync(paths.appTsConfig);

create-react-app/packages/react-scripts/config/modules.js

Line 105 in f6c17c0

const hasJsConfig = fs.existsSync(paths.appJsConfig);

create-react-app/packages/react-scripts/config/modules.js

Line 122 in f6c17c0

config = ts.readConfigFile(paths.appTsConfig, ts.sys.readFile).config;

create-react-app/packages/react-scripts/config/paths.js

Line 17 in f6c17c0

const appDirectory = fs.realpathSync(process.cwd());

create-react-app/packages/react-scripts/config/paths.js

Line 49 in f6c17c0

fs.existsSync(resolveFn(`${filePath}.${extension}`))

create-react-app/packages/react-scripts/config/paths.js

Line 110 in f6c17c0

fs.existsSync(reactScriptsPath) &&

create-react-app/packages/react-scripts/config/paths.js

Line 111 in f6c17c0

fs.lstatSync(reactScriptsPath).isSymbolicLink();

create-react-app/packages/react-scripts/config/webpack.config.js

Line 63 in f6c17c0

const useTypeScript = fs.existsSync(paths.appTsConfig);

create-react-app/packages/react-scripts/config/webpack.config.js

Line 712 in f6c17c0

fs.existsSync(swSrc) &&

create-react-app/packages/react-scripts/config/webpackDevServer.config.js

Line 121 in f6c17c0

if (fs.existsSync(paths.proxySetup)) {

create-react-app/packages/react-scripts/fixtures/kitchensink/template/integration/initDOM.js

Line 21 in f6c17c0

return fs.readFileSync(

create-react-app/packages/react-scripts/scripts/build.js

Line 50 in f6c17c0

const useYarn = fs.existsSync(paths.yarnLockFile);

create-react-app/packages/react-scripts/scripts/eject.js

Line 101 in f6c17c0

if (fs.existsSync(path.join(appPath, file))) {

create-react-app/packages/react-scripts/scripts/eject.js

Line 117 in f6c17c0

fs

create-react-app/packages/react-scripts/scripts/eject.js

Line 122 in f6c17c0

.filter(file => fs.lstatSync(file).isFile())

create-react-app/packages/react-scripts/scripts/eject.js

Line 141 in f6c17c0

fs.mkdirSync(path.join(appPath, folder));

create-react-app/packages/react-scripts/scripts/eject.js

Line 145 in f6c17c0

let content = fs.readFileSync(file, 'utf8');

create-react-app/packages/react-scripts/scripts/eject.js

Line 165 in f6c17c0

fs.writeFileSync(file.replace(ownPath, appPath), content);

create-react-app/packages/react-scripts/scripts/eject.js

Line 247 in f6c17c0

fs.writeFileSync(

create-react-app/packages/react-scripts/scripts/eject.js

Line 253 in f6c17c0

if (fs.existsSync(paths.appTypeDeclarations)) {

create-react-app/packages/react-scripts/scripts/eject.js

Line 256 in f6c17c0

let content = fs.readFileSync(paths.appTypeDeclarations, 'utf8');

create-react-app/packages/react-scripts/scripts/eject.js

Line 258 in f6c17c0

fs.readFileSync(paths.ownTypeDeclarations, 'utf8').trim() + os.EOL;

create-react-app/packages/react-scripts/scripts/eject.js

Line 270 in f6c17c0

fs.writeFileSync(

create-react-app/packages/react-scripts/scripts/eject.js

Line 293 in f6c17c0

if (fs.existsSync(paths.yarnLockFile)) {

create-react-app/packages/react-scripts/scripts/eject.js

Line 307 in f6c17c0

windowsCmdFileContent = fs.readFileSync(windowsCmdFilePath);

create-react-app/packages/react-scripts/scripts/eject.js

Line 316 in f6c17c0

if (windowsCmdFileContent && !fs.existsSync(windowsCmdFilePath)) {

create-react-app/packages/react-scripts/scripts/eject.js

Line 318 in f6c17c0

fs.writeFileSync(windowsCmdFilePath, windowsCmdFileContent);

create-react-app/packages/react-scripts/scripts/init.js

Line 92 in f6c17c0

const useYarn = fs.existsSync(path.join(appPath, 'yarn.lock'));

create-react-app/packages/react-scripts/scripts/init.js

Line 123 in f6c17c0

if (fs.existsSync(templateJsonPath)) {

create-react-app/packages/react-scripts/scripts/init.js

Line 226 in f6c17c0

fs.writeFileSync(

create-react-app/packages/react-scripts/scripts/init.js

Line 231 in f6c17c0

const readmeExists = fs.existsSync(path.join(appPath, 'README.md'));

create-react-app/packages/react-scripts/scripts/init.js

Line 233 in f6c17c0

fs.renameSync(

create-react-app/packages/react-scripts/scripts/init.js

Line 241 in f6c17c0

if (fs.existsSync(templateDir)) {

create-react-app/packages/react-scripts/scripts/init.js

Line 253 in f6c17c0

const readme = fs.readFileSync(path.join(appPath, 'README.md'), 'utf8');

