chore(deps-dev): bump json5 from 2.2.0 to 2.2.3

[dependabot]

Bumps json5 from 2.2.0 to 2.2.3.

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: dependencies.

[guardrails]

⚠️ We detected 518 security issues in this pull request:

Mode: paranoid | Total findings: 518 | Considered vulnerability: 518

Insecure Processing of Data (183)

Docs	Details
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/test/BinaryMiddleware.unittest.js Line 125 in 9d5bfad const newData = mw.deserialize(serialized, {});
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/tooling/print-cache-file.js Line 158 in 9d5bfad const structure = await rawSerializer.deserialize(null, {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/tooling/print-cache-file.js Line 168 in 9d5bfad const data = await serializer.deserialize(null, {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/RawModule.js Line 138 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/RawModule.js Line 146 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/DependenciesBlock.js Line 87 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleWarning.js Line 50 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleWarning.js Line 55 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ContextModule.js Line 1069 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ContextModule.js Line 1073 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/FileSystemInfo.js Line 351 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ExportsInfo.js Line 54 in 9d5bfad static deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/AsyncDependenciesBlock.js Line 76 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/AsyncDependenciesBlock.js Line 81 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleError.js Line 50 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleError.js Line 55 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/WebpackError.js Line 49 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleBuildError.js Line 66 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleBuildError.js Line 71 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/Module.js Line 977 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/Module.js Line 991 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleParseError.js Line 98 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ModuleParseError.js Line 103 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/Dependency.js Line 278 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/DelegatedModule.js Line 199 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/DelegatedModule.js Line 208 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/NormalModule.js Line 1288 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/NormalModule.js Line 1306 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/NormalModule.js Line 1310 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/NormalModule.js Line 1316 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ExternalModule.js Line 191 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ExternalModule.js Line 682 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/ExternalModule.js Line 689 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/DllModule.js Line 130 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/DllModule.js Line 132 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/optimize/ConcatenatedModule.js Line 1832 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/optimize/ConcatenatedModule.js Line 1839 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/ContainerEntryModule.js Line 267 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/ContainerEntryModule.js Line 270 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/FallbackDependency.js Line 38 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/FallbackDependency.js Line 41 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/FallbackModule.js Line 163 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/FallbackModule.js Line 166 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/ContainerExposedDependency.js Line 41 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/ContainerExposedDependency.js Line 43 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/RemoteModule.js Line 159 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/container/RemoteModule.js Line 162 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/sharing/ProvideSharedDependency.js Line 43 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/sharing/ProvideSharedDependency.js Line 53 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/sharing/ProvideSharedModule.js Line 169 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/sharing/ProvideSharedModule.js Line 172 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/sharing/ConsumeSharedModule.js Line 233 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/sharing/ConsumeSharedModule.js Line 236 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/ArraySerializer.js Line 12 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/RegExpObjectSerializer.js Line 12 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/SingleItemMiddleware.js Line 29 in 9d5bfad deserialize(data, context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/MapObjectSerializer.js Line 17 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/FileMiddleware.js Line 314 in 9d5bfad memoize(() => deserialize(middleware, name, readFile)),
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/FileMiddleware.js Line 494 in 9d5bfad deserialize(data, context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/FileMiddleware.js Line 609 in 9d5bfad return deserialize(this, false, readFile);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/SetObjectSerializer.js Line 14 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/DateObjectSerializer.js Line 11 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/BinaryMiddleware.js Line 507 in 9d5bfad deserialize(data, context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/BinaryMiddleware.js Line 508 in 9d5bfad return this._deserialize(data, context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/BinaryMiddleware.js Line 513 in 9d5bfad memoize(() => this._deserialize(content, context)),
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/BinaryMiddleware.js Line 522 in 9d5bfad this._deserialize(data, context)
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/BinaryMiddleware.js Line 531 in 9d5bfad _deserialize(data, context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/SerializerMiddleware.js Line 36 in 9d5bfad deserialize(data, context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/SerializerMiddleware.js Line 123 in 9d5bfad return r.then(data => deserialize(data));
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/SerializerMiddleware.js Line 125 in 9d5bfad return deserialize(r);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/PlainObjectSerializer.js Line 66 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/NullPrototypeObjectSerializer.js Line 18 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/ObjectMiddleware.js Line 555 in 9d5bfad deserialize(data, context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/ObjectMiddleware.js Line 649 in 9d5bfad const item = serializer.deserialize(ctx);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/ObjectMiddleware.js Line 700 in 9d5bfad data => this.deserialize(data, context)[0]
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/Serializer.js Line 33 in 9d5bfad deserialize(value, context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/Serializer.js Line 39 in 9d5bfad current = current.then(data => middleware.deserialize(data, context));
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/Serializer.js Line 41 in 9d5bfad current = middleware.deserialize(current, ctx);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/serialization/ErrorObjectSerializer.js Line 17 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ModuleDecoratorDependency.js Line 83 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ModuleDecoratorDependency.js Line 87 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireResolveHeaderDependency.js Line 32 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireResolveHeaderDependency.js Line 34 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ModuleDependency.js Line 55 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ModuleDependency.js Line 60 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsExportRequireDependency.js Line 277 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsExportRequireDependency.js Line 286 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDRequireContextDependency.js Line 36 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDRequireContextDependency.js Line 42 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ImportDependency.js Line 60 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ImportDependency.js Line 63 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsSelfReferenceDependency.js Line 65 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsSelfReferenceDependency.js Line 71 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDRequireArrayDependency.js Line 41 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDRequireArrayDependency.js Line 47 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/DllEntryDependency.js Line 32 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/DllEntryDependency.js Line 38 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/WebAssemblyExportImportedDependency.js Line 54 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/WebAssemblyExportImportedDependency.js Line 61 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ConstDependency.js Line 64 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ConstDependency.js Line 69 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportExpressionDependency.js Line 66 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportExpressionDependency.js Line 72 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireContextDependency.js Line 31 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireContextDependency.js Line 36 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/URLDependency.js Line 88 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/URLDependency.js Line 93 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/PureExpressionDependency.js Line 58 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/PureExpressionDependency.js Line 62 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyAcceptDependency.js Line 43 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyAcceptDependency.js Line 48 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsRequireContextDependency.js Line 33 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsRequireContextDependency.js Line 39 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyImportDependency.js Line 207 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyImportDependency.js Line 210 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDDefineDependency.js Line 133 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDDefineDependency.js Line 141 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ImportContextDependency.js Line 37 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ImportContextDependency.js Line 43 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ContextElementDependency.js Line 60 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ContextElementDependency.js Line 62 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsFullRequireDependency.js Line 62 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsFullRequireDependency.js Line 67 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportHeaderDependency.js Line 33 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportHeaderDependency.js Line 37 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyImportSpecifierDependency.js Line 214 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyImportSpecifierDependency.js Line 226 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/LocalModuleDependency.js Line 34 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/LocalModuleDependency.js Line 41 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ContextDependency.js Line 114 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ContextDependency.js Line 127 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireResolveContextDependency.js Line 33 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireResolveContextDependency.js Line 39 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireHeaderDependency.js Line 29 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireHeaderDependency.js Line 31 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDRequireDependency.js Line 46 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/AMDRequireDependency.js Line 56 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/WebAssemblyImportDependency.js Line 84 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/WebAssemblyImportDependency.js Line 91 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ExportsInfoDependency.js Line 94 in 9d5bfad static deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ExportsInfoDependency.js Line 100 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/JsonExportsDependency.js Line 84 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/JsonExportsDependency.js Line 87 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/UnsupportedDependency.js Line 32 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/UnsupportedDependency.js Line 38 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportSpecifierDependency.js Line 59 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportSpecifierDependency.js Line 63 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/LocalModule.js Line 33 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/StaticExportsDependency.js Line 53 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/StaticExportsDependency.js Line 57 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RuntimeRequirementsDependency.js Line 44 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RuntimeRequirementsDependency.js Line 47 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportImportedSpecifierDependency.js Line 847 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportImportedSpecifierDependency.js Line 858 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/HarmonyExportImportedSpecifierDependency.js Line 1229 in 9d5bfad deserialize({ read, setCircularReference }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ProvidedDependency.js Line 65 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/ProvidedDependency.js Line 69 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsExportsDependency.js Line 65 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CommonJsExportsDependency.js Line 71 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireEnsureDependency.js Line 40 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/RequireEnsureDependency.js Line 47 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CachedConstDependency.js Line 54 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/dependencies/CachedConstDependency.js Line 61 in 9d5bfad super.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/cache/ResolverCachePlugin.js Line 28 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/cache/PackFileCacheStrategy.js Line 61 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/cache/PackFileCacheStrategy.js Line 507 in 9d5bfad deserialize({ read, logger }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/cache/PackFileCacheStrategy.js Line 627 in 9d5bfad deserialize({ read, logger, profile }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/cache/PackFileCacheStrategy.js Line 927 in 9d5bfad .deserialize(null, {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 56 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 83 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 109 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 136 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 171 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 211 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 240 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 274 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 301 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/registerExternalSerializer.js Line 333 in 9d5bfad deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/LazySet.js Line 196 in 9d5bfad static deserialize({ read }) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/makeSerializable.js Line 18 in 9d5bfad deserialize(context) {
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/makeSerializable.js Line 20 in 9d5bfad return this.Constructor.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/util/makeSerializable.js Line 23 in 9d5bfad obj.deserialize(context);
💡	Title: Insecure Deserialization (gRPC), Severity: High webpack/lib/json/JsonData.js Line 36 in 9d5bfad deserialize({ read }) {

More info on how to fix Insecure Processing of Data in JavaScript.

---

Insecure File Management (281)

Docs	Details
💡	Title: Use of non-literal require, Severity: High webpack/bin/webpack.js Line 67 in 9d5bfad const pkg = require(pkgPath);
💡	Title: Use of non-literal require, Severity: High webpack/bin/webpack.js Line 69 in 9d5bfad require(path.resolve(path.dirname(pkgPath), pkg.bin[cli.binName]));
💡	Title: Use of non-literal require, Severity: High webpack/examples/aggressive-merging/pageA.js Line 1 in 9d5bfad require(["./common"], function(common) {
💡	Title: Use of non-literal require, Severity: High webpack/examples/aggressive-merging/pageB.js Line 1 in 9d5bfad require(["./common"], function(common) {
💡	Title: Use of non-literal require, Severity: High webpack/examples/aggressive-merging/pageC.js Line 1 in 9d5bfad require(["./a"], function(a) {
💡	Title: Use of non-literal require, Severity: High webpack/examples/code-splitted-require.context-amd/example.js Line 2 in 9d5bfad require(["../require.context/templates/"+templateName], function(tmpl) {
💡	Title: Use of non-literal require, Severity: High webpack/examples/code-splitted-require.context/example.js Line 3 in 9d5bfad callback(require("../require.context/templates/"+templateName)());
💡	Title: Use of non-literal require, Severity: High webpack/examples/extra-async-chunk-advanced/example.js Line 1 in 9d5bfad require(["./a", "./b", "./c"], function(a, b, c) {});
💡	Title: Use of non-literal require, Severity: High webpack/examples/extra-async-chunk/example.js Line 2 in 9d5bfad require(["./a", "./b", "./c"]);
💡	Title: Use of non-literal require, Severity: High webpack/examples/http2-aggressive-splitting/example.js Line 2 in 9d5bfad require(["react-dom"]);
💡	Title: Use of non-literal require, Severity: High webpack/examples/mixed/commonjs.js Line 5 in 9d5bfad require(
💡	Title: Use of non-literal require, Severity: High webpack/examples/mixed/example.js Line 7 in 9d5bfad require([
💡	Title: Use of non-literal require, Severity: High webpack/test/BuildDependencies.test.js Line 176 in 9d5bfad require(`./js/buildDeps/${i}/main.js`)
💡	Title: Use of non-literal require, Severity: High webpack/test/HotTestCases.template.js Line 289 in 9d5bfad } else return require(module);
💡	Title: Use of non-literal require, Severity: High webpack/test/ProfilingPlugin.test.js Line 35 in 9d5bfad const data = require(finalPath);
💡	Title: Use of non-literal require, Severity: High webpack/test/StatsTestCases.basictest.js Line 60 in 9d5bfad options = require(path.join(base, testName, "webpack.config.js"));
💡	Title: Use of non-literal require, Severity: High webpack/test/StatsTestCases.basictest.js Line 67 in 9d5bfad require(path.join(base, testName, "test.config.js"))
💡	Title: Use of non-literal require, Severity: High webpack/test/TestCases.template.js Line 75 in 9d5bfad testConfig = require(testConfigPath);
💡	Title: Use of non-literal require, Severity: High webpack/test/TestCases.template.js Line 418 in 9d5bfad } else return require(module);
💡	Title: Use of non-literal require, Severity: High webpack/examples/multiple-entry-points/pageA.js Line 2 in 9d5bfad require(["./shared"], function(shared) {
💡	Title: Use of non-literal require, Severity: High webpack/examples/require.context/example.js Line 2 in 9d5bfad return require("./templates/"+templateName);
💡	Title: Use of non-literal require, Severity: High webpack/lib/ProgressPlugin.js Line 412 in 9d5bfad require(loader.loader);
💡	Title: Use of non-literal require, Severity: High webpack/lib/hmr/HotModuleReplacement.runtime.js Line 79 in 9d5bfad return require(request);

---

This comment has been truncated due to comment length limitations, please go to the dashboard for further details.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.