From 7c700ef79074ad79e7336c8107a1331bdfbf34dd Mon Sep 17 00:00:00 2001
From: kryswisnaskas <krystyna.wisnaskas@gmail.com>
Date: Fri, 25 Jun 2021 14:44:31 -0400
Subject: [PATCH] audit vulnerabilities

---
 frontend/yarn-audit-known-issues | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/yarn-audit-known-issues b/frontend/yarn-audit-known-issues
index 4576e539ef..be2fe95651 100644
--- a/frontend/yarn-audit-known-issues
+++ b/frontend/yarn-audit-known-issues
@@ -76,6 +76,7 @@
 {"type":"auditAdvisory","data":{"resolution":{"id":1693,"path":"react-scripts>postcss-preset-env>postcss-replace-overflow-wrap>postcss","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.0.35","paths":["react-scripts>css-loader>icss-utils>postcss","react-scripts>css-loader>postcss-modules-local-by-default>icss-utils>postcss","react-scripts>css-loader>postcss-modules-values>icss-utils>postcss","react-scripts>css-loader>postcss","react-scripts>css-loader>postcss-modules-extract-imports>postcss","react-scripts>css-loader>postcss-modules-local-by-default>postcss","react-scripts>css-loader>postcss-modules-scope>postcss","react-scripts>css-loader>postcss-modules-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>css-declaration-sorter>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>cssnano-util-raw-cache>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-calc>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-colormin>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-convert-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-comments>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-duplicates>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-empty>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-overridden>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>stylehacks>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-rules>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-font-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-gradients>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-params>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-charset>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-display-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-positions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-repeat-style>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-string>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-timing-functions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-unicode>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-url>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-whitespace>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-ordered-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-initial>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-transforms>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-unique-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>postcss","react-scripts>postcss-flexbugs-fixes>postcss","react-scripts>postcss-loader>postcss","react-scripts>postcss-normalize>postcss","react-scripts>postcss-normalize>postcss-browser-comments>postcss","react-scripts>postcss-preset-env>autoprefixer>postcss","react-scripts>postcss-preset-env>css-blank-pseudo>postcss","react-scripts>postcss-preset-env>css-has-pseudo>postcss","react-scripts>postcss-preset-env>css-prefers-color-scheme>postcss","react-scripts>postcss-preset-env>postcss","react-scripts>postcss-preset-env>postcss-attribute-case-insensitive>postcss","react-scripts>postcss-preset-env>postcss-color-functional-notation>postcss","react-scripts>postcss-preset-env>postcss-color-gray>postcss","react-scripts>postcss-preset-env>postcss-color-hex-alpha>postcss","react-scripts>postcss-preset-env>postcss-color-mod-function>postcss","react-scripts>postcss-preset-env>postcss-color-rebeccapurple>postcss","react-scripts>postcss-preset-env>postcss-custom-media>postcss","react-scripts>postcss-preset-env>postcss-custom-properties>postcss","react-scripts>postcss-preset-env>postcss-custom-selectors>postcss","react-scripts>postcss-preset-env>postcss-dir-pseudo-class>postcss","react-scripts>postcss-preset-env>postcss-double-position-gradients>postcss","react-scripts>postcss-preset-env>postcss-env-function>postcss","react-scripts>postcss-preset-env>postcss-focus-visible>postcss","react-scripts>postcss-preset-env>postcss-focus-within>postcss","react-scripts>postcss-preset-env>postcss-font-variant>postcss","react-scripts>postcss-preset-env>postcss-gap-properties>postcss","react-scripts>postcss-preset-env>postcss-image-set-function>postcss","react-scripts>postcss-preset-env>postcss-initial>postcss","react-scripts>postcss-preset-env>postcss-lab-function>postcss","react-scripts>postcss-preset-env>postcss-logical>postcss","react-scripts>postcss-preset-env>postcss-media-minmax>postcss","react-scripts>postcss-preset-env>postcss-nesting>postcss","react-scripts>postcss-preset-env>postcss-overflow-shorthand>postcss","react-scripts>postcss-preset-env>postcss-page-break>postcss","react-scripts>postcss-preset-env>postcss-place>postcss","react-scripts>postcss-preset-env>postcss-pseudo-class-any-link>postcss","react-scripts>postcss-preset-env>postcss-replace-overflow-wrap>postcss","react-scripts>postcss-preset-env>postcss-selector-matches>postcss","react-scripts>postcss-preset-env>postcss-selector-not>postcss"]},{"version":"7.0.21","paths":["react-scripts>resolve-url-loader>postcss"]}],"id":1693,"created":"2021-05-10T15:38:31.238Z","updated":"2021-06-15T15:09:38.963Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"postcss","cves":["CVE-2021-23368"],"vulnerable_versions":">=7.0.0 <7.0.36 || >=8.0.0 <8.2.10","patched_versions":">=7.0.36 <8.0.0 || >=8.2.10","overview":"`postcss` from 7.0.0 and before version 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.","recommendation":"Upgrade to version 8.2.10 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-23368)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1693"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1693,"path":"react-scripts>postcss-preset-env>postcss-selector-matches>postcss","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.0.35","paths":["react-scripts>css-loader>icss-utils>postcss","react-scripts>css-loader>postcss-modules-local-by-default>icss-utils>postcss","react-scripts>css-loader>postcss-modules-values>icss-utils>postcss","react-scripts>css-loader>postcss","react-scripts>css-loader>postcss-modules-extract-imports>postcss","react-scripts>css-loader>postcss-modules-local-by-default>postcss","react-scripts>css-loader>postcss-modules-scope>postcss","react-scripts>css-loader>postcss-modules-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>css-declaration-sorter>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>cssnano-util-raw-cache>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-calc>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-colormin>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-convert-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-comments>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-duplicates>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-empty>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-overridden>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>stylehacks>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-rules>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-font-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-gradients>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-params>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-charset>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-display-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-positions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-repeat-style>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-string>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-timing-functions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-unicode>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-url>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-whitespace>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-ordered-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-initial>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-transforms>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-unique-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>postcss","react-scripts>postcss-flexbugs-fixes>postcss","react-scripts>postcss-loader>postcss","react-scripts>postcss-normalize>postcss","react-scripts>postcss-normalize>postcss-browser-comments>postcss","react-scripts>postcss-preset-env>autoprefixer>postcss","react-scripts>postcss-preset-env>css-blank-pseudo>postcss","react-scripts>postcss-preset-env>css-has-pseudo>postcss","react-scripts>postcss-preset-env>css-prefers-color-scheme>postcss","react-scripts>postcss-preset-env>postcss","react-scripts>postcss-preset-env>postcss-attribute-case-insensitive>postcss","react-scripts>postcss-preset-env>postcss-color-functional-notation>postcss","react-scripts>postcss-preset-env>postcss-color-gray>postcss","react-scripts>postcss-preset-env>postcss-color-hex-alpha>postcss","react-scripts>postcss-preset-env>postcss-color-mod-function>postcss","react-scripts>postcss-preset-env>postcss-color-rebeccapurple>postcss","react-scripts>postcss-preset-env>postcss-custom-media>postcss","react-scripts>postcss-preset-env>postcss-custom-properties>postcss","react-scripts>postcss-preset-env>postcss-custom-selectors>postcss","react-scripts>postcss-preset-env>postcss-dir-pseudo-class>postcss","react-scripts>postcss-preset-env>postcss-double-position-gradients>postcss","react-scripts>postcss-preset-env>postcss-env-function>postcss","react-scripts>postcss-preset-env>postcss-focus-visible>postcss","react-scripts>postcss-preset-env>postcss-focus-within>postcss","react-scripts>postcss-preset-env>postcss-font-variant>postcss","react-scripts>postcss-preset-env>postcss-gap-properties>postcss","react-scripts>postcss-preset-env>postcss-image-set-function>postcss","react-scripts>postcss-preset-env>postcss-initial>postcss","react-scripts>postcss-preset-env>postcss-lab-function>postcss","react-scripts>postcss-preset-env>postcss-logical>postcss","react-scripts>postcss-preset-env>postcss-media-minmax>postcss","react-scripts>postcss-preset-env>postcss-nesting>postcss","react-scripts>postcss-preset-env>postcss-overflow-shorthand>postcss","react-scripts>postcss-preset-env>postcss-page-break>postcss","react-scripts>postcss-preset-env>postcss-place>postcss","react-scripts>postcss-preset-env>postcss-pseudo-class-any-link>postcss","react-scripts>postcss-preset-env>postcss-replace-overflow-wrap>postcss","react-scripts>postcss-preset-env>postcss-selector-matches>postcss","react-scripts>postcss-preset-env>postcss-selector-not>postcss"]},{"version":"7.0.21","paths":["react-scripts>resolve-url-loader>postcss"]}],"id":1693,"created":"2021-05-10T15:38:31.238Z","updated":"2021-06-15T15:09:38.963Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"postcss","cves":["CVE-2021-23368"],"vulnerable_versions":">=7.0.0 <7.0.36 || >=8.0.0 <8.2.10","patched_versions":">=7.0.36 <8.0.0 || >=8.2.10","overview":"`postcss` from 7.0.0 and before version 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.","recommendation":"Upgrade to version 8.2.10 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-23368)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1693"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1693,"path":"react-scripts>postcss-preset-env>postcss-selector-not>postcss","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.0.35","paths":["react-scripts>css-loader>icss-utils>postcss","react-scripts>css-loader>postcss-modules-local-by-default>icss-utils>postcss","react-scripts>css-loader>postcss-modules-values>icss-utils>postcss","react-scripts>css-loader>postcss","react-scripts>css-loader>postcss-modules-extract-imports>postcss","react-scripts>css-loader>postcss-modules-local-by-default>postcss","react-scripts>css-loader>postcss-modules-scope>postcss","react-scripts>css-loader>postcss-modules-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>css-declaration-sorter>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>cssnano-util-raw-cache>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-calc>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-colormin>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-convert-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-comments>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-duplicates>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-empty>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-overridden>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>stylehacks>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-rules>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-font-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-gradients>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-params>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-charset>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-display-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-positions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-repeat-style>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-string>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-timing-functions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-unicode>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-url>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-whitespace>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-ordered-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-initial>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-transforms>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-unique-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>postcss","react-scripts>postcss-flexbugs-fixes>postcss","react-scripts>postcss-loader>postcss","react-scripts>postcss-normalize>postcss","react-scripts>postcss-normalize>postcss-browser-comments>postcss","react-scripts>postcss-preset-env>autoprefixer>postcss","react-scripts>postcss-preset-env>css-blank-pseudo>postcss","react-scripts>postcss-preset-env>css-has-pseudo>postcss","react-scripts>postcss-preset-env>css-prefers-color-scheme>postcss","react-scripts>postcss-preset-env>postcss","react-scripts>postcss-preset-env>postcss-attribute-case-insensitive>postcss","react-scripts>postcss-preset-env>postcss-color-functional-notation>postcss","react-scripts>postcss-preset-env>postcss-color-gray>postcss","react-scripts>postcss-preset-env>postcss-color-hex-alpha>postcss","react-scripts>postcss-preset-env>postcss-color-mod-function>postcss","react-scripts>postcss-preset-env>postcss-color-rebeccapurple>postcss","react-scripts>postcss-preset-env>postcss-custom-media>postcss","react-scripts>postcss-preset-env>postcss-custom-properties>postcss","react-scripts>postcss-preset-env>postcss-custom-selectors>postcss","react-scripts>postcss-preset-env>postcss-dir-pseudo-class>postcss","react-scripts>postcss-preset-env>postcss-double-position-gradients>postcss","react-scripts>postcss-preset-env>postcss-env-function>postcss","react-scripts>postcss-preset-env>postcss-focus-visible>postcss","react-scripts>postcss-preset-env>postcss-focus-within>postcss","react-scripts>postcss-preset-env>postcss-font-variant>postcss","react-scripts>postcss-preset-env>postcss-gap-properties>postcss","react-scripts>postcss-preset-env>postcss-image-set-function>postcss","react-scripts>postcss-preset-env>postcss-initial>postcss","react-scripts>postcss-preset-env>postcss-lab-function>postcss","react-scripts>postcss-preset-env>postcss-logical>postcss","react-scripts>postcss-preset-env>postcss-media-minmax>postcss","react-scripts>postcss-preset-env>postcss-nesting>postcss","react-scripts>postcss-preset-env>postcss-overflow-shorthand>postcss","react-scripts>postcss-preset-env>postcss-page-break>postcss","react-scripts>postcss-preset-env>postcss-place>postcss","react-scripts>postcss-preset-env>postcss-pseudo-class-any-link>postcss","react-scripts>postcss-preset-env>postcss-replace-overflow-wrap>postcss","react-scripts>postcss-preset-env>postcss-selector-matches>postcss","react-scripts>postcss-preset-env>postcss-selector-not>postcss"]},{"version":"7.0.21","paths":["react-scripts>resolve-url-loader>postcss"]}],"id":1693,"created":"2021-05-10T15:38:31.238Z","updated":"2021-06-15T15:09:38.963Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"postcss","cves":["CVE-2021-23368"],"vulnerable_versions":">=7.0.0 <7.0.36 || >=8.0.0 <8.2.10","patched_versions":">=7.0.36 <8.0.0 || >=8.2.10","overview":"`postcss` from 7.0.0 and before version 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.","recommendation":"Upgrade to version 8.2.10 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-23368)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1693"}}}
+{"type":"auditAdvisory","data":{"resolution":{"id":1693,"path":"react-scripts>resolve-url-loader>postcss","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.0.35","paths":["react-scripts>css-loader>icss-utils>postcss","react-scripts>css-loader>postcss-modules-local-by-default>icss-utils>postcss","react-scripts>css-loader>postcss-modules-values>icss-utils>postcss","react-scripts>css-loader>postcss","react-scripts>css-loader>postcss-modules-extract-imports>postcss","react-scripts>css-loader>postcss-modules-local-by-default>postcss","react-scripts>css-loader>postcss-modules-scope>postcss","react-scripts>css-loader>postcss-modules-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>css-declaration-sorter>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>cssnano-util-raw-cache>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-calc>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-colormin>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-convert-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-comments>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-duplicates>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-empty>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-overridden>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>stylehacks>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-rules>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-font-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-gradients>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-params>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-charset>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-display-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-positions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-repeat-style>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-string>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-timing-functions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-unicode>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-url>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-whitespace>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-ordered-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-initial>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-transforms>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-unique-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>postcss","react-scripts>postcss-flexbugs-fixes>postcss","react-scripts>postcss-loader>postcss","react-scripts>postcss-normalize>postcss","react-scripts>postcss-normalize>postcss-browser-comments>postcss","react-scripts>postcss-preset-env>autoprefixer>postcss","react-scripts>postcss-preset-env>css-blank-pseudo>postcss","react-scripts>postcss-preset-env>css-has-pseudo>postcss","react-scripts>postcss-preset-env>css-prefers-color-scheme>postcss","react-scripts>postcss-preset-env>postcss","react-scripts>postcss-preset-env>postcss-attribute-case-insensitive>postcss","react-scripts>postcss-preset-env>postcss-color-functional-notation>postcss","react-scripts>postcss-preset-env>postcss-color-gray>postcss","react-scripts>postcss-preset-env>postcss-color-hex-alpha>postcss","react-scripts>postcss-preset-env>postcss-color-mod-function>postcss","react-scripts>postcss-preset-env>postcss-color-rebeccapurple>postcss","react-scripts>postcss-preset-env>postcss-custom-media>postcss","react-scripts>postcss-preset-env>postcss-custom-properties>postcss","react-scripts>postcss-preset-env>postcss-custom-selectors>postcss","react-scripts>postcss-preset-env>postcss-dir-pseudo-class>postcss","react-scripts>postcss-preset-env>postcss-double-position-gradients>postcss","react-scripts>postcss-preset-env>postcss-env-function>postcss","react-scripts>postcss-preset-env>postcss-focus-visible>postcss","react-scripts>postcss-preset-env>postcss-focus-within>postcss","react-scripts>postcss-preset-env>postcss-font-variant>postcss","react-scripts>postcss-preset-env>postcss-gap-properties>postcss","react-scripts>postcss-preset-env>postcss-image-set-function>postcss","react-scripts>postcss-preset-env>postcss-initial>postcss","react-scripts>postcss-preset-env>postcss-lab-function>postcss","react-scripts>postcss-preset-env>postcss-logical>postcss","react-scripts>postcss-preset-env>postcss-media-minmax>postcss","react-scripts>postcss-preset-env>postcss-nesting>postcss","react-scripts>postcss-preset-env>postcss-overflow-shorthand>postcss","react-scripts>postcss-preset-env>postcss-page-break>postcss","react-scripts>postcss-preset-env>postcss-place>postcss","react-scripts>postcss-preset-env>postcss-pseudo-class-any-link>postcss","react-scripts>postcss-preset-env>postcss-replace-overflow-wrap>postcss","react-scripts>postcss-preset-env>postcss-selector-matches>postcss","react-scripts>postcss-preset-env>postcss-selector-not>postcss"]},{"version":"7.0.21","paths":["react-scripts>resolve-url-loader>postcss"]}],"id":1693,"created":"2021-05-10T15:38:31.238Z","updated":"2021-06-15T15:09:38.963Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"postcss","cves":["CVE-2021-23368"],"vulnerable_versions":">=7.0.0 <7.0.36 || >=8.0.0 <8.2.10","patched_versions":">=7.0.36 <8.0.0 || >=8.2.10","overview":"`postcss` from 7.0.0 and before version 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.","recommendation":"Upgrade to version 8.2.10 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-23368)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1693"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1748,"path":"react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.4.5","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jsdom>ws"]},{"version":"6.2.1","paths":["react-scripts>webpack-dev-server>ws"]}],"id":1748,"created":"2021-05-28T19:31:06.490Z","updated":"2021-06-10T23:01:46.443Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"ws","cves":["CVE-2021-32640"],"vulnerable_versions":">=5.0.0 <5.2.3 || >=6.0.0 <6.2.2 || >=7.0.0 <7.4.6","patched_versions":">=5.2.3 <6.0.0 || >=6.2.2 <7.0.0 || >=7.4.6","overview":"In `ws` before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability.\n\n### Impact\n\nA specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server.\n\n### Proof of concept\n\n```js\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\n  const value = 'b' + ' '.repeat(length) + 'x';\n  const start = process.hrtime.bigint();\n\n  value.trim().split(/ *, */);\n\n  const end = process.hrtime.bigint();\n\n  console.log('length = %d, time = %f ns', length, end - start);\n}\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.\n\n### Credits\n\nThe vulnerability was responsibly disclosed along with a fix in private by [Robert McLaughlin](https://github.com/robmcl4) from University of California, Santa Barbara.\n","recommendation":"Upgrade to version 5.2.3 or 6.2.2 or 7.4.6 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-32640)\n- [GitHub Advisory](https://github.com/advisories/GHSA-6fc8-4gx4-v693)","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1748"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1748,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.4.5","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jsdom>ws"]},{"version":"6.2.1","paths":["react-scripts>webpack-dev-server>ws"]}],"id":1748,"created":"2021-05-28T19:31:06.490Z","updated":"2021-06-10T23:01:46.443Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"ws","cves":["CVE-2021-32640"],"vulnerable_versions":">=5.0.0 <5.2.3 || >=6.0.0 <6.2.2 || >=7.0.0 <7.4.6","patched_versions":">=5.2.3 <6.0.0 || >=6.2.2 <7.0.0 || >=7.4.6","overview":"In `ws` before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability.\n\n### Impact\n\nA specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server.\n\n### Proof of concept\n\n```js\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\n  const value = 'b' + ' '.repeat(length) + 'x';\n  const start = process.hrtime.bigint();\n\n  value.trim().split(/ *, */);\n\n  const end = process.hrtime.bigint();\n\n  console.log('length = %d, time = %f ns', length, end - start);\n}\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.\n\n### Credits\n\nThe vulnerability was responsibly disclosed along with a fix in private by [Robert McLaughlin](https://github.com/robmcl4) from University of California, Santa Barbara.\n","recommendation":"Upgrade to version 5.2.3 or 6.2.2 or 7.4.6 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-32640)\n- [GitHub Advisory](https://github.com/advisories/GHSA-6fc8-4gx4-v693)","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1748"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1748,"path":"react-scripts>jest>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.4.5","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jsdom>ws"]},{"version":"6.2.1","paths":["react-scripts>webpack-dev-server>ws"]}],"id":1748,"created":"2021-05-28T19:31:06.490Z","updated":"2021-06-10T23:01:46.443Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"ws","cves":["CVE-2021-32640"],"vulnerable_versions":">=5.0.0 <5.2.3 || >=6.0.0 <6.2.2 || >=7.0.0 <7.4.6","patched_versions":">=5.2.3 <6.0.0 || >=6.2.2 <7.0.0 || >=7.4.6","overview":"In `ws` before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability.\n\n### Impact\n\nA specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server.\n\n### Proof of concept\n\n```js\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\n  const value = 'b' + ' '.repeat(length) + 'x';\n  const start = process.hrtime.bigint();\n\n  value.trim().split(/ *, */);\n\n  const end = process.hrtime.bigint();\n\n  console.log('length = %d, time = %f ns', length, end - start);\n}\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.\n\n### Credits\n\nThe vulnerability was responsibly disclosed along with a fix in private by [Robert McLaughlin](https://github.com/robmcl4) from University of California, Santa Barbara.\n","recommendation":"Upgrade to version 5.2.3 or 6.2.2 or 7.4.6 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-32640)\n- [GitHub Advisory](https://github.com/advisories/GHSA-6fc8-4gx4-v693)","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1748"}}}
@@ -89,7 +90,6 @@
 {"type":"auditAdvisory","data":{"resolution":{"id":1748,"path":"react-scripts>jest-circus>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.4.5","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jsdom>ws"]},{"version":"6.2.1","paths":["react-scripts>webpack-dev-server>ws"]}],"id":1748,"created":"2021-05-28T19:31:06.490Z","updated":"2021-06-10T23:01:46.443Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"ws","cves":["CVE-2021-32640"],"vulnerable_versions":">=5.0.0 <5.2.3 || >=6.0.0 <6.2.2 || >=7.0.0 <7.4.6","patched_versions":">=5.2.3 <6.0.0 || >=6.2.2 <7.0.0 || >=7.4.6","overview":"In `ws` before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability.\n\n### Impact\n\nA specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server.\n\n### Proof of concept\n\n```js\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\n  const value = 'b' + ' '.repeat(length) + 'x';\n  const start = process.hrtime.bigint();\n\n  value.trim().split(/ *, */);\n\n  const end = process.hrtime.bigint();\n\n  console.log('length = %d, time = %f ns', length, end - start);\n}\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.\n\n### Credits\n\nThe vulnerability was responsibly disclosed along with a fix in private by [Robert McLaughlin](https://github.com/robmcl4) from University of California, Santa Barbara.\n","recommendation":"Upgrade to version 5.2.3 or 6.2.2 or 7.4.6 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-32640)\n- [GitHub Advisory](https://github.com/advisories/GHSA-6fc8-4gx4-v693)","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1748"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1748,"path":"react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jsdom>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.4.5","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jsdom>ws"]},{"version":"6.2.1","paths":["react-scripts>webpack-dev-server>ws"]}],"id":1748,"created":"2021-05-28T19:31:06.490Z","updated":"2021-06-10T23:01:46.443Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"ws","cves":["CVE-2021-32640"],"vulnerable_versions":">=5.0.0 <5.2.3 || >=6.0.0 <6.2.2 || >=7.0.0 <7.4.6","patched_versions":">=5.2.3 <6.0.0 || >=6.2.2 <7.0.0 || >=7.4.6","overview":"In `ws` before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability.\n\n### Impact\n\nA specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server.\n\n### Proof of concept\n\n```js\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\n  const value = 'b' + ' '.repeat(length) + 'x';\n  const start = process.hrtime.bigint();\n\n  value.trim().split(/ *, */);\n\n  const end = process.hrtime.bigint();\n\n  console.log('length = %d, time = %f ns', length, end - start);\n}\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.\n\n### Credits\n\nThe vulnerability was responsibly disclosed along with a fix in private by [Robert McLaughlin](https://github.com/robmcl4) from University of California, Santa Barbara.\n","recommendation":"Upgrade to version 5.2.3 or 6.2.2 or 7.4.6 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-32640)\n- [GitHub Advisory](https://github.com/advisories/GHSA-6fc8-4gx4-v693)","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1748"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1754,"path":"react-scripts>html-webpack-plugin>pretty-error>renderkid>css-select>css-what","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.4.2","paths":["react-scripts>@svgr/webpack>@svgr/plugin-svgo>svgo>css-select>css-what","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>svgo>css-select>css-what","react-scripts>html-webpack-plugin>pretty-error>renderkid>css-select>css-what"]}],"id":1754,"created":"2021-06-07T22:13:06.506Z","updated":"2021-06-07T22:21:16.027Z","deleted":null,"title":"Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"css-what","cves":["CVE-2021-33587"],"vulnerable_versions":"<5.0.1","patched_versions":">=5.0.1","overview":"`css-what` before 5.0.1 does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.","recommendation":"Upgrade to version 5.0.1 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-33587)\n- [GitHub Advisory](https://github.com/advisories/GHSA-q8pj-2vqx-8ggc)\n","access":"public","severity":"high","cwe":"CWE-400","metadata":{"module_type":"","exploitability":7,"affected_components":""},"url":"https://npmjs.com/advisories/1754"}}}
-{"type":"auditAdvisory","data":{"resolution":{"id":1693,"path":"react-scripts>resolve-url-loader>postcss","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.0.35","paths":["react-scripts>css-loader>icss-utils>postcss","react-scripts>css-loader>postcss-modules-local-by-default>icss-utils>postcss","react-scripts>css-loader>postcss-modules-values>icss-utils>postcss","react-scripts>css-loader>postcss","react-scripts>css-loader>postcss-modules-extract-imports>postcss","react-scripts>css-loader>postcss-modules-local-by-default>postcss","react-scripts>css-loader>postcss-modules-scope>postcss","react-scripts>css-loader>postcss-modules-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>css-declaration-sorter>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>cssnano-util-raw-cache>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-calc>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-colormin>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-convert-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-comments>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-duplicates>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-empty>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-discard-overridden>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-longhand>stylehacks>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-merge-rules>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-font-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-gradients>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-params>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-minify-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-charset>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-display-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-positions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-repeat-style>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-string>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-timing-functions>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-unicode>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-url>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-normalize-whitespace>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-ordered-values>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-initial>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-reduce-transforms>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>cssnano-preset-default>postcss-unique-selectors>postcss","react-scripts>optimize-css-assets-webpack-plugin>cssnano>postcss","react-scripts>postcss-flexbugs-fixes>postcss","react-scripts>postcss-loader>postcss","react-scripts>postcss-normalize>postcss","react-scripts>postcss-normalize>postcss-browser-comments>postcss","react-scripts>postcss-preset-env>autoprefixer>postcss","react-scripts>postcss-preset-env>css-blank-pseudo>postcss","react-scripts>postcss-preset-env>css-has-pseudo>postcss","react-scripts>postcss-preset-env>css-prefers-color-scheme>postcss","react-scripts>postcss-preset-env>postcss","react-scripts>postcss-preset-env>postcss-attribute-case-insensitive>postcss","react-scripts>postcss-preset-env>postcss-color-functional-notation>postcss","react-scripts>postcss-preset-env>postcss-color-gray>postcss","react-scripts>postcss-preset-env>postcss-color-hex-alpha>postcss","react-scripts>postcss-preset-env>postcss-color-mod-function>postcss","react-scripts>postcss-preset-env>postcss-color-rebeccapurple>postcss","react-scripts>postcss-preset-env>postcss-custom-media>postcss","react-scripts>postcss-preset-env>postcss-custom-properties>postcss","react-scripts>postcss-preset-env>postcss-custom-selectors>postcss","react-scripts>postcss-preset-env>postcss-dir-pseudo-class>postcss","react-scripts>postcss-preset-env>postcss-double-position-gradients>postcss","react-scripts>postcss-preset-env>postcss-env-function>postcss","react-scripts>postcss-preset-env>postcss-focus-visible>postcss","react-scripts>postcss-preset-env>postcss-focus-within>postcss","react-scripts>postcss-preset-env>postcss-font-variant>postcss","react-scripts>postcss-preset-env>postcss-gap-properties>postcss","react-scripts>postcss-preset-env>postcss-image-set-function>postcss","react-scripts>postcss-preset-env>postcss-initial>postcss","react-scripts>postcss-preset-env>postcss-lab-function>postcss","react-scripts>postcss-preset-env>postcss-logical>postcss","react-scripts>postcss-preset-env>postcss-media-minmax>postcss","react-scripts>postcss-preset-env>postcss-nesting>postcss","react-scripts>postcss-preset-env>postcss-overflow-shorthand>postcss","react-scripts>postcss-preset-env>postcss-page-break>postcss","react-scripts>postcss-preset-env>postcss-place>postcss","react-scripts>postcss-preset-env>postcss-pseudo-class-any-link>postcss","react-scripts>postcss-preset-env>postcss-replace-overflow-wrap>postcss","react-scripts>postcss-preset-env>postcss-selector-matches>postcss","react-scripts>postcss-preset-env>postcss-selector-not>postcss"]},{"version":"7.0.21","paths":["react-scripts>resolve-url-loader>postcss"]}],"id":1693,"created":"2021-05-10T15:38:31.238Z","updated":"2021-06-15T15:09:38.963Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"postcss","cves":["CVE-2021-23368"],"vulnerable_versions":">=7.0.0 <7.0.36 || >=8.0.0 <8.2.10","patched_versions":">=7.0.36 <8.0.0 || >=8.2.10","overview":"`postcss` from 7.0.0 and before version 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.","recommendation":"Upgrade to version 8.2.10 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-23368)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1693"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1747,"path":"react-scripts>react-dev-utils>browserslist","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.14.2","paths":["react-scripts>react-dev-utils>browserslist"]}],"id":1747,"created":"2021-05-24T19:56:39.062Z","updated":"2021-05-24T19:59:05.419Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"browserslist","cves":["CVE-2021-23364"],"vulnerable_versions":">=4.0.0 <4.16.5","patched_versions":">=4.16.5","overview":"The package `browserslist` from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.","recommendation":"Upgrade to version 4.16.5 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-23364)\n- [GitHub Advisory](https://github.com/advisories/GHSA-w8qv-6jwh-64r5)\n","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1747"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1748,"path":"react-scripts>webpack-dev-server>ws","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"7.4.5","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>@jest/core>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest-circus>jest-runtime>jest-config>jest-environment-jsdom>jsdom>ws","react-scripts>jest>jest-cli>jest-config>jest-environment-jsdom>jsdom>ws"]},{"version":"6.2.1","paths":["react-scripts>webpack-dev-server>ws"]}],"id":1748,"created":"2021-05-28T19:31:06.490Z","updated":"2021-06-10T23:01:46.443Z","deleted":null,"title":"Regular Expression Denial of Service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"ws","cves":["CVE-2021-32640"],"vulnerable_versions":">=5.0.0 <5.2.3 || >=6.0.0 <6.2.2 || >=7.0.0 <7.4.6","patched_versions":">=5.2.3 <6.0.0 || >=6.2.2 <7.0.0 || >=7.4.6","overview":"In `ws` before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability.\n\n### Impact\n\nA specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server.\n\n### Proof of concept\n\n```js\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\n  const value = 'b' + ' '.repeat(length) + 'x';\n  const start = process.hrtime.bigint();\n\n  value.trim().split(/ *, */);\n\n  const end = process.hrtime.bigint();\n\n  console.log('length = %d, time = %f ns', length, end - start);\n}\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).\n\n### Workarounds\n\nIn vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.\n\n### Credits\n\nThe vulnerability was responsibly disclosed along with a fix in private by [Robert McLaughlin](https://github.com/robmcl4) from University of California, Santa Barbara.\n","recommendation":"Upgrade to version 5.2.3 or 6.2.2 or 7.4.6 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-32640)\n- [GitHub Advisory](https://github.com/advisories/GHSA-6fc8-4gx4-v693)","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1748"}}}
 {"type":"auditAdvisory","data":{"resolution":{"id":1751,"path":"react-scripts>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.1.0","paths":["react-scripts>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent","react-scripts>webpack-dev-server>chokidar>glob-parent"]}],"id":1751,"created":"2021-06-07T21:57:10.135Z","updated":"2021-06-07T21:58:07.745Z","deleted":null,"title":"Regular expression denial of service","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"glob-parent","cves":["CVE-2020-28469"],"vulnerable_versions":"<5.1.2","patched_versions":">=5.1.2","overview":"`glob-parent` before 5.1.2 has a regular expression denial of service vulnerability. The enclosure regex used to check for strings ending in enclosure containing path separator.","recommendation":"Upgrade to version 5.1.2 or later","references":"- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2020-28469)\n- [GitHub Advisory](https://github.com/advisories/GHSA-ww39-953v-wcq6)\n","access":"public","severity":"moderate","cwe":"CWE-400","metadata":{"module_type":"","exploitability":5,"affected_components":""},"url":"https://npmjs.com/advisories/1751"}}}