Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade lighthouse from 3.2.1 to 9.4.0 #101

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade lighthouse from 3.2.1 to 9.4.0 #101

wants to merge 1 commit into from

Conversation

karencapiiro
Copy link

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • scripts/bench/package.json
  • scripts/bench/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		   44  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

@snyk-bot
fix: scripts/bench/package.json & scripts/bench/yarn.lock to reduce v…
f3bba71 
…ulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
@rafikmojr
Copy link
Collaborator

Logo
Checkmarx One – Scan Summary & Details69beaead-c3cc-4dce-be31-6dabcd265d17

New Issues

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2023-4860 Npm-electron-23.1.2 Vulnerable Package
CRITICAL CVE-2024-40643 Npm-htmlparser2-3.3.0 Vulnerable Package
CRITICAL CVE-2024-40643 Npm-htmlparser2-3.10.1 Vulnerable Package
CRITICAL CVE-2024-4559 Npm-electron-23.1.2 Vulnerable Package
CRITICAL CVE-2024-4671 Npm-electron-23.1.2 Vulnerable Package
CRITICAL CVE-2024-7024 Npm-electron-23.1.2 Vulnerable Package
CRITICAL CVE-2024-7025 Npm-electron-23.1.2 Vulnerable Package
CRITICAL CVE-2024-9369 Npm-electron-23.1.2 Vulnerable Package
CRITICAL CVE-2024-9370 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2022-21213 Npm-mout-1.1.0 Vulnerable Package
HIGH CVE-2022-37620 Npm-html-minifier-3.5.6 Vulnerable Package
HIGH CVE-2022-37620 Npm-html-minifier-3.5.21 Vulnerable Package
HIGH CVE-2022-37620 Npm-html-minifier-3.5.3 Vulnerable Package
HIGH CVE-2022-37620 Npm-html-minifier-3.2.3 Vulnerable Package
HIGH CVE-2023-7010 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2023-7012 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-2176 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-29415 Npm-ip-1.1.5 Vulnerable Package
HIGH CVE-2024-3156 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3158 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3159 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3168 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3169 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3170 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3171 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3172 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3173 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3174 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3176 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-8.12.0 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-7.5.9 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-6.2.2 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-7.5.5 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-7.2.3 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-8.13.0 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-8.5.0 Vulnerable Package
HIGH CVE-2024-37890 Npm-ws-7.2.1 Vulnerable Package
HIGH CVE-2024-3832 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3834 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3837 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-3914 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4058 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4059 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4060 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4068 Npm-braces-2.3.2 Vulnerable Package
HIGH CVE-2024-4068 Npm-braces-1.8.5 Vulnerable Package
HIGH CVE-2024-4068 Npm-braces-3.0.2 Vulnerable Package
HIGH CVE-2024-4331 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4368 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-45296 Npm-path-to-regexp-0.1.7 Vulnerable Package
HIGH CVE-2024-45296 Npm-path-to-regexp-1.7.0 Vulnerable Package
HIGH CVE-2024-45296 Npm-path-to-regexp-1.8.0 Vulnerable Package
HIGH CVE-2024-4558 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-45590 Npm-body-parser-1.18.2 Vulnerable Package
HIGH CVE-2024-45590 Npm-body-parser-1.19.0 Vulnerable Package
HIGH CVE-2024-45590 Npm-body-parser-1.20.2 Vulnerable Package
HIGH CVE-2024-45590 Npm-body-parser-1.20.1 Vulnerable Package
HIGH CVE-2024-4761 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4947 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4948 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-4950 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5157 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5158 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5159 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5160 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5274 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5493 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5494 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5495 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5496 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5497 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5498 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5499 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5830 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5831 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5832 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5833 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5834 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5835 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5836 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5837 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5838 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5841 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5842 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5844 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5845 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5846 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-5847 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6100 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6101 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6102 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6103 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6290 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6291 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6292 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6293 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6772 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6773 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6774 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6775 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6776 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6777 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6778 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6779 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6988 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6989 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6990 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6991 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6994 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6997 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-6998 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7000 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7018 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7022 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7023 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7255 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7256 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7532 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7533 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7534 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7535 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7536 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7550 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7964 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7965 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7966 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7967 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7968 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7969 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7970 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7971 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7972 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7973 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7974 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7977 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7979 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-7980 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8193 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8194 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8198 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8362 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8636 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8637 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8638 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8639 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8904 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-8905 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-9120 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-9121 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-9122 Npm-electron-23.1.2 Vulnerable Package
HIGH CVE-2024-9123 Npm-electron-23.1.2 Vulnerable Package
HIGH Cx636032b1-ebe2 Npm-electron-23.1.2 Vulnerable Package
HIGH Cxcd847ba7-2310 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2020-8244 Npm-bl-1.2.1 Vulnerable Package
MEDIUM CVE-2020-8244 Npm-bl-3.0.0 Vulnerable Package
MEDIUM CVE-2023-7011 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2023-7013 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2023-7281 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2023-7282 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-1674 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-2884 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-29049 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3175 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3833 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3838 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3839 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3840 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3841 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3843 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3844 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3845 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3846 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-3847 Npm-electron-23.1.2 Vulnerable Package
MEDIUM CVE-2024-38999 Npm-requirejs-2.3.5 Vulnerable Package
MEDIUM CVE-2024-4067 Npm-micromatch-4.0.4

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@karencapiiro @rafikmojr @snyk-bot