[Snyk] Security upgrade copy-webpack-plugin from 6.4.1 to 7.0.0

[dotam99]

Snyk has created this PR to fix 7 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	646
	Arbitrary File Write SNYK-JS-TAR-1579147	639
	Arbitrary File Write SNYK-JS-TAR-1579152	639
	Arbitrary File Write SNYK-JS-TAR-1579155	639
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	624
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	624
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	410

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Overwrite
🦉 Regular Expression Denial of Service (ReDoS)

[guardrails]

⚠️ We detected 104 security issues in this pull request:

Mode: paranoid | Total findings: 104 | Considered vulnerability: 104

Insecure Access Control (6)

Severity	Details	Docs
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/external.js Line 6 in 2458fbe return res.redirect(301, externalSites[req.path])	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/handle-redirects.js Line 50 in 2458fbe return res.redirect(301, redirect)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/contextualizers/enterprise-release-notes.js Line 94 in 2458fbe return res.redirect(`https://enterprise.github.com/releases/${requestedVersion}.0/notes`)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/archived-enterprise-versions.js Line 24 in 2458fbe return res.redirect(301, req.baseUrl + req.path.replace(/^\/en/, ''))	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/archived-enterprise-versions.js Line 33 in 2458fbe return res.redirect(301, redirect)	📚
Medium	Title: Tainted input passed to an open redirect (express) docs/middleware/redirects/language-code-redirects.js Line 15 in 2458fbe return res.redirect(301, req.path.replace(redirectPattern, `/${language.code}`))	📚

More info on how to fix Insecure Access Control in JavaScript.

---

Insecure File Management (11)

Severity	Details	Docs
High	Title: Path Traversal from user input docs/middleware/contextualizers/rest.js Line 14 in 2458fbe '/developers/apps'	📚
High	Title: Path Traversal from user input docs/lib/rewrite-local-links.js Line 40 in 2458fbe newHref = path.join('/', languageCode, href)	📚
High	Title: Path Traversal from user input docs/lib/rewrite-local-links.js Line 47 in 2458fbe newHref = path.join('/', languageCode, href)	📚
High	Title: Path Traversal from user input docs/middleware/early-access-breadcrumbs.js Line 63 in 2458fbe const mapTopicOrArticlePath = path.posix.join(categoryPath, pathParts[2])	📚
High	Title: Path Traversal from user input docs/middleware/early-access-breadcrumbs.js Line 50 in 2458fbe const categoryPath = removeFPTFromPath(path.posix.join('/', 'en', req.context.currentVersion, 'early-access', pathParts[0], pathParts[1]))	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 35 in 2458fbe title: product.title	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 49 in 2458fbe const categoryPath = removeFPTFromPath(path.posix.join('/', req.context.currentLanguage, req.context.currentVersion, productPath, pathParts[1]))	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 21 in 2458fbe const productPath = path.posix.join('/', req.context.currentProduct)	📚
High	Title: Path Traversal from user input docs/middleware/breadcrumbs.js Line 34 in 2458fbe href: removeFPTFromPath(path.posix.join('/', req.context.currentLanguage, req.context.currentVersion, productPath)),	📚
High	Title: Path Traversal from user input docs/middleware/archived-enterprise-versions-assets.js Line 22 in 2458fbe const proxyPath = path.join('/', requestedVersion, assetPath)	📚
High	Title: Path Traversal from user input docs/lib/get-link-data.js Line 37 in 2458fbe const href = removeFPTFromPath(path.join('/', context.currentLanguage, version, linkPath))	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Processing of Data (6)

Severity	Details	Docs
High	Title: Insecure Deserialization (js-yaml) docs/tests/unit/actions-workflows.js Line 11 in 2458fbe const data = yaml.load(fs.readFileSync(fullpath, 'utf8'), { fullpath })	📚
High	Title: Insecure Deserialization (js-yaml) docs/tests/helpers/crowdin-config.js Line 7 in 2458fbe return yaml.load(fs.readFileSync(filename, 'utf8'), { filename })	📚
Medium	Title: Tainted input passed to Express response docs/middleware/dev-toc.js Line 8 in 2458fbe return res.send(await liquid.parseAndRender(layouts['dev-toc'], req.context))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/loaderio-verification.js Line 5 in 2458fbe return res.send(req.path.replace(/\//g, ''))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/enterprise-server-releases.js Line 12 in 2458fbe return res.send(await liquid.parseAndRender(layouts['enterprise-server-releases'], req.context))	📚
Medium	Title: Tainted input passed to Express response docs/middleware/render-page.js Line 144 in 2458fbe res.send(addCsrf(req, output))	📚

More info on how to fix Insecure Processing of Data in JavaScript.

---

Insecure Use of Language/Framework API (42)

Severity	Details	Docs
Medium	Title: User Controlled Method Invocation docs/script/graphql/utils/remove-hidden-schema-members.rb Line 99 in 2458fbe schema.send(:own_orphan_types).clear	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/tests/content/lint-files.js Line 203 in 2458fbe const changedFilesRelPaths = execSync('git diff --name-only origin/main | egrep "^translations/.*/.+.(yml|md)$"', { maxBuffer: 1024 * 1024 * 100 }).toString().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 26 in 2458fbe const fixable = execSync(`cat ${fixableErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | sed -e 's/^/- [ ] /' | uniq`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 29 in 2458fbe const filesToAdd = execSync(`cat ${parsingErrorsLog} ${renderingErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | sed -e 's/^/- [ ] /' | uniq`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/update-crowdin-issue.js Line 32 in 2458fbe const allErrors = execSync('cat ~/docs-*').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reset-translated-file.js Line 56 in 2458fbe execSync(`git checkout main -- ${relativePath}`, { stdio: 'pipe' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 48 in 2458fbe const githubBranch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: githubRepoDir }).toString().trim()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 53 in 2458fbe execSync('git pull', { cwd: githubRepoDir })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 62 in 2458fbe execSync(`${path.join(githubRepoDir, 'bin/openapi')} bundle -o ${tempDocsDir} --include_unpublished`, { stdio: 'inherit' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/rest/update-files.js Line 69 in 2458fbe execSync(`find ${tempDocsDir} -type f -name "*deref.json" -exec mv '{}' ${dereferencedPath} ';'`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 62 in 2458fbe const gitStatusOfFile = execSync(`git status --porcelain ${oldContentPath}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 66 in 2458fbe execSync(`mv ${oldContentPath} ${newContentPath}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reconcile-filenames-with-ids.js Line 68 in 2458fbe execSync(`git mv ${oldContentPath} ${newContentPath}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/reset-known-broken-translation-files.js Line 44 in 2458fbe await exec(`script/reset-translated-file.js --prefer-main ${file}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/prevent-pushes-to-main.js Line 13 in 2458fbe const currentBranch = execSync('git symbolic-ref --short HEAD', { encoding: 'utf8' }).trim()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/prevent-translation-commits.js Line 20 in 2458fbe const filenames = execSync('git diff --cached --name-only').toString().trim().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/purge-fastly-by-url.js Line 74 in 2458fbe const result = execSync(`${purgeCommand} ${localizedUrl}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/purge-fastly-by-url.js Line 78 in 2458fbe const secondResult = execSync(`${purgeCommand} ${localizedUrl}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 16 in 2458fbe execSync(`TEST_TRANSLATION=true npx jest content/lint-files > ${parsingErrorsLog}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 19 in 2458fbe execSync(`script/test-render-translation.js > ${renderErrorsLog}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/lint-translation-files.js Line 22 in 2458fbe execSync(`cat ${parsingErrorsLog} ${renderErrorsLog} | egrep "^translations/.*/(.+.md|.+.yml)$" | uniq | xargs -L1 script/reset-translated-file.js --prefer-main`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/move-category-to-product.js Line 51 in 2458fbe execSync(`mkdir ${productDir}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/move-category-to-product.js Line 56 in 2458fbe execSync(`git mv ${oldCategoryDir} ${productDir}`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/helpers/find-unused-assets.js Line 89 in 2458fbe const grepResults = execSync(grepCmd).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/fix-translation-errors.js Line 50 in 2458fbe const changedFilesRelPaths = execSync(cmd).toString().split('\n')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/get-new-dotcom-path.js Line 39 in 2458fbe const newPath = execSync(`find ${newDotcomDir} -name ${filename}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 29 in 2458fbe execSync('gem which graphql')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 123 in 2458fbe execSync('npx prettier -w "**/*.{yml,yaml}"')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/graphql/update-files.js Line 205 in 2458fbe const remoteClean = execSync(`${removeHiddenMembersScript} ${tempSchemaFilePath}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/enterprise-server-deprecations/archive-version.js Line 110 in 2458fbe execSync('npm run build', { stdio: 'inherit' })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 36 in 2458fbe currentBranch = execSync('git branch --show-current').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 74 in 2458fbe let branchExists = execSync(`git ls-remote --heads ${earlyAccessFullRepo} ${earlyAccessBranch}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 82 in 2458fbe branchExists = execSync(`git ls-remote --heads ${earlyAccessFullRepo} ${earlyAccessBranch}`).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/early-access/clone-for-build.js Line 100 in 2458fbe cwd: earlyAccessCloningParentDir	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 27 in 2458fbe exec(`git reset $(git merge-base ${base} HEAD)`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 28 in 2458fbe exec('git add -A')	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/anonymize-branch.js Line 29 in 2458fbe exec(`git commit -m "${message}"`)	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/lib/liquid-tags/octicon.js Line 34 in 2458fbe while ((optionsMatch = OptionsSyntax.exec(match.groups.options))) {	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/.github/actions-scripts/openapi-schema-branch.js Line 31 in 2458fbe const changedFiles = execSync('git diff --name-only HEAD').toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/test-render-translation.js Line 36 in 2458fbe const changedFilesRelPaths = execSync('git diff --name-only origin/main | egrep "^translations/.*/.+.md$"', { maxBuffer: 1024 * 1024 * 100 })	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/script/content-migrations/remove-unused-assets.js Line 137 in 2458fbe const grepResults = execSync(grepCmd).toString()	📚
High	Title: Child process (child_process) methods accept untrusted data to execute docs/lib/liquid-tags/link.js Line 61 in 2458fbe const match = liquidVariableSyntax.exec(this.param)	📚

More info on how to fix Insecure Use of Language/Framework API in Ruby and JavaScript.

---

Insecure Use of Regular Expressions (1)

Severity	Details	Docs
Medium	Title: Tainted input passed to Regular Expression docs/middleware/find-page.js Line 8 in 2458fbe const englishPath = req.path.replace(new RegExp(`^/${req.language}`), '/en')	📚

More info on how to fix Insecure Use of Regular Expressions in JavaScript.

---

Vulnerable Libraries (38)

Severity	Details
Critical	pkg:npm/[email protected] upgrade to: > 1.7.0
N/A	pkg:npm/[email protected] upgrade to: 12.1.0,11.8.5
Medium	pkg:npm/[email protected] upgrade to: 4.1.1
Informational	pkg:npm/[email protected] upgrade to: > 3.1.0
Informational	pkg:npm/[email protected] upgrade to: > 1.11.0
Critical	pkg:npm/[email protected] upgrade to: > 8.1.0
High	pkg:npm/[email protected] upgrade to: > 1.1.4
High	pkg:npm/[email protected] upgrade to: > 3.35.1
High	pkg:npm/[email protected] upgrade to: > 4.0.2
Critical	pkg:npm/[email protected] upgrade to: > 4.0.0
High	pkg:npm/@babel/[email protected] upgrade to: > 7.11.0
Critical	pkg:npm/[email protected] upgrade to: 5.0.1
Informational	pkg:npm/[email protected] upgrade to: > 1.4.5
Medium	pkg:npm/[email protected] upgrade to: 4.17.21
Critical	pkg:npm/[email protected] upgrade to: > 1.4.1
Critical	pkg:npm/[email protected] upgrade to: > 1.2.1
Medium	pkg:npm/[email protected] upgrade to: 7.5.2
High	pkg:npm/[email protected] upgrade to: > 5.0.0
High	pkg:npm/[email protected] upgrade to: > 1.32.8
High	pkg:npm/[email protected] upgrade to: > 1.9.1
Critical	pkg:npm/[email protected] upgrade to: > 9.0.2
High	pkg:npm/[email protected] upgrade to: > 5.0.0
High	pkg:npm/[email protected] upgrade to: > 4.6.0
High	pkg:npm/[email protected] upgrade to: > 3.0.0
Critical	pkg:npm/[email protected] upgrade to: > 3.0.3
High	pkg:npm/[email protected] upgrade to: > 1.7.4
Critical	pkg:npm/[email protected] upgrade to: > 2.13.1
Medium	pkg:npm/[email protected] upgrade to: > 4.0.2
Critical	pkg:npm/[email protected] upgrade to: > 7.0.0
High	pkg:npm/[email protected] upgrade to: 6.9.7,6.8.3,6.6.1,6.5.3,6.3.3,4.17.3,6.10.3,6.7.3,6.4.1,6.2.4
Medium	pkg:npm/[email protected] upgrade to: 5.94.0
High	pkg:npm/[email protected] upgrade to: > 7.0.2
Medium	pkg:npm/[email protected] upgrade to: 10.0.0
High	pkg:npm/[email protected] upgrade to: > 3.12.0
High	pkg:npm/[email protected] upgrade to: > 7.0.2
High	pkg:npm/[email protected] upgrade to: 3.1.1,2.6.7
Critical	pkg:npm/[email protected] upgrade to: > 5.0.0
High	pkg:npm/[email protected] upgrade to: > 1.0.0-rc.3

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.