[Snyk] Upgrade adm-zip from 0.4.16 to 0.5.12

[snyk-io]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade adm-zip from 0.4.16 to 0.5.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.

• The recommended version was released 2 months ago, on 2024-03-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Directory Traversal SNYK-JS-ADMZIP-1065796	195/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1192, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.63, Likelihood: 2.26, Score Version: V5	No Known Exploit
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	195/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1192, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.63, Likelihood: 2.26, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: adm-zip

• 0.5.12 - 2024-03-14
  

  Fixed extraction error

• 0.5.11 - 2024-03-13
  

  Add support for Info-Zip password check spec for ZipCrypto @ lukemalcolm
  Extraction of password protected zip entries @ Santa77
  Fixed unnecessary scanning a local file headers (except in the case of corrupted archives) @ likev

• 0.5.10 - 2022-12-20
  

  Add Unix mode attribute even when archive is created from Windows
  Fixed an issue where addLocalFolderAsync causes stack overflow when a lot of files are filtered
  Support to unzip symlinks
  Fix parameter initialization bug of extractAllToAsync
  Allow for custom stat or permissions value in addLocalFolder
  Various small fixes and tests

• 0.5.9 - 2021-10-07
• 0.5.8 - 2021-10-07
• 0.5.7 - 2021-10-01
• 0.5.6 - 2021-09-12
  No content.
• 0.5.5 - 2021-03-31
  

  v0.5.5

• 0.5.4 - 2021-03-08
  

  v0.5.4

• 0.5.3 - 2021-02-18
  

  npm v0.5.3

• 0.5.2 - 2021-01-27
  

  v0.5.1

• 0.5.1 - 2020-11-27
  

  npm v0.5.1

• 0.5.0 - 2020-11-19
  

  npm v0.5.0

• 0.4.16 - 2020-06-23

from adm-zip GitHub release notes

Commit messages

Package name: adm-zip

• bd83f19 Fixed extraction bug
• 4a684a2 Updated package version
• 71a1035 Merge pull request Illegal import errors when using OpenZeppelin Contracts on Windows NomicFoundation/hardhat#437 from Autokaka/master
• a366095 Merge pull request Support N-arity (multi-valued) params for tasks? NomicFoundation/hardhat#449 from yfdyh000/pr-fixExtra
• d95c063 Merge pull request Improve Buidler EVM's invalid nonce error message NomicFoundation/hardhat#451 from likev/patch-1
• a8f7168 Merge pull request Fix bug in the compilation cache NomicFoundation/hardhat#457 from Santa77/master
• 54c3817 Merge pull request buidler-core: move '--recursive' files opt from 'mocha.opts' to 'pack… NomicFoundation/hardhat#472 from 10bitFX/info-zip-password
• 1bfa3bb Additional test for Info-Zip generated ZipCrypto encrypted file. Relates to Issue 471.
• e1cddb3 Add support for Info-Zip password check spec for ZipCrypto. (Uses high byte of header modified time, rather than crc). Updates current tests to handle.
• 10242c3 Merge pull request Stack traces unable to handle nodeType of FunctionTypeName NomicFoundation/hardhat#469 from kibertoad/chore/ga
• 1ca6ab8 Add GitHub Actions
• 7b6ed9d Extraction of password protected zip entries
• ecfe95b Merge pull request [ImgBot] Optimize images #1 from likev/patch-2
• a137863 Scanning a local file headers is not necessary
• ee5f98a Update entryHeader.js
• 8533d67 fix extra data lost when write zip
• 220a3d6 fix: throw empty error in extractAllToAsync on operation done
• 9e52c3f Bump up package version
• 22f1f76 Merge pull request OutOfGas takes very long NomicFoundation/hardhat#435 from cthackers/dependabot/npm_and_yarn/minimatch-3.1.2
• 690e4a2 Bump minimatch from 3.0.4 to 3.1.2
• 5f60b43 Merge pull request Plugin to integrate Waffle NomicFoundation/hardhat#434 from cthackers/dependabot/npm_and_yarn/nanoid-and-mocha-3.3.3
• c535b0b Bump nanoid and mocha
• 05c25b1 Merge pull request usePlugin throws a cryptic error if the plugin's main doesn't exist NomicFoundation/hardhat#432 from cthackers/dependabot/npm_and_yarn/ansi-regex-3.0.1
• c6023e7 Merge pull request Require eslint formatters from solhint's eslint NomicFoundation/hardhat#400 from xfournet/fix-unix-mode

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.