Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade semantic-ui from 2.2.6 to 2.5.0 #2

Merged
merged 1 commit into from
Oct 6, 2024

Conversation

brownspy1
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade semantic-ui from 2.2.6 to 2.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 16 versions ahead of your current version.

  • The recommended version was released on 2 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-LODASH-450202
686 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086
686 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
686 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-73638
686 Proof of Concept
high severity Prototype Pollution
SNYK-JS-AJV-584908
686 No Known Exploit
high severity Code Injection
SNYK-JS-LODASH-1040724
686 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-450202
686 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086
686 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388
686 No Known Exploit
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
686 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
686 No Known Exploit
high severity Prototype Pollution
SNYK-JS-LODASH-73638
686 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852
686 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388
686 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
686 No Known Exploit
high severity Code Injection
SNYK-JS-LODASH-1040724
686 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
686 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042
686 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639
686 Proof of Concept
medium severity Prototype Pollution
npm:lodash:20180130
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
686 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639
686 Proof of Concept
medium severity Prototype Pollution
npm:lodash:20180130
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
686 Proof of Concept
medium severity Command Injection
SNYK-JS-NODENOTIFIER-1035794
686 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281
686 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
686 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692
686 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
686 Proof of Concept
medium severity Cross-site Scripting (XSS)
npm:semantic-ui:20170130
686 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
686 No Known Exploit
medium severity Prototype Pollution
npm:hoek:20180212
686 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:braces:20180219
686 Proof of Concept
critical severity Authentication Bypass
SNYK-JS-HAWK-6969142
686 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
686 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692
686 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
686 No Known Exploit
Release notes
Package name: semantic-ui
  • 2.5.0 - 2022-10-06

    Version 2.5.0 - Oct 6, 2022

    Note

    Special Note: If you run into any breaking changes with Gulp 4. Please reach out to me at [email protected] with bug reports

    Critical Fix

    Breaking Changes

    • Gulp - Updated all tasks to work with Gulp 4. This should fix SUI to install correctly on Node 12 or greater (see Gulp3 Issue for more details)
    • Node - Updated scripts to build in Node 18 via vanilla install.

    Build

    • Theme - Allow site's global site theme to be missing #6876 Thanks @ cruzdanillo
    • Meteor - Fix issue with misuse of api.addAssets #6790 Thanks @ gimco
    • Gulp - Report errors in build #7005 Thanks @ bundyo

    Examples

    • Modal - Fixed mutation observer was not properly disconnected
    • Sticky - Adds new example for sticky to highlight behavior when sticky/context height varies

    Bug Fixes

    • Dropdown - Fix issue where dropdown menu could not open to right when in right menu inside a ui menu (See examples/sticky.html) for use-case
    • Sticky - Fix issue where element might be bound bottom (fixed to bottom of context) if the sticky element is larger than the context
    • Sticky - Fix issue when sticky size is larger than context size caused context min-height not to be set correctly.
    • Button - Fix usage of loading on in labeled button #7023 thanks @ flppv
  • 2.4.2 - 2018-10-21
  • 2.4.1 - 2018-10-13

    Note

    If you are using the semantic-ui-less package with versions of LESS before 3.5 some calc values will not be computed correctly due to changes in variable interpolation. It is recommended that you upgrade to at least 3.5 to continue using new versions of SUI. For more information see #6512

    Build

    • LESS - SUI now supports less versions greater than 3.5.0 Thanks @ sciyoshi #6512
    • Gulp - Migrated deprecated gulp-util to replace-ext Thanks @ stevelacy #6322
    • Gulp - Updated all gulp dependencies to most recent released versions with modifications to tasks as necessary.

    Bug Fixes

    • Dropdown - clearable dropdown now works with dropdown that arent on:click, like hover or manual triggers. #6594
    • Modal - Fixed fullscreen modal having incorrect left offset with flex modals #6587
    • Embed - Embed will now correctly remove DOM metadata on destroy
    • Grid - Fix issue with very relaxed vertically divided grid having wrong margins on dividers
  • 2.4.0 - 2018-09-17

    2.4.0 includes a new component placeholder. To use this component in your existing SUI site, be sure to add @ placeholder: 'default'; to your theme.config. You can see an example in theme.config.example

    New Components

    • Placeholder - Added ui placeholder that can be used to show where content will soon appear.

    New UI Type

    • Segment - Added new ui placeholder segment used to reserve space for UI when content is missing or empty.

    Major Enhancements

    • Dropdown - Added clearable dropdowns. When clearable: true is specified an (X) will appear to clear dropdown selection #2072
    • Modal/Dimmer - Modals and dimmers now include a new setting useFlex which defaults to auto. Modals and dimmers will automatically revert to using non-flex layouts when there may be layout issues with using flexbox. Modals will fall back to JS position when detachable: false is used or with IE11/Edge (Absolutely positioned elements inside flex containers in IE behave differently).

    Critical Bugs

    • Modal - Fixed issue where scrolling modal would not allow for scrolling with touch devices. #6449
    • Label - Fixed issue where basic label were appearing incorrectly Thanks @ lasley / @ ColinFrick #6582 #6440
    • Menu/Dropdown - Fixed left menu inside ui menu would display horizontally as flex #6359

    Bugs

    • Dimmer - Dimmer now sets variation at runtime, to support run-time swapping between top aligned and middle aligned using .dimmer('setting', 'variation', 'top aligned')
    • Dropdown - Fixed issue where onChange when used with action: hide would be missing the third param $item #6555
    • Flag - Add uk alias for united kingdom Thanks @ PhilipGarnero #6531
    • Icon - Fixes missing disk outline icon alias #6556
    • List - Fixed issue where list content would not take up 100% width when used alongside img or icon
    • Menu/Dropdown - Fixes dropdown item margin not obeyed inside labeled icon menu #6557
    • Modal - Fixes @ mobileTopAlignedMargin theming variable was not implemented
    • Modal - Modal now will remove blurring after undimming, to prevent issues with position: fixed #6520

    Minor Changes

    • Dropdown - inline dropdown close icon default right margin default spacing slightly modified.
  • 2.3.3 - 2018-07-09

    Bug Fixes

    • Search - Passing in cache: false will now affect default settings for apiSettings when using a remote endpoint. Previously you would also have to pass in apiSettings: { cache: false} as well
    • CSS - Update LESS syntax to be compatible with LESS 3.0 Thanks @ sciyoshi #6447
    • Icon - Several icon names have been deprecated due to incompatibility with transition in and transition out used in animations. Previous names can still be used, however it is recommended to migrate to new names for compatibility with transition.
    • linkedin in is now linkedin alternate
    • zoom in is now zoom-in
    • zoom out is now zoom-out
    • sign in is now sign-in
    • sign out is now sign-out
    • log out is now logout
    • in cart is now in-cart
  • 2.3.2 - 2018-06-18

    Enhancements

    • Modal - Modal and Dimmer now prevent background page from scrolling on mobile or where touch events are present
    • Button - Add inverted and inverted basic variations for primary and secondary buttons Thanks @ hammy2899 #6242

    Theming

    • Global - Add hover down active and focus variables for @ invertedPrimaryColor and @ invertedSecondaryColor

    Bugs

    • Dropdown Fixed bug that could cause dropdown to recursively trigger network requests specifically when using apiSettings with a url that returns valid response but with no results when clicking directly on the dropdown icon. Thanks @ vpeti #5231 #5809
    • Statistics - Fix issue where grouped statistics would have excess bottom margin if they are :last-child
    • Label - Fix basic label does not use @ basicBackground variables Thanks @ levithomson
    • Modal - Modal will not refocus a field if field is already focused Thanks @ nikolaybobrovskiy #6301
    • Icon - Fix wechat icon not displaying due to typo Thanks @ alex-karo #6429
  • 2.3.1 - 2018-03-19

    A Special Message about Flex Modals
    There will be an update shortly to resolve issues related to flex modals when using multiple modals and detachable: false, in order to not hold up this release, we've decided to move forward without a fix.

    A general solution will most likely require branching code for IE11 which will disable flex (as IE11 doesnt correctly implement the latest spec for absolute positioned flex containers).

    Critical Bugs

    • Dropdown - Fixed issue in 2.3.0 that could cause multiselect dropdowns initialized by converting <select> to not add initial selected options. #6123
    • Search - Fixes using category search with fullTextSearch: 'exact' returning duplicate results @ thanks @ prudho #6223 #6221
    • Icon - Fixes centered and bordered icons appearing incorrectly with FA5 Thanks @ w96k #6192
    • Icons - Fixes missing aliases/incorrect icons from Font Awesome 5 port in 2.3.0 Thanks hammy2899 #6181 #6175 #6176 #6174 #6175
    • Icons - Fixed issue where link icon were appearing incorrectly due to changes in icons #6180

