Resolve vulnerabilities (#1167)

This PR resolves the following vulnerabilities: - upgrade `webpack` to version 5.90.1 to resolve vulnerability to Improper Access Control in versions lower than 5.76.0 - upgrade `http-cache-semantics` to version 4.1.1 to resolve vulnerability to Inefficient Regular Expression Complexity in versions lower than 4.1.1 - upgrade `get-func-name` to version 2.0.2 to resolve vulnerability to Uncontrolled Resource Consumption / Inefficient Regular Expression Complexity in versions lower than 2.0.1 - remove insecure document methods J=VULN-37755 - VULN-37760, VULN-38372, VULN-38400, VULN-38433 --------- Co-authored-by: Liah Kim <[email protected]> Co-authored-by: Nidhi Manu <[email protected]>
yext · Feb 13, 2024 · 2e4c744 · 2e4c744
1 parent 15a7135
commit 2e4c744
Show file tree

Hide file tree

Showing 6 changed files with 465 additions and 567 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,4 @@ node_modules
 /playwright-report/
 /blob-report/
 /playwright/.cache/
+**/.env
diff --git a/package-lock.json b/package-lock.json
diff --git a/static/js/theme-map/Maps/Providers/Baidu.js b/static/js/theme-map/Maps/Providers/Baidu.js
@@ -350,7 +350,7 @@ function load(resolve, reject, apiKey, {
   }
 
   const negativeLngFixStyle = document.createElement('style');
-  negativeLngFixStyle.innerHTML = negativeLngFixCSS;
+  negativeLngFixStyle.textContent = negativeLngFixCSS;
 
   document.head.appendChild(negativeLngFixStyle);
 }

diff --git a/static/js/theme-map/Util/Accessibility.js b/static/js/theme-map/Util/Accessibility.js