create-react-app/packages/react-scripts/scripts/init.js

Line 254 in f6c17c0

fs.writeFileSync(

create-react-app/packages/react-scripts/scripts/init.js

Line 264 in f6c17c0

const gitignoreExists = fs.existsSync(path.join(appPath, '.gitignore'));

create-react-app/packages/react-scripts/scripts/init.js

Line 267 in f6c17c0

const data = fs.readFileSync(path.join(appPath, 'gitignore'));

create-react-app/packages/react-scripts/scripts/init.js

Line 268 in f6c17c0

fs.appendFileSync(path.join(appPath, '.gitignore'), data);

create-react-app/packages/react-scripts/scripts/init.js

Line 269 in f6c17c0

fs.unlinkSync(path.join(appPath, 'gitignore'));

create-react-app/packages/react-scripts/scripts/start.js

Line 55 in f6c17c0

const useYarn = fs.existsSync(paths.yarnLockFile);

create-react-app/packages/react-scripts/scripts/start.js

Line 103 in f6c17c0

const useTypeScript = fs.existsSync(paths.appTsConfig);

create-react-app/packages/react-scripts/scripts/utils/createJestConfig.js

Line 21 in f6c17c0

const setupTestsFile = fs.existsSync(paths.testsSetup)

create-react-app/packages/react-scripts/scripts/utils/verifyPackageTree.js

Line 62 in f6c17c0

if (!fs.existsSync(maybeNodeModules)) {

create-react-app/packages/react-scripts/scripts/utils/verifyPackageTree.js

Line 67 in f6c17c0

if (!fs.existsSync(maybeDep)) {

create-react-app/packages/react-scripts/scripts/utils/verifyPackageTree.js

Line 71 in f6c17c0

if (!fs.existsSync(maybeDepPackageJson)) {

create-react-app/packages/react-scripts/scripts/utils/verifyPackageTree.js

Line 75 in f6c17c0

fs.readFileSync(maybeDepPackageJson, 'utf8')

create-react-app/packages/react-scripts/scripts/utils/verifyTypeScriptSetup.js

Line 35 in f6c17c0

fs.writeFileSync(

create-react-app/packages/react-scripts/scripts/utils/verifyTypeScriptSetup.js

Line 63 in f6c17c0

if (!fs.existsSync(paths.appTsConfig)) {

create-react-app/packages/react-scripts/scripts/utils/verifyTypeScriptSetup.js

Line 71 in f6c17c0

const isYarn = fs.existsSync(paths.yarnLockFile);

create-react-app/packages/react-scripts/scripts/utils/verifyTypeScriptSetup.js

Line 175 in f6c17c0

ts.sys.readFile

create-react-app/packages/react-scripts/scripts/utils/verifyTypeScriptSetup.js

Line 292 in f6c17c0

if (!fs.existsSync(paths.appTypeDeclarations)) {

create-react-app/packages/react-scripts/scripts/utils/verifyTypeScriptSetup.js

Line 293 in f6c17c0

fs.writeFileSync(

create-react-app/tasks/compile-lockfile.js

Line 21 in f6c17c0

fse.mkdirSync(temp);

create-react-app/tasks/compile-lockfile.js

Line 24 in f6c17c0

fse.writeFileSync(path.join(temp, 'package.json'), '{}');

create-react-app/tasks/cra.js

Line 64 in f6c17c0

fs.readdirSync(packagesDir).forEach(name => {

create-react-app/tasks/cra.js

Line 67 in f6c17c0

if (fs.existsSync(packageJson)) {

create-react-app/tasks/cra.js

Line 73 in f6c17c0

const json = JSON.parse(fs.readFileSync(packageJson, 'utf8'));

create-react-app/tasks/cra.js

Line 91 in f6c17c0

fs.writeFileSync(packageJson, JSON.stringify(json, null, 2), 'utf8');

create-react-app/tasks/screencast.js

Line 47 in f6c17c0

fs.writeFileSync(cast, JSON.stringify(data, null, ' '));

create-react-app/test/fixtures/__shared__/test-setup.js

Line 7 in f6c17c0

const disablePnp = fs.existsSync(path.resolve(fixturePath, '.disable-pnp'));

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 25 in f6c17c0

fs.mkdirSync(path.join(...tsPackagePath.slice(0, 2)));

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 26 in f6c17c0

fs.mkdirSync(path.join(...tsPackagePath.slice(0, 3)));

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 27 in f6c17c0

fs.mkdirSync(path.join(...tsPackagePath.slice(0, 4)));

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 28 in f6c17c0

fs.writeFileSync(path.join(...tsPackagePath));

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 30 in f6c17c0

expect(fs.existsSync(tsConfigPath)).toBe(false);

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 34 in f6c17c0

fs.mkdirSync(path.join(...dtsSrcPath.slice(0, 3)));

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 35 in f6c17c0

fs.writeFileSync(path.join(...dtsSrcPath));

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 37 in f6c17c0

expect(fs.existsSync(tsConfigPath)).toBe(false);

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 41 in f6c17c0

fs.writeFileSync(tsSrcPath);

create-react-app/test/fixtures/issue-5947-not-typescript/index.test.js

Line 43 in f6c17c0

expect(fs.existsSync(tsConfigPath)).toBe(true);

create-react-app/test/fixtures/relative-paths/index.test.js

Line 20 in f6c17c0

.exec(fs.readFileSync(cssFile, 'utf8'))

More info on how to fix Insecure File Management in Javascript.