    Enhancements

    • Search - Adds disabled variation Thanks @ prudho #6225
    • Form Validation - Form can now return their validation prompt dynamically based on their current value. Thanks @ xDaizu #6016 #3864

    Bugs

    • Dropdown - Fixed onChange missing text from callback when dropdown is set to action: 'select' Thanks @ martinduparc #4183 #4510
    • Icons - Fixes some icons that were incorrectly named. Thanks hammy2899 #6181
    • Icons - Added ability to choose whether solid, outline and brand icons should be included in your theme via the @ importSolidIcons, importRegularIcons and @ importBrandIcons variables Thanks hammy2899
    • Icons - Increased specifity on fitted icon to fix compatibility with other components #6125
    • Visibility - Fixed bug that could cause onScreen callback to not occur properly for elements that are taller than screen.
    • Menu - Fixes disabled item showing hover style for secondary menu Thanks @ tcmal #6268
    • CSS Variables - Added use of @ normal for normal font weight for all non-default themes included in repo. #6227
    • Image - Fixes margin being applied twice to ui images #6224
    • Reveal - Fix whitespace: nowrap; applying to content inside slide reveal and move reveal
  • 2.3.0 - 2018-02-20

    Major Enhancements

    • Icons - Font Awesome 5 is now included in Semantic UI Thanks @ hammy2899 #6085

    • Search - Category search can now work with local search by adding a category property to any result and specifying type: 'category'

      var categoryContent = [
        { category: 'South America', title: 'Brazil' },
        { category: 'South America', title: 'Peru' },
        { category: 'North America', title: 'Canada' },
        { category: 'Asia', title: 'South Korea' },
        { category: 'Asia', title: 'Japan' },
        { category: 'Asia', title: 'China' },
        { category: 'Europe', title: 'Denmark' },
        { category: 'Europe', title: 'England' },
        { category: 'Europe', title: 'France' },
        { category: 'Europe', title: 'Germany' },
        { category: 'Africa', title: 'Ethiopia' },
        { category: 'Africa', title: 'Nigeria' },
        { category: 'Africa', title: 'Zimbabwe' },
      ];
      $('.ui.search')
        .search({
          type: 'category',
          source: categoryContent
        })
      ;
    • Popup - Popup can now position elements correctly even when they have a different offset context than their activating element. Like in this example.

    • Popup - Popup will now align the center of the arrow (not the edge of the popup) when it would be reasonable (up to 2x arrow's offset from edge). See this explanation

    To preserve functionality movePopup default has remained as true (moving the popup to the same offset context), however now setting movePopup: false should now always position correctly. Be sure to use movePopup: true to avoid issues with ui popup inside menu, input or other places where it may inherit rules from its activating element or its context.

    • Transition - Adds new glow transition for highlighting an element on the page, and zoom animation for scaling elements without opacity tween.

    • Modal - Modal has been rewritten to use flexbox. No need to call refresh() to recalculate vertical centering.

    • Modal - Modals now have a setting centered which can be used to disable vertical centering. This can be useful for modals with content that changes dynamically to prevent content from jumping in position.

    Minor Enhancements

    • Theming - Added global variables for reassigning normal and bold font weights for custom font stacks. Thanks @ jaridmargolin #6167
    • Search - Category results now has exact setting matching dropdown for fullTextSearch preventing fuzzy search
    • Search - Category results will now responsively adjust title row if titles are long instead of forcing a title width
    • Dimmer - Dimmers now have centered content with a single wrapping content element.
    • Modal - You can now modify closable setting after init Thanks @ mdehoog #3396
    • Accordion - Added onChanging callback for accordion that occurs before animation in both directions Thanks @ GammeGames #5892

    Tiny Enhancements

    • Popup - arrowBackground now inherits from background #6059 Thanks @ devsli
    • Popup - Adds new variable headerFontWeight
    • Search - Search now has responsive styles for mobile to prevent results being large than page width.

    Bugs

    • Modal - Modal autofocus setting now checks to see if currently focused element is in modal, avoiding issues where focus could be set in onVisible or onShow
    • Menu - Fixes big and huge sizes being swapped in menu Thanks @ Jeremy091 #5902 #5899
    • Table - Fixes tr not having correct border on first row when using multiple tbody Thanks @ MLukman #4458
    • Popup - Popup will now use content specified in settings before title attribute #4614 Thanks @ aaronbhansen
    • Form Validation - Fixes bug where on: 'change' would still show validation prompts on blur when using inline: true #4423 Thanks @ avalanche1
    • Dimmer - Fixes issue with inverted dimmer with content having wrong text color Thanks @ rijk #4631
    • Images / Transition - Fixed issue where ui images would show nested images with transition hidden as block (Fixes sequential img animation demo in docs)

    Doc Updates

    • Icons - Icon documentation now has a search that will copy the relevent icon html to clipboard
    • Icons - Icon documentation now lists publicly all icon aliases

    Doc Bugs

    • UI Examples - Fixe some improper html in UI examples included with repo #6127 Thanks @ perdian
    • Admin - Fixes bug in admin script that caused leaked global vars Thanks @ esbena #6136
  • 2.2.14 - 2018-01-29

    Critical Bugs

    • Form - Fixes issue where radio checkbox would not return correct value from get values Thanks @ tincdev #5713 #6043
    • Modal - Fixes issue where an oversized modal would appear behind an existing modal when using allowMultiple: true and a second modal that is larger than the screen height. #2423

    Enhancements

    • Button - YouTube's red color now matches their current brand guidelines Thanks @ hammy2899 #6110
    • Flag - Adds missing flag for England Thanks @ zyzniewski #5944
    • Reveal - ribbon label can now work with reveal #5681
    • Dropdown - Added new setting ignoreCase (defaults to false) that will prevent values from being added that match existing values (case insensitive). This is particularly useful when using allowAdditions for tagging to not allow case insensitive matches.
    • Site - Site theme now includes @ customScrollbarHeight and specifies a default horizontal scrollbar height Thanks @ jayphelps #5749

    Bugs

    • Checkbox - Fixes issue where toggle checkbox box shadow was missing Thanks @ Banandrew #5096
    • Dropdown - Fixed issue where dropdowns could incorrectly open upward and leftward opening when using context setting due to an incorrect offset calculation. Thanks @ dannyBies #5974 #5366
    • Form Validation - Fixed issue where default prompts for contain and doesntContain rules were swapped. Thanks @ xiongyu-git #5530
    • Visibility - Fixes issue where bottomPassed and topPassed would not fire under some conditions
    • Dropdown - Fixes issue where dropdowns might accidentally animate closed two times when quickly tabbing through fields
    • Popup - Fixed an error which could cause popup not to move to right offset context when using a different target setting.
    • Dropdown - Fixed issue where using ui input in a dropdown menu could cause the input to be too wide in some cases Thanks @ Banandrew #5085
    • Menu / Popup - Fixed issue where inverted menu rules would cause popup inside a menu to have incorrect link styling in link list Thanks @ Banandrew #5585 #5603

    Build Tools

    • CSS Build - Fixed issue where package gulp-clone was only set to use > 1.0 causing issues with gulp builds due to upstream error #6067
  • 2.2.13 - 2017-08-07

    Hotfix (2)

    • Install - Some interactive install script issues may be fixed. Forked gulp-prompt plugin to allow for updated inquirer version
    • Build Tools - Fixes typo causing fix for build tools to fail #5391
  • 2.2.12 - 2017-08-07

    Major Enhancements (1)

    • Dropdown - Dropdown can now have values specified in javascript when initializing.This should simplify cases where dropdown contents are contingent on other fields, for example listing sub categories. You can see some examples here and in the usage section of dropdown docs

    Critical Bugs (3)

    • Dropdown - Fixed regression that caused sub menu dropdown inside ui menu to always appear on left edge of dropdown introduced 2.2.11 #5542
    • Popup - Fixed a regression with popup in 2.2.11 that caused popups to appear out of place in some cases due to incorrect calculation of offsetParent #5549 #5597 #5590
    • Build Tools - Fixes issue with deprecated uglify setting that could cause build tools to fail with the following error:
    GulpUglifyError: unable to minify JavaScript
    Caused by: DefaultsError: `preserveComments` is not a supported option

    Enhancements (2)

    • Dropdown - Dropdown mutation observers now watch to see if the entire <select> DOM node is replaced with a different select, and not just if new <option> are added
    • Modal - Modal will now take into account absolutely positioned elements inside a modal when determining if scrolling is necessary.

Snyk has created this PR to upgrade semantic-ui from 2.2.6 to 2.5.0.

See this package in npm:
semantic-ui

See this project in Snyk:
https://app.snyk.io/org/brownspy1/project/b6f13b18-328a-4e99-b91c-ebc920f3216e?utm_source=github&utm_medium=referral&page=upgrade-pr
@brownspy1 brownspy1 merged commit 255e258 into master Oct 6, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants