Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: vue, , , , , , , axios, d3, ejs, express, express-rate-limit, file-type, libxmljs2, linguist-js, minimatch, open-graph-scraper, puppeteer, sanitize-html, simple-git, svgo, xml-formatter #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Thompson1985
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

vue
from 2.7.14 to 2.7.16 | 4 versions ahead of your current version | 9 months ago
on 2023-12-24
@faker-js/faker
from 8.0.2 to 8.4.1 | 6 versions ahead of your current version | 7 months ago
on 2024-02-08
@googlemaps/google-maps-services-js
from 3.3.38 to 3.4.0 | 5 versions ahead of your current version | 5 months ago
on 2024-04-09
@octokit/graphql
from 7.0.1 to 7.1.0 | 2 versions ahead of your current version | 5 months ago
on 2024-04-05
@octokit/rest
from 20.0.1 to 20.1.1 | 3 versions ahead of your current version | 4 months ago
on 2024-05-03
@primer/css
from 21.0.9 to 21.3.6 | 51 versions ahead of your current version | 2 months ago
on 2024-07-09
@primer/octicons
from 19.7.0 to 19.11.0 | 4 versions ahead of your current version | 2 months ago
on 2024-07-11
axios
from 1.5.0 to 1.7.5 | 19 versions ahead of your current version | 22 days ago
on 2024-08-23
d3
from 7.8.5 to 7.9.0 | 1 version ahead of your current version | 6 months ago
on 2024-03-12
ejs
from 3.1.9 to 3.1.10 | 1 version ahead of your current version | 5 months ago
on 2024-04-12
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-rate-limit
from 7.0.0 to 7.4.0 | 12 versions ahead of your current version | 2 months ago
on 2024-07-23
file-type
from 18.5.0 to 18.7.0 | 2 versions ahead of your current version | 10 months ago
on 2023-11-11
libxmljs2
from 0.32.0 to 0.35.0 | 2 versions ahead of your current version | 2 months ago
on 2024-07-27
linguist-js
from 2.6.1 to 2.7.1 | 3 versions ahead of your current version | 4 months ago
on 2024-05-08
minimatch
from 9.0.3 to 9.0.5 | 2 versions ahead of your current version | 3 months ago
on 2024-06-25
open-graph-scraper
from 6.2.2 to 6.8.0 | 17 versions ahead of your current version | a month ago
on 2024-08-17
puppeteer
from 21.2.1 to 21.11.0 | 21 versions ahead of your current version | 7 months ago
on 2024-02-02
sanitize-html
from 2.11.0 to 2.13.0 | 3 versions ahead of your current version | 6 months ago
on 2024-03-20
simple-git
from 3.19.1 to 3.25.0 | 6 versions ahead of your current version | 3 months ago
on 2024-06-10
svgo
from 3.0.2 to 3.3.2 | 8 versions ahead of your current version | 4 months ago
on 2024-05-09
xml-formatter
from 3.5.0 to 3.6.3 | 4 versions ahead of your current version | 2 months ago
on 2024-07-07

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459
66 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
66 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
66 Proof of Concept
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459
66 Proof of Concept
high severity Prototype Pollution
SNYK-JS-AXIOS-6144788
66 No Known Exploit
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793
66 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
66 Proof of Concept
medium severity Information Exposure
SNYK-JS-SANITIZEHTML-6256334
66 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857
66 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
66 Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
66 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857
66 Proof of Concept
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533
66 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
66 No Known Exploit
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
66 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
66 Proof of Concept
low severity Improper Authorization
SNYK-JS-UNDICI-6564964
66 No Known Exploit
low severity Information Exposure
SNYK-JS-UNDICI-5962466
66 No Known Exploit
low severity Permissive Cross-domain Policy with Untrusted Domains
SNYK-JS-UNDICI-6252336
66 No Known Exploit
low severity Improper Access Control
SNYK-JS-UNDICI-6564963
66 No Known Exploit
Release notes
Package name: vue
  • 2.7.16 - 2023-12-24
  • 2.7.16-beta.2 - 2023-12-14
  • 2.7.16-beta.1 - 2023-12-08
  • 2.7.15 - 2023-10-23
  • 2.7.14 - 2022-11-09
from vue GitHub release notes
Package name: @faker-js/faker

Snyk has created this PR to upgrade:
  - vue from 2.7.14 to 2.7.16.
    See this package in npm: https://www.npmjs.com/package/vue
  - @faker-js/faker from 8.0.2 to 8.4.1.
    See this package in npm: https://www.npmjs.com/package/@faker-js/faker
  - @googlemaps/google-maps-services-js from 3.3.38 to 3.4.0.
    See this package in npm: https://www.npmjs.com/package/@googlemaps/google-maps-services-js
  - @octokit/graphql from 7.0.1 to 7.1.0.
    See this package in npm: https://www.npmjs.com/package/@octokit/graphql
  - @octokit/rest from 20.0.1 to 20.1.1.
    See this package in npm: https://www.npmjs.com/package/@octokit/rest
  - @primer/css from 21.0.9 to 21.3.6.
    See this package in npm: https://www.npmjs.com/package/@primer/css
  - @primer/octicons from 19.7.0 to 19.11.0.
    See this package in npm: https://www.npmjs.com/package/@primer/octicons
  - axios from 1.5.0 to 1.7.5.
    See this package in npm: https://www.npmjs.com/package/axios
  - d3 from 7.8.5 to 7.9.0.
    See this package in npm: https://www.npmjs.com/package/d3
  - ejs from 3.1.9 to 3.1.10.
    See this package in npm: https://www.npmjs.com/package/ejs
  - express from 4.18.2 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - express-rate-limit from 7.0.0 to 7.4.0.
    See this package in npm: https://www.npmjs.com/package/express-rate-limit
  - file-type from 18.5.0 to 18.7.0.
    See this package in npm: https://www.npmjs.com/package/file-type
  - libxmljs2 from 0.32.0 to 0.35.0.
    See this package in npm: https://www.npmjs.com/package/libxmljs2
  - linguist-js from 2.6.1 to 2.7.1.
    See this package in npm: https://www.npmjs.com/package/linguist-js
  - minimatch from 9.0.3 to 9.0.5.
    See this package in npm: https://www.npmjs.com/package/minimatch
  - open-graph-scraper from 6.2.2 to 6.8.0.
    See this package in npm: https://www.npmjs.com/package/open-graph-scraper
  - puppeteer from 21.2.1 to 21.11.0.
    See this package in npm: https://www.npmjs.com/package/puppeteer
  - sanitize-html from 2.11.0 to 2.13.0.
    See this package in npm: https://www.npmjs.com/package/sanitize-html
  - simple-git from 3.19.1 to 3.25.0.
    See this package in npm: https://www.npmjs.com/package/simple-git
  - svgo from 3.0.2 to 3.3.2.
    See this package in npm: https://www.npmjs.com/package/svgo
  - xml-formatter from 3.5.0 to 3.6.3.
    See this package in npm: https://www.npmjs.com/package/xml-formatter

See this project in Snyk:
https://app.snyk.io/org/thompson1985/project/9a9ecfc7-8e88-4c4d-9874-f16a7b219b55?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants