Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 28 vulnerabilities #185

Open
wants to merge 25 commits into
base: main
Choose a base branch
from

Conversation

B020239
Copy link
Owner

@B020239 B020239 commented Jun 30, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 464/1000
Why? Has a fix available, CVSS 5
Improper Input Validation
SNYK-JS-ACTIONSCORE-2980270
No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Prototype Pollution
SNYK-JS-AJV-584908
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-AWSSDK-1059424
No Proof of Concept
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
No Proof of Concept
low severity 344/1000
Why? Has a fix available, CVSS 2.6
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
No No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Open Redirect
SNYK-JS-GOT-2932019
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-LOADERUTILS-3043105
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASH-1040724
No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
Information Exposure
SNYK-JS-NODEFETCH-2342118
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Poisoning
SNYK-JS-QS-3153490
No Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept
medium severity 536/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1047770
No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1584358
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1585624
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-2824151
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIM-1017038
Yes Proof of Concept
high severity 736/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.3
Sandbox Bypass
SNYK-JS-WEBPACK-3358798
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Prototype Pollution
SNYK-JS-XML2JS-5414874
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ajv The new version differs by 111 commits.

See the full diff

Package name: aws-sdk The new version differs by 250 commits.

See the full diff

Package name: copy-webpack-plugin The new version differs by 40 commits.

See the full diff

Package name: domwaiter The new version differs by 8 commits.

See the full diff

Package name: eslint-plugin-import The new version differs by 181 commits.
  • b0131d2 Bump to v2.25.0
  • 7463de2 utils: v2.7.0
  • 900ac9a [resolvers/webpack] [deps] update `is-core-module`
  • c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
  • 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
  • 62e2d88 [New] Support `eslint` v8
  • 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
  • dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
  • 4f0f560 [Docs] `no-namespace`: fix a typo
  • 430d16c [Tests] eslint-import-resolver-typescript@1.0.2 doesn't resolve .js
  • 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
  • 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
  • 471790f [Tests] fix skip usage
  • fd85369 [Tests] skip failing test on eslint < 6 + node < 8
  • 64423e9 [Tests] add passing test for export-star
  • 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
  • 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
  • 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
  • 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
  • 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
  • 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
  • 7c382f0 [New] `no-unused-modules`: support dynamic imports
  • 7579748 [utils] [new] add `visit`, to support dynamic imports
  • 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option

See the full diff

Package name: express The new version differs by 117 commits.
  • 3d7fce5 4.17.3
  • f906371 build: update example dependencies
  • 6381bc6 deps: qs@6.9.7
  • a007863 deps: body-parser@1.19.2
  • e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
  • a659137 tests: use strict mode
  • a39e409 tests: prevent leaking changes to NODE_ENV
  • 82de4de examples: fix path traversal in downloads example
  • 12310c5 build: use nyc for test coverage
  • 884657d examples: remove bitwise syntax for includes check
  • 7511d08 build: use minimatch@3.0.4 for Node.js < 4
  • 2585f20 tests: fix test missing assertion
  • 9d09762 build: supertest@6.2.2
  • 43cc56e build: clean up gitignore
  • 1c7bbcc build: Node.js@14.19
  • 9cbbc8a deps: cookie@0.4.2
  • 6fbc269 pref: remove unnecessary regexp for trust proxy
  • 2bc734a deps: accepts@~1.3.8
  • 89bb531 docs: fix typo in res.download jsdoc
  • 744564f tests: add test for multiple ips in "trust proxy"
  • da6cb0e tests: add range tests to res.download
  • 00ad5be tests: add more tests for app.request & app.response
  • 141914e tests: fix tests that did not bubble errors
  • bd4fdfe tests: remove global dependency on should

See the full diff

Package name: got The new version differs by 250 commits.

See the full diff

Package name: hubdown The new version differs by 37 commits.

See the full diff

Package name: husky The new version differs by 58 commits.

See the full diff

Package name: jest The new version differs by 250 commits.

See the full diff

Package name: linkinator The new version differs by 141 commits.

See the full diff

Package name: lodash The new version differs by 1 commits.

See the full diff

Package name: node-fetch The new version differs by 7 commits.

See the full diff

Package name: nodemon The new version differs by 95 commits.

See the full diff

Package name: pa11y-ci The new version differs by 21 commits.
  • efad302 Fix minimum node version in README
  • 28f161a Version 3.0.0
  • 52fd274 Fix error with absolute paths on ...

snyk-bot and others added 25 commits December 26, 2020 10:13
…48f8f83

[Snyk] Fix for 2 vulnerabilities
…1d2c531

[Snyk] Security upgrade webpack from 4.44.0 to 5.0.0
…c84012d5

[Snyk] Security upgrade debian from 9.5-slim to 9.13-slim
…159d27c5

[Snyk] Security upgrade debian from 9.5-slim to stretch-20210621-slim
…5c3c3bf8

[Snyk] Security upgrade debian from stretch-20210621-slim to 10-slim
…c99f2b6a

[Snyk] Fix for 12 vulnerabilities
…47ad8496

[Snyk] Security upgrade debian from 9.5-slim to stretch-slim
…addf26c05

[Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim
…16556dfed

[Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim
…c63c0e6a1

[Snyk] Fix for 15 vulnerabilities
…5cbffdcc0

[Snyk] Fix for 17 vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
…74397274f

[Snyk] Security upgrade linkinator from 2.2.2 to 4.0.0
@B020239 B020239 force-pushed the main branch 2 times, most recently from 8ff769d to 8e324de Compare July 2, 2023 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants