[cherry-pick][utils] Fix GitHub-reported prototype pollution vulnerability in `deepmerge` (#41652) #42608

DiegoAndai · 2024-06-10T19:21:19Z

Closes #42607

Cherry-pick #41652 to master

…pmerge` (mui#41652)

mui-bot · 2024-06-10T19:24:27Z

Netlify deploy preview

https://deploy-preview-42608--material-ui.netlify.app/

Bundle size report

Details of bundle changes (Toolpad)
Details of bundle changes

Generated by 🚫 dangerJS against ee8a57b

oliviertassinari · 2024-06-10T21:33:45Z

I removed the "security" label per #41652 (comment), there is no security flaw from what I can understand, it's a bug fix.

tjcouch-sil · 2024-06-18T16:37:36Z

Indeed Snyk has revoked the report as this was a false positive https://security.snyk.io/vuln/SNYK-JS-MUIUTILS-7231125

[utils] Fix GitHub-reported prototype pollution vulnerability in `dee…

ee8a57b

…pmerge` (mui#41652)

DiegoAndai added package: utils Specific to the utils package. security Pull requests that address a security vulnerability. cherry-pick The PR was cherry-picked from the newer alpha/beta/stable branch. labels Jun 10, 2024

DiegoAndai requested review from Janpot and mnajdova June 10, 2024 19:21

DiegoAndai self-assigned this Jun 10, 2024

Janpot approved these changes Jun 10, 2024

View reviewed changes

oliviertassinari added type: bug It doesn't behave as expected. and removed security Pull requests that address a security vulnerability. labels Jun 10, 2024

DiegoAndai merged commit fab86c8 into mui:master Jun 11, 2024

DiegoAndai deleted the cherry-pick-41652 branch June 11, 2024 12:54

DiegoAndai mentioned this pull request Jun 11, 2024

[release] v5.15.20 #42617

Merged

1 task

JamesUoM mentioned this pull request Jul 3, 2024

[Snyk] Upgrade @mui/material from 5.15.19 to 5.15.20 UoM-Podcast/opencast-editor#7

Open

azeemyoonus mentioned this pull request Jul 4, 2024

[Snyk] Upgrade @mui/icons-material from 5.15.19 to 5.15.20 azeemyoonus/authelia#5

Open

This was referenced Jul 4, 2024

[Snyk] Upgrade @mui/material from 5.14.3 to 5.15.20 RTHariSankar/CURRICULUM-TRACKER#279

Open

[Snyk] Upgrade @mui/icons-material from 5.14.3 to 5.15.20 RTHariSankar/CURRICULUM-TRACKER#280

Open

This was referenced Jul 4, 2024

[Snyk] Upgrade @mui/material from 5.4.1 to 5.15.20 DanneelsSophie/events#934

Open

[Snyk] Upgrade @mui/icons-material from 5.4.1 to 5.15.20 DanneelsSophie/events#936

Open

This was referenced Jul 4, 2024

[Snyk] Upgrade @mui/icons-material from 5.15.18 to 5.15.20 jcowens/vite-weather-app#7

Open

[Snyk] Upgrade @mui/material from 5.15.19 to 5.15.20 jcowens/vite-weather-app#8

Merged

heliumtank92 mentioned this pull request Jul 4, 2024

[Snyk] Upgrade @mui/material from 5.14.20 to 5.15.20 heliumtank92/am92-react-design-system#12

Open

OOCAZ mentioned this pull request Jul 4, 2024

[Snyk] Upgrade @mui/icons-material from 5.15.18 to 5.15.20 OOCAZ/openhand-online-server#121

Closed

abjerry97 mentioned this pull request Jul 4, 2024

[Snyk] Upgrade @mui/icons-material from 5.15.15 to 5.15.20 abjerry97/ubelle#5

Open

nachodev-ui mentioned this pull request Jul 4, 2024

[Snyk] Upgrade @mui/material from 5.13.1 to 5.15.20 nachodev-ui/LI-Frontend#206

Open

This was referenced Jul 4, 2024

[Snyk] Upgrade @mui/icons-material from 5.15.19 to 5.15.20 leoo1992/GeradorQRCode#45

Closed

[Snyk] Upgrade @mui/system from 5.15.15 to 5.15.20 leoo1992/GeradorQRCode#46

Closed

This was referenced Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.4.1 to 5.16.1 DanneelsSophie/events#971

Open

[Snyk] Upgrade @mui/icons-material from 5.4.1 to 5.16.1 DanneelsSophie/events#973

Open

kazimanzurrashid mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.15.19 to 5.16.1 kazimanzurrashid/consents-react-ui#282

Open

Type-Style mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.15.20 to 5.16.1 Type-Style/LOREX#99

Closed

This was referenced Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.10.4 to 5.16.1 mbreadmachine/arany-d-osztaly-weboldal#13

Closed

[Snyk] Upgrade @mui/icons-material from 5.10.6 to 5.16.1 mbreadmachine/arany-d-osztaly-weboldal#14

Closed

nachodev-ui mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.13.1 to 5.16.1 nachodev-ui/LI-Frontend#214

Open

This was referenced Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.10.6 to 5.16.1 aqibawan12/Web-app#365

Open

[Snyk] Upgrade @mui/icons-material from 5.8.4 to 5.16.1 aqibawan12/Web-app#366

Open

mattboddy47 mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/icons-material from 5.11.0 to 5.16.1 mattboddy47/epic_threat_model#144

Open

Poseidon-G mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.5.0 to 5.16.1 Poseidon-G/generate-tool-fe#283

Open

This was referenced Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.14.18 to 5.16.1 sergivj/Blog-Django-React#124

Open

[Snyk] Upgrade @mui/icons-material from 5.14.18 to 5.16.1 sergivj/Blog-Django-React#125

Open

sufi0900 mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/icons-material from 5.11.0 to 5.16.1 sufi0900/old-version-of-portfolio#219

Open

loka-capco mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.10.1 to 5.16.1 capcodigital/engineering-website#353

Open

This was referenced Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.4.1 to 5.16.1 Crushoverride007/Project-Sigma#452

Open

[Snyk] Upgrade @mui/icons-material from 5.4.1 to 5.16.1 Crushoverride007/Project-Sigma#453

Open

sumn2u mentioned this pull request Aug 2, 2024

[Snyk] Upgrade @mui/icons-material from 5.15.20 to 5.16.1 sumn2u/annotate-lab#188

Open

This was referenced Aug 2, 2024

[Snyk] Upgrade @mui/material from 5.2.2 to 5.16.1 NOUIY/cloud#4068

Open

[Snyk] Upgrade @mui/icons-material from 5.2.0 to 5.16.1 NOUIY/cloud#4069

Open

This was referenced Aug 3, 2024

[Snyk] Upgrade @mui/material from 5.14.11 to 5.16.1 TeamProductionSystem/Momentors_Frontend#551

Open

[Snyk] Upgrade @mui/icons-material from 5.14.11 to 5.16.1 TeamProductionSystem/Momentors_Frontend#552

Open

This was referenced Aug 4, 2024

[Snyk] Upgrade @mui/material from 5.10.15 to 5.16.1 NadicaUzunova/ZimskaSola2024#3

Open

[Snyk] Upgrade @mui/icons-material from 5.10.15 to 5.16.1 NadicaUzunova/ZimskaSola2024#4

Open

This was referenced Aug 5, 2024

[Snyk] Upgrade @mui/material from 5.9.3 to 5.16.1 NaweenDilshan/SSD_EsayBuy#31

Open

[Snyk] Upgrade @mui/icons-material from 5.8.4 to 5.16.1 NaweenDilshan/SSD_EsayBuy#32

Open

Crushoverride007 mentioned this pull request Aug 6, 2024

[Snyk] Upgrade @mui/material from 5.4.1 to 5.16.1 Crushoverride007/Project-Sigma#455

Open

DanneelsSophie mentioned this pull request Aug 6, 2024

[Snyk] Upgrade @mui/material from 5.4.1 to 5.16.1 DanneelsSophie/events#976

Open

loka-capco mentioned this pull request Aug 6, 2024

[Snyk] Upgrade @mui/material from 5.10.1 to 5.16.1 capcodigital/engineering-website#354

Open

FaroukAmr mentioned this pull request Aug 6, 2024

[Snyk] Upgrade @mui/material from 5.10.13 to 5.16.1 FaroukAmr/Web-Application#1094

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[cherry-pick][utils] Fix GitHub-reported prototype pollution vulnerability in `deepmerge` (#41652) #42608

[cherry-pick][utils] Fix GitHub-reported prototype pollution vulnerability in `deepmerge` (#41652) #42608

Uh oh!

DiegoAndai commented Jun 10, 2024

Uh oh!

mui-bot commented Jun 10, 2024 •

edited

Loading

Uh oh!

oliviertassinari commented Jun 10, 2024 •

edited

Loading

Uh oh!

tjcouch-sil commented Jun 18, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Uh oh!

[cherry-pick][utils] Fix GitHub-reported prototype pollution vulnerability in deepmerge (#41652) #42608

[cherry-pick][utils] Fix GitHub-reported prototype pollution vulnerability in deepmerge (#41652) #42608

Uh oh!

Conversation

DiegoAndai commented Jun 10, 2024

Uh oh!

mui-bot commented Jun 10, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Netlify deploy preview

Bundle size report

Uh oh!

oliviertassinari commented Jun 10, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

tjcouch-sil commented Jun 18, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

[cherry-pick][utils] Fix GitHub-reported prototype pollution vulnerability in `deepmerge` (#41652) #42608

[cherry-pick][utils] Fix GitHub-reported prototype pollution vulnerability in `deepmerge` (#41652) #42608

mui-bot commented Jun 10, 2024 •

edited

Loading

oliviertassinari commented Jun 10, 2024 •

edited

Loading