[Snyk] Security upgrade @patternfly/quickstarts from 0.0.0-use.local to 0.0.0 by patternfly-build · Pull Request #425 · patternfly/patternfly-quickstarts

patternfly-build · 2025-10-24T19:19:16Z

Snyk has created this PR to fix 48 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

packages/dev/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️

Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610
	Open Redirect SNYK-JS-GOT-2932019
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12704893
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12761655
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728
	Improper Input Validation SNYK-JS-NANOID-8492085
	Improper Handling of Unexpected Data Type SNYK-JS-ONHEADERS-10773729
	Prototype Pollution SNYK-JS-PARSEGITCONFIG-9403763
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640
	Improper Input Validation SNYK-JS-POSTCSS-5926692
	Directory Traversal SNYK-JS-SIRV-12558119
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392
	Improper Link Resolution Before File Access ('Link Following') SNYK-JS-TARFS-10293725
	Symlink Following SNYK-JS-TARFS-13045213
	Symlink Attack SNYK-JS-TARFS-9535930
	Symlink Attack SNYK-JS-TMP-11501554
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298
	Origin Validation Error SNYK-JS-WEBPACKDEVSERVER-10300775
	Exposed Dangerous Method or Function SNYK-JS-WEBPACKDEVSERVER-10300777
	Denial of Service (DoS) SNYK-JS-WS-7266574
	Regular Expression Denial of Service (ReDoS) npm:ssri:20180214
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Allocation of Resources Without Limits or Throttling
🦉 More lessons are available in Snyk Learn

netlify · 2025-10-24T19:21:06Z

❌ Deploy Preview for quickstarts failed.

Name	Link
🔨 Latest commit	`892cae6`
🔍 Latest deploy log	https://app.netlify.com/projects/quickstarts/deploys/68fbd13749c0d500089f12cd

nicolethoen closed this Dec 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade @patternfly/quickstarts from 0.0.0-use.local to 0.0.0#425

[Snyk] Security upgrade @patternfly/quickstarts from 0.0.0-use.local to 0.0.0#425
patternfly-build wants to merge 1 commit intomainfrom
snyk-fix-747917a12739e270ee7042336cb63ace

patternfly-build commented Oct 24, 2025

Uh oh!

netlify bot commented Oct 24, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

patternfly-build commented Oct 24, 2025

Snyk has created this PR to fix 48 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

netlify bot commented Oct 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ Deploy Preview for quickstarts failed.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

netlify bot commented Oct 24, 2025 •

edited

Loading