Insecure Use of Regular Expressions (16)

create-react-app/packages/create-react-app/createReactApp.js

Line 586 in f6c17c0

version.match(/^file:(.*)?$/)[1]

create-react-app/packages/create-react-app/createReactApp.js

Line 631 in f6c17c0

template.match(/^file:(.*)?$/)[1]

create-react-app/packages/create-react-app/createReactApp.js

Line 642 in f6c17c0

const packageMatch = template.match(/^(@[^/]+\/)?([^@]+)?(@.+)?$/);

create-react-app/packages/create-react-app/createReactApp.js

Line 738 in f6c17c0

/^.+\/(.+?)(?:-\d+.+)?\.(tgz|tar\.gz)$/

create-react-app/packages/create-react-app/createReactApp.js

Line 752 in f6c17c0

name: installPackage.match(/([^/]+)\.git(#.*)?$/)[1],

create-react-app/packages/create-react-app/createReactApp.js

Line 761 in f6c17c0

const installPackagePath = installPackage.match(/^file:(.*)?$/)[1];

create-react-app/packages/react-dev-utils/InterpolateHtmlPlugin.js

Line 34 in f6c17c0

new RegExp('%' + escapeStringRegexp(key) + '%', 'g'),

create-react-app/packages/react-dev-utils/WebpackDevServerUtils.js

Line 385 in f6c17c0

pathname.replace(new RegExp('^' + servedPathname), '')

create-react-app/packages/react-dev-utils/formatWebpackMessages.js

Line 27 in f6c17c0

const parsingError = /Line (\d+):(?:(\d+):)?\s*Parsing error: (.+)$/.exec(

create-react-app/packages/react-dev-utils/ignoredFiles.js

Line 14 in f6c17c0

return new RegExp(

create-react-app/packages/react-error-overlay/src/utils/getSourceMap.js

Line 109 in f6c17c0

const base64 = /^data:application\/json;([\w=:"-]+;)*base64,/;

create-react-app/packages/react-error-overlay/src/utils/parseCompileError.js

Line 10 in f6c17c0

const filePathRegex = /^\.(\/[^/\n ]+)+\.[^/\n ]+$/;

create-react-app/packages/react-error-overlay/src/utils/parser.js

Line 11 in f6c17c0

const regexExtractLocation = /$?(.+?)(?::(\d+))?(?::(\d+))?$?$/;

create-react-app/packages/react-error-overlay/src/utils/parser.js

Line 44 in f6c17c0

/ line (\d+)(?: > eval line \d+)* > (eval|Function):\d+:\d+/g,

create-react-app/packages/react-scripts/scripts/eject.js

Line 211 in f6c17c0

const regex = new RegExp(binKey + ' (\\w+)', 'g');

create-react-app/packages/react-scripts/scripts/utils/verifyPackageTree.js

Line 35 in f6c17c0

    
           /\bv?(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-[\da-z-]+(?:\.[\da-z-]+)*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?\b/gi;

More info on how to fix Insecure Use of Regular Expressions in Javascript.

Insecure Use of Language/Framework API (1)

create-react-app/packages/react-error-overlay/src/components/CodeBlock.js

Line 49 in f6c17c0

More info on how to fix Insecure Use of Language/Framework API in Javascript.

Information Disclosure (1)

create-react-app/test/fixtures/webpack-message-formatting/src/AppBabel.js

Line 8 in f6c17c0

</div>

More info on how to fix Information Disclosure in Javascript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

mistaken-pull-closer Bot added the invalid This doesn't seem right label Mar 28, 2021

mistaken-pull-closer Bot closed this Mar 28, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade html-entities from 1.3.1 to 2.1.0#15

[Snyk] Upgrade html-entities from 1.3.1 to 2.1.0#15
snyk-bot wants to merge 1 commit intomasterfrom
snyk-upgrade-3b23b8fd8d64c6a3d74866f9eb2f7d58

snyk-bot commented Mar 28, 2021

Uh oh!

mistaken-pull-closer Bot commented Mar 28, 2021

Uh oh!

pull-dog Bot commented Mar 28, 2021 •

edited

Loading

Uh oh!

guardrails Bot commented Mar 28, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

snyk-bot commented Mar 28, 2021

Snyk has created this PR to upgrade html-entities from 1.3.1 to 2.1.0.

Uh oh!

mistaken-pull-closer Bot commented Mar 28, 2021

Uh oh!

pull-dog Bot commented Mar 28, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

guardrails Bot commented Mar 28, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

pull-dog Bot commented Mar 28, 2021 •

edited

Loading