[Snyk] Security upgrade cheerio from 1.0.0-rc.3 to 1.0.0

[dotam99]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	696
	Code Injection SNYK-JS-LODASH-1040724	681
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	586

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection

[guardrails]

⚠️ We detected 66 security issues in this pull request:

Mode: paranoid | Total findings: 66 | Considered vulnerability: 66

Insecure Access Control (6)

Severity	Details	Docs
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/external.js Line 6 in 03531db return res.redirect(301, externalSites[req.path])	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/handle-redirects.js Line 50 in 03531db return res.redirect(301, redirect)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/contextualizers/enterprise-release-notes.js Line 94 in 03531db return res.redirect(`https://enterprise.github.com/releases/${requestedVersion}.0/notes`)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/archived-enterprise-versions.js Line 24 in 03531db return res.redirect(301, req.baseUrl + req.path.replace(/^\/en/, ''))	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/archived-enterprise-versions.js Line 33 in 03531db return res.redirect(301, redirect)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/language-code-redirects.js Line 15 in 03531db return res.redirect(301, req.path.replace(redirectPattern, `/${language.code}`))	📚

More info on how to fix Insecure Access Control in JavaScript.

---

Insecure File Management (11)

Severity	Details	Docs
High	Title: Path Traversal from user input docs/middleware/contextualizers/rest.js Line 14 in 03531db '/developers/apps'	📚
High	Title: Path Traversal from user input docs/lib/rewrite-local-links.js Line 40 in 03531db newHref = path.join('/', languageCode, href)	📚
High	Title: Path Traversal from user input docs/lib/rewrite-local-links.js Line 47 in 03531db newHref = path.join('/', languageCode, href)	📚
High	Title: Path Traversal from user input docs/middleware/early-access-breadcrumbs.js Line 63 in 03531db const mapTopicOrArticlePath = path.posix.join(categoryPath, pathParts[2])	📚
High	Title: Path Traversal from user input docs/middleware/early-access-breadcrumbs.js Line 50 in 03531db const categoryPath = removeFPTFromPath(path.posix.join('/', 'en', req.context.currentVersion, 'early-access', pathParts[0], pathParts[1]))	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 35 in 03531db title: product.title	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 49 in 03531db const categoryPath = removeFPTFromPath(path.posix.join('/', req.context.currentLanguage, req.context.currentVersion, productPath, pathParts[1]))	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 21 in 03531db const productPath = path.posix.join('/', req.context.currentProduct)	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 34 in 03531db href: removeFPTFromPath(path.posix.join('/', req.context.currentLanguage, req.context.currentVersion, productPath)),	📚
High	Title: Path Traversal from user input docs/middleware/archived-enterprise-versions-assets.js Line 22 in 03531db const proxyPath = path.join('/', requestedVersion, assetPath)	📚
High	Title: Path Traversal from user input docs/lib/get-link-data.js Line 37 in 03531db const href = removeFPTFromPath(path.join('/', context.currentLanguage, version, linkPath))	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Processing of Data (6)

Severity	Details	Docs
High	Title: Insecure Deserialization (js-yaml) docs/tests/unit/actions-workflows.js Line 11 in 03531db const data = yaml.load(fs.readFileSync(fullpath, 'utf8'), { fullpath })	📚
High	Title: Insecure Deserialization (js-yaml) docs/tests/helpers/crowdin-config.js Line 7 in 03531db return yaml.load(fs.readFileSync(filename, 'utf8'), { filename })	📚
Medium	Title: Tainted input passed to Express response docs/middleware/dev-toc.js Line 8 in 03531db return res.send(await liquid.parseAndRender(layouts['dev-toc'], req.context))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/loaderio-verification.js Line 5 in 03531db return res.send(req.path.replace(/\//g, ''))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/enterprise-server-releases.js Line 12 in 03531db return res.send(await liquid.parseAndRender(layouts['enterprise-server-releases'], req.context))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/render-page.js Line 144 in 03531db res.send(addCsrf(req, output))	📚

More info on how to fix Insecure Processing of Data in JavaScript.

---

Insecure Use of Language/Framework API (42)

Severity	Details	Docs
Medium	Title: User Controlled Method Invocation docs/script/graphql/utils/remove-hidden-schema-members.rb Line 99 in 03531db schema.send(:own_orphan_types).clear	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/tests/content/lint-files.js Line 203 in 03531db const changedFilesRelPaths = execSync('git diff --name-only origin/main | egrep "^translations/.*/.+.(yml|md)$"', { maxBuffer: 1024 * 1024 * 100 }).toString().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 26 in 03531db const fixable = execSync(`cat ${fixableErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | sed -e 's/^/- [ ] /' | uniq`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 29 in 03531db const filesToAdd = execSync(`cat ${parsingErrorsLog} ${renderingErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | sed -e 's/^/- [ ] /' | uniq`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 32 in 03531db const allErrors = execSync('cat ~/docs-*').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reset-translated-file.js Line 56 in 03531db execSync(`git checkout main -- ${relativePath}`, { stdio: 'pipe' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 48 in 03531db const githubBranch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: githubRepoDir }).toString().trim()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 53 in 03531db execSync('git pull', { cwd: githubRepoDir })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 62 in 03531db execSync(`${path.join(githubRepoDir, 'bin/openapi')} bundle -o ${tempDocsDir} --include_unpublished`, { stdio: 'inherit' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 69 in 03531db execSync(`find ${tempDocsDir} -type f -name "*deref.json" -exec mv '{}' ${dereferencedPath} ';'`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 62 in 03531db const gitStatusOfFile = execSync(`git status --porcelain ${oldContentPath}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 66 in 03531db execSync(`mv ${oldContentPath} ${newContentPath}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 68 in 03531db execSync(`git mv ${oldContentPath} ${newContentPath}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reset-known-broken-translation-files.js Line 44 in 03531db await exec(`script/reset-translated-file.js --prefer-main ${file}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/prevent-pushes-to-main.js Line 13 in 03531db const currentBranch = execSync('git symbolic-ref --short HEAD', { encoding: 'utf8' }).trim()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/prevent-translation-commits.js Line 20 in 03531db const filenames = execSync('git diff --cached --name-only').toString().trim().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/purge-fastly-by-url.js Line 74 in 03531db const result = execSync(`${purgeCommand} ${localizedUrl}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/purge-fastly-by-url.js Line 78 in 03531db const secondResult = execSync(`${purgeCommand} ${localizedUrl}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 16 in 03531db execSync(`TEST_TRANSLATION=true npx jest content/lint-files > ${parsingErrorsLog}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 19 in 03531db execSync(`script/test-render-translation.js > ${renderErrorsLog}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 22 in 03531db execSync(`cat ${parsingErrorsLog} ${renderErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | uniq | xargs -L1 script/reset-translated-file.js --prefer-main`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/move-category-to-product.js Line 51 in 03531db execSync(`mkdir ${productDir}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/move-category-to-product.js Line 56 in 03531db execSync(`git mv ${oldCategoryDir} ${productDir}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/helpers/find-unused-assets.js Line 89 in 03531db const grepResults = execSync(grepCmd).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/fix-translation-errors.js Line 50 in 03531db const changedFilesRelPaths = execSync(cmd).toString().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/get-new-dotcom-path.js Line 39 in 03531db const newPath = execSync(`find ${newDotcomDir} -name ${filename}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 29 in 03531db execSync('gem which graphql')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 123 in 03531db execSync('npx prettier -w "**/*.{yml,yaml}"')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 205 in 03531db const remoteClean = execSync(`${removeHiddenMembersScript} ${tempSchemaFilePath}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/enterprise-server-deprecations/archive-version.js Line 110 in 03531db execSync('npm run build', { stdio: 'inherit' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 36 in 03531db currentBranch = execSync('git branch --show-current').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 74 in 03531db let branchExists = execSync(`git ls-remote --heads ${earlyAccessFullRepo} ${earlyAccessBranch}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 82 in 03531db branchExists = execSync(`git ls-remote --heads ${earlyAccessFullRepo} ${earlyAccessBranch}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 100 in 03531db cwd: earlyAccessCloningParentDir	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 27 in 03531db exec(`git reset $(git merge-base ${base} HEAD)`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 28 in 03531db exec('git add -A')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 29 in 03531db exec(`git commit -m "${message}"`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/lib/liquid-tags/octicon.js Line 34 in 03531db while ((optionsMatch = OptionsSyntax.exec(match.groups.options))) {	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/.github/actions-scripts/openapi-schema-branch.js Line 31 in 03531db const changedFiles = execSync('git diff --name-only HEAD').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/test-render-translation.js Line 36 in 03531db const changedFilesRelPaths = execSync('git diff --name-only origin/main | egrep "^translations/.*/.+.md$"', { maxBuffer: 1024 * 1024 * 100 })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/content-migrations/remove-unused-assets.js Line 137 in 03531db const grepResults = execSync(grepCmd).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/lib/liquid-tags/link.js Line 61 in 03531db const match = liquidVariableSyntax.exec(this.param)	📚

More info on how to fix Insecure Use of Language/Framework API in Ruby and JavaScript.

---

Insecure Use of Regular Expressions (1)

Severity	Details	Docs
Medium	Title: Tainted input passed to Regular Expression docs/middleware/find-page.js Line 8 in 03531db const englishPath = req.path.replace(new RegExp(`^/${req.language}`), '/en')	📚

More info on how to fix Insecure Use of Regular Expressions in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.