Skip to content
This repository has been archived by the owner on Apr 6, 2024. It is now read-only.

[Snyk] Fix for 11 vulnerabilities #35

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

CFenner
Copy link
Member

@CFenner CFenner commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
Yes Proof of Concept
high severity 624/1000
Why? Has a fix available, CVSS 8.2
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
Yes No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
Yes No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5
Arbitrary File Write
SNYK-JS-TAR-1579147
Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5
Arbitrary File Write
SNYK-JS-TAR-1579152
Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5
Arbitrary File Write
SNYK-JS-TAR-1579155
Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint The new version differs by 242 commits.
  • 80b8d5d 5.5.0
  • b68e403 Build: changelog update for 5.5.0
  • 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
  • 5103ee7 Docs: Add Brackets integration (#10813)
  • b61d2cd Update: max-params to only highlight function header (#10815)
  • 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
  • 2824d43 Docs: fix comment placement in a code example (#10799)
  • 10690b7 Upgrade: devdeps and deps to latest (#10622)
  • 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
  • cb946af Chore: use meta.messages in some rules (1/4) (#10764)
  • a857cd9 5.4.0
  • 8dee250 Build: changelog update for 5.4.0
  • a70909f Docs: Add jscs-dev.github.io links (#10771)
  • 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
  • 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
  • 985567d Chore: rm unused dep string.prototype.matchall (#10756)
  • f3d8454 Update: Improve no-extra-parens error message (#10748)
  • 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
  • 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
  • 137140f Chore: use eslintrc overrides (#10677)
  • 2af6f4f 5.3.0
  • 11e70c7 Build: changelog update for 5.3.0
  • dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
  • 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: mqtt The new version differs by 138 commits.
  • cc82753 Merge pull request #1291 from mqttjs/release_6_21_2021
  • e6fc579 release: 4.2.7
  • 6d817af Merge pull request #1209 from nosovk/patch-3
  • 185307e Merge pull request #1224 from cameronelliott/master
  • c8cebbf Merge pull request #1256 from nmggithub/master
  • f3401a7 Update client-options.d.ts
  • 6308dea Merge branch 'master' into master
  • be17dd7 Merge pull request #1236 from ogis-yamazaki/fix_multi_protocol_test_mechanism
  • 949e22a remove 10.x from gate
  • 71dae75 Merge pull request #1249 from bkp7/bkp7-typescript-changes
  • 59d257a Merge pull request #1239 from ogis-yamazaki/fix_close_websocket_stream
  • 0725798 Merge pull request #1266 from simnalamburt/duplexify
  • acb6117 Merge branch 'master' into duplexify
  • a9d269b Merge pull request #1289 from LaurentGoderre/fix-production-vulnerability
  • 8ef5ffc Fix production vulnerability
  • 845561e Add missing 'duplexify' dependency
  • d93c193 The stream's _writableState may still be false when the WebSocket close event occurs.
  • 51c5c02 improved type definition for 'wsOptions'
  • 61bcbe6 fix missing event types
  • 2203585 reverse out changes to client.d.ts
  • 063aa31 change reference to mqtt-packet v6.8.0
  • 746c0bc Improved TypeScript declarations for userProperties
  • e04e0f8 fix #1235, WebSocket client does not emit close event when disconnected from the server side.
  • 4bd3f3c fix multi protocol test mechanism.

See the full diff

Package name: sqlite3 The new version differs by 250 commits.
  • 573784b v5.0.3
  • e5a24fd Deleted `examples/` folder
  • b05f459 Added note about GitHub Releases to CHANGELOG.md
  • 33d0656 Modernised Usage example in README
  • 9d05c55 Fixed up more README nits
  • 08d6319 Fixed link to API docs
  • 0e2235a Altered wording in README
  • 76b6c56 Altered README header
  • e3df365 Updated README
  • 426930f Enabled CI to run when pushing tags
  • a21d41f Fixed uploading binaries to commit artifacts
  • bc978c7 Fixed CI step wording
  • 7f744a1 Added prebuilt binaries via GitHub Releases
  • b4b3c3a Deleted `scripts/` directory
  • 71bbdea Pinned dev dependencies (#1558)
  • a597383 Updated badges in README
  • 0eb4a0f Deleted Travis and Appveyor configs
  • b58d341 Downgraded `mocha` and `eslint`
  • f39b10d Added missing Node versions to CI
  • 8db96d4 Replaced Python extraction script with JS (#1570)
  • 11c988c Fixed Windows build architecture in CI
  • 8e63848 Updated Windows CI runner to `windows-latest`
  • d9e7d8b Fixed building on MacOS Monterey 12.3
  • 859b95b Updated `node-gyp` to v8.x

See the full diff

Package name: watchify The new version differs by 9 commits.
  • 7b27a3c 4.0.0
  • 5d4842a bump deps (#380)
  • b840f29 disable package-lock.json
  • bae5e02 update chokidar and anymatch (#378)
  • 3445775 ci: use github actions (#379)
  • f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" (#369)
  • bd2f677 ci: run on more node versions
  • 563a90d Merge pull request #367 from Trott/update-readme-badge
  • bb2b429 chore: Fix Travis-CI badge in readme.markdown

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Arbitrary File Overwrite
🦉 More lessons are available in Snyk Learn

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants