[Snyk] Upgrade web-vitals from 3.1.1 to 3.5.2

[Aroc902322]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web-vitals from 3.1.1 to 3.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 20 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2024-01-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ADOBECSSTOOLS-6096077	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ADOBECSSTOOLS-5871286	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web-vitals

• 3.5.2 - 2024-01-25
  

  Release v3.5.2

• 3.5.2-soft-navs-16 - 2024-01-26
• 3.5.1 - 2023-12-27
  

  Release v3.5.1

• 3.5.1-soft-navs-15 - 2023-12-28
• 3.5.0 - 2023-09-28
  

  Release v3.5.0

• 3.5.0-soft-navs-14 - 2023-12-15
• 3.5.0-soft-navs-13 - 2023-12-13
• 3.5.0-soft-navs-12 - 2023-12-13
• 3.5.0-soft-navs-11 - 2023-12-13
• 3.5.0-soft-navs-10 - 2023-09-28
• 3.4.0 - 2023-07-10
  

  Release v3.4.0

• 3.4.0-soft-navs-9 - 2023-07-10
• 3.3.2 - 2023-05-29
  

  Release v3.3.2

• 3.3.2-soft-navs-8 - 2023-05-29
• 3.3.1 - 2023-04-04
  

  Release v3.3.1

• 3.3.1-types-2 - 2023-05-26
• 3.3.1-types - 2023-05-26
• 3.3.1-soft-navs-7 - 2023-04-04
• 3.3.0 - 2023-03-09
  

  Release v3.3.0

• 3.3.0-soft-navs-6 - 2023-03-09
• 3.1.1 - 2023-01-10
  

  Release v3.1.1

from web-vitals GitHub release notes

Commit messages

Package name: web-vitals

• 6cd88fa Release v3.5.2
• e21424b Fix typo
• 5175129 Update CHANGELOG for 3.5.2
• 92ea1e5 Pick the first non-null target for INP attribution (chore(deps): bump stripe-java from 20.90.0 to 20.92.0 in /prebuilt-checkout-page/server/java stripe-samples/accept-a-payment#421)
• 2301de5 Add clarification to README for `reportAllChanges` (chore(deps): bump Stripe.net from 39.80.0 to 39.82.0 in /custom-payment-flow/server/dotnet stripe-samples/accept-a-payment#413)
• a0df134 Bump follow-redirects from 1.15.3 to 1.15.4 (chore(deps): bump Stripe.net from 39.80.0 to 39.82.0 in /prebuilt-checkout-page/server/dotnet stripe-samples/accept-a-payment#412)
• bf32741 Fix flaky tests after upgrading dependencies
• 73c9f0d Fix formating issues after eslint update
• 4f08663 Fix formating issues after prettier update
• a9a9015 Release v3.5.1
• 209d096 Update CHANGELOG
• cefea72 Update dependencies
• e07c7a7 Add exra guard for PerformanceEventTiming not existing (chore(deps-dev): bump @types/node from 16.11.9 to 16.11.11 in /custom-payment-flow/server/node-typescript stripe-samples/accept-a-payment#403)
• d44362e Bump chromedriver from 117.0.3 to 119.0.1 (Handle RequireAction in AlipayActivity stripe-samples/accept-a-payment#400)
• 38e4173 Update readme (chore(deps-dev): bump @types/node from 16.11.9 to 16.11.12 in /custom-payment-flow/server/node-typescript stripe-samples/accept-a-payment#404)
• 16e6e93 Updates `README` links. (Adds new Payment Element integration stripe-samples/accept-a-payment#401)
• 07f6f96 Bump @ babel/traverse from 7.21.2 to 7.23.2 (chore(deps): bump stripe from 8.188.0 to 8.191.0 in /custom-payment-flow/server/node-typescript stripe-samples/accept-a-payment#398)
• dfdf57d Release v3.5.0
• 9cad8ee Update CHANGELOG for 3.5.0 (chore(deps): bump stripe-java from 20.87.0 to 20.90.0 in /prebuilt-checkout-page/server/java stripe-samples/accept-a-payment#387)
• 1cc298c Run onLCP callback in own task (Checkout Page Code (Question) stripe-samples/accept-a-payment#386)
• 1e94221 Bump nunjucks from 3.2.3 to 3.2.4 (Improve CI settings stripe-samples/accept-a-payment#385)
• 8fcf698 Upgrade selenium and webdriver (chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 in /prebuilt-checkout-page/client/react-cra stripe-samples/accept-a-payment#384)
• 4b769ff Fix INP `durationThreshold` bug when set to 0 (chore(deps): bump url-parse from 1.4.7 to 1.5.3 in /custom-payment-flow/client/react-cra stripe-samples/accept-a-payment#372)
• 27db8a0 Readme fixes for INP (chore(deps): bump tmpl from 1.0.4 to 1.0.5 in /prebuilt-checkout-page/client/react-cra stripe-samples/accept-a-payment#379)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs