Resolve deprecations/vulnerabilities frontend #625
Description
Summary
From time to time it's good to check for vulnerabilities and deprecations in our libraries.
Acceptance criteria:
- Run
yarn auditandyarn check— fix the easy wins. - For bigger issues, create separate stories or add comments.
Extra info:
At this time this is the result for yarn check:
yarn check
yarn check v1.22.22
warning "@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/unist@3.0.2"
warning "http-proxy-middleware#debug@^4.3.6" could be deduped from "4.4.3" to "debug@4.4.3"
error "react-json-view#react@^17.0.0 || ^16.3.0 || ^15.5.4" doesn't satisfy found match of "react@18.3.1"
error "react-json-view#react-dom@^17.0.0 || ^16.3.0 || ^15.5.4" doesn't satisfy found match of "react-dom@18.3.1"
warning Resolution field "semver@7.5.4" is incompatible with requested version "eslint-plugin-react#semver@^6.3.1"
warning "react-codemirror#prop-types@^15.5.4" could be deduped from "15.8.1" to "prop-types@15.8.1"
error "react-codemirror#react@>=15.5 <16" doesn't satisfy found match of "react@18.3.1"
error "react-codemirror#react-dom@>=15.5 <16" doesn't satisfy found match of "react-dom@18.3.1"
warning "react-copy-to-clipboard#prop-types@^15.5.8" could be deduped from "15.8.1" to "prop-types@15.8.1"
error "react-copy-to-clipboard#react@^15.3.0 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
error "react-highlight#react@^15.0.0 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
error "react-highlight#react-dom@^15.0.0 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "react-dom@18.3.1"
warning "react-json-pretty#prop-types@^15.6.2" could be deduped from "15.8.1" to "prop-types@15.8.1"
error "react-modal#react@^0.14.0 || ^15.0.0 || ^16 || ^17" doesn't satisfy found match of "react@18.3.1"
error "react-modal#react-dom@^0.14.0 || ^15.0.0 || ^16 || ^17" doesn't satisfy found match of "react-dom@18.3.1"
warning "react-select#prop-types@^15.6.0" could be deduped from "15.8.1" to "prop-types@15.8.1"
error "react-select#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
error "react-select#react-dom@^16.8.0 || ^17.0.0" doesn't satisfy found match of "react-dom@18.3.1"
error "vite#@types/node@^20.19.0 || >=22.12.0" doesn't satisfy found match of "@types/node@17.0.18"
warning Resolution field "yaml@2.3.1" is incompatible with requested version "vite#yaml@^2.4.2"
error "vitest#@types/node@^20.0.0 || ^22.0.0 || >=24.0.0" doesn't satisfy found match of "@types/node@17.0.18"
warning "eslint-plugin-react-hooks#@babel/core#debug@^4.1.0" could be deduped from "4.4.3" to "debug@4.4.3"
warning Resolution field "semver@7.5.4" is incompatible with requested version "eslint-plugin-react-hooks#@babel/core#semver@^6.3.1"
warning "react-select#@emotion/react#@emotion/serialize@^1.0.2" could be deduped from "1.1.3" to "@emotion/serialize@1.1.3"
error "react-json-view#flux#react@^15.0.2 || ^16.0.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
error "react-json-view#react-textarea-autosize#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
warning "react-select#react-transition-group#prop-types@^15.6.2" could be deduped from "15.8.1" to "prop-types@15.8.1"
warning "@babel/core#@babel/generator#@jridgewell/gen-mapping@^0.3.12" could be deduped from "0.3.13" to "@jridgewell/gen-mapping@0.3.13"
warning Resolution field "semver@7.5.4" is incompatible with requested version "@babel/core#@babel/helper-compilation-targets#semver@^6.3.1"
warning "@babel/core#@jridgewell/remapping#@jridgewell/gen-mapping@^0.3.5" could be deduped from "0.3.13" to "@jridgewell/gen-mapping@0.3.13"
warning "@types/babel__core#@types/babel__generator#@babel/types@^7.0.0" could be deduped from "7.29.0" to "@babel/types@7.29.0"
warning "@types/babel__core#@types/babel__template#@babel/parser@^7.1.0" could be deduped from "7.29.0" to "@babel/parser@7.29.0"
warning "@types/babel__core#@types/babel__template#@babel/types@^7.0.0" could be deduped from "7.29.0" to "@babel/types@7.29.0"
warning "@types/babel__core#@types/babel__traverse#@babel/types@^7.3.0" could be deduped from "7.29.0" to "@babel/types@7.29.0"
error "@uiw/react-markdown-preview#react-markdown#@types/react@>=18" doesn't satisfy found match of "@types/react@17.0.39"
error "react-textarea-autosize#use-composed-ref#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
error "react-textarea-autosize#use-latest#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
warning "@emotion/babel-plugin#@babel/helper-module-imports#@babel/types@^7.16.7" could be deduped from "7.29.0" to "@babel/types@7.29.0"
warning "@types/babel__generator#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/helper-validator-identifier@7.28.5"
warning "@types/babel__template#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/helper-validator-identifier@7.28.5"
warning "@types/babel__traverse#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/helper-validator-identifier@7.28.5"
warning "@jridgewell/remapping#@jridgewell/gen-mapping#@jridgewell/sourcemap-codec@^1.4.10" could be deduped from "1.4.15" to "@jridgewell/sourcemap-codec@1.4.15"
warning "refractor#@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/unist@3.0.2"
warning "remark-gfm#@types/mdast#@types/unist@*" could be deduped from "3.0.2" to "@types/unist@3.0.2"
error "use-latest#use-isomorphic-layout-effect#react@^16.8.0 || ^17.0.0" doesn't satisfy found match of "react@18.3.1"
warning "@babel/helper-module-imports#@babel/types#@babel/helper-validator-identifier@^7.16.7" could be deduped from "7.28.5" to "@babel/helper-validator-identifier@7.28.5"
warning "hastscript#@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/unist@3.0.2"
warning Resolution field "yaml@2.3.1" is incompatible with requested version "babel-plugin-macros#cosmiconfig#yaml@^1.10.0"
warning "babel-plugin-macros#resolve#is-core-module@^2.8.1" could be deduped from "2.16.1" to "is-core-module@2.16.1"
warning "mdast-util-mdx-expression#@types/estree-jsx#@types/estree@*" could be deduped from "1.0.5" to "@types/estree@1.0.5"
warning "hast-util-parse-selector#@types/hast#@types/unist@*" could be deduped from "3.0.2" to "@types/unist@3.0.2"
warning "mdast-util-from-markdown#micromark#debug@^4.0.0" could be deduped from "4.4.3" to "debug@4.4.3"
warning "cosmiconfig#parse-json#@babel/code-frame@^7.0.0" could be deduped from "7.29.0" to "@babel/code-frame@7.29.0"
warning "babel-plugin-macros#is-core-module#has#function-bind@^1.1.1" could be deduped from "1.1.2" to "function-bind@1.1.2"
warning "parse-json#@babel/code-frame#@babel/highlight#@babel/helper-validator-identifier@^7.10.4" could be deduped from "7.28.5" to "@babel/helper-validator-identifier@7.28.5"
info Found 36 warnings.
error Found 19 errors.
info Visit https://yarnpkg.com/en/docs/cli/check for documentation about this command.
At this time this is the result for yarn audit:
yarn audit
yarn audit v1.22.22
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ eslint > minimatch > brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ eslint > @eslint/config-array > minimatch > brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ jsondiffpatch is vulnerable to Cross-site Scripting (XSS) │
│ │ via HtmlFormatter::nodeBegin │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ jsondiffpatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.7.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jsondiffpatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ jsondiffpatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1108189 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > yargs > string-width > strip-ansi > │
│ │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1094092 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > yargs > cliui > string-width > │
│ │ strip-ansi > ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1094092 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > yargs > cliui > wrap-ansi > │
│ │ string-width > strip-ansi > ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1094092 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ node-fetch forwards secure headers to untrusted sites │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node-fetch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.6.7 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-codemirror │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-codemirror > create-react-class > fbjs > │
│ │ isomorphic-fetch > node-fetch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1095073 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > ejs > jake > minimatch > │
│ │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > ejs > jake > filelist > minimatch > │
│ │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105444 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ brace-expansion Regular Expression Denial of Service │
│ │ vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ source-map-explorer > temp > rimraf > glob > minimatch > │
│ │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1105443 │
└───────────────┴──────────────────────────────────────────────────────────────┘
10 vulnerabilities found - Packages audited: 760
Severity: 5 Low | 1 Moderate | 4 High
✨ Done in 0.55s.