Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade node-sass from 4.13.0 to 9.0.0 #121

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

adamlaska
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 16 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Prototype Pollution
SNYK-JS-LODASH-567746
  731  
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
  696  
high severity Prototype Poisoning
SNYK-JS-QS-3153490
  696  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
  696  
high severity Prototype Pollution
SNYK-JS-LODASH-608086
  686  
high severity Prototype Pollution
SNYK-JS-Y18N-1021887
  686  
high severity Code Injection
SNYK-JS-LODASH-1040724
  681  
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922
  644  
high severity Prototype Pollution
SNYK-JS-AJV-584908
  619  
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
  601  
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381
  601  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
  586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
  586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
  586  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
  506  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
  479  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection

Copy link

google-cla bot commented Jul 23, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@gar/promisify@1.1.3 None 0 4.2 kB gar
npm/@npmcli/fs@2.1.2 filesystem 0 38.9 kB gar
npm/@npmcli/move-file@2.0.1 filesystem 0 8.73 kB gar
npm/@tootallnate/once@2.0.0 None 0 16.3 kB tootallnate
npm/@types/minimist@1.2.5 None 0 6.27 kB types
npm/@types/normalize-package-data@2.4.4 None 0 5.81 kB types
npm/agent-base@4.2.1 network 0 35 kB tootallnate
npm/agentkeepalive@4.5.0 network 0 43.7 kB fengmk2
npm/aggregate-error@3.1.0 None 0 6.69 kB sindresorhus
npm/ajv@5.5.2 eval 0 2.09 MB esp
npm/aproba@2.0.0 None 0 8.05 kB iarna
npm/are-we-there-yet@3.0.1 None 0 14.3 kB lukekarrys
npm/async@1.0.0 None 0 99.4 kB aearly
npm/bluebird@3.5.2 environment, eval 0 620 kB esailija
npm/cacache@16.1.3 filesystem 0 73.5 kB lukekarrys
npm/chownr@2.0.0 filesystem 0 5.75 kB isaacs
npm/clean-stack@2.2.0 None 0 5.51 kB sindresorhus
npm/cliui@8.0.1 None 0 32.3 kB oss-bot
npm/co@4.6.0 None 0 16 kB jongleberry
npm/color-support@1.1.3 None 0 9.23 kB isaacs
npm/colors@1.0.3 None 0 109 kB marak
npm/combined-stream@1.0.7 None 0 11.1 kB alexindigo
npm/cycle@1.0.3 None 0 8.1 kB dscape
npm/debug@3.2.5 environment 0 79.5 kB qix
npm/encoding@0.1.13 None +1 356 kB andris
npm/env-paths@2.2.1 None 0 10.2 kB sindresorhus
npm/err-code@2.0.3 None 0 12.3 kB achingbrain
npm/es6-promise@4.2.5 None 0 318 kB stefanpenner
npm/escalade@3.1.2 filesystem 0 11.6 kB lukeed
npm/eyes@0.1.8 None 0 14 kB indexzero
npm/fast-deep-equal@1.1.0 None 0 5.25 kB esp
npm/form-data@2.3.2 filesystem, network +1 41.2 kB alexindigo
npm/fs-minipass@2.1.0 filesystem 0 14.1 kB isaacs
npm/function-bind@1.1.2 None 0 31.4 kB ljharb
npm/gauge@4.0.4 None 0 43.2 kB gar
npm/get-caller-file@2.0.5 None 0 4.72 kB stefanpenner
npm/graceful-fs@4.2.11 environment, filesystem 0 32.5 kB isaacs
npm/har-validator@5.1.0 None 0 8.28 kB ahmadnassri
npm/hard-rejection@2.1.0 None 0 5.14 kB sindresorhus
npm/hasown@2.0.2 None 0 8.77 kB ljharb
npm/http-cache-semantics@4.1.1 None 0 35.9 kB kornel
npm/http-proxy-agent@5.0.0 network 0 17.1 kB tootallnate
npm/https-proxy-agent@2.2.1 network 0 27.6 kB tootallnate
npm/humanize-ms@1.2.1 None 0 3.66 kB dead_horse
npm/infer-owner@1.0.4 filesystem 0 4.29 kB isaacs
npm/ip-address@9.0.5 None 0 177 kB beaugunderson
npm/is-core-module@2.15.0 None 0 31.5 kB ljharb
npm/is-lambda@1.0.1 None 0 2.94 kB watson
npm/js-base64@2.6.4 None 0 19 kB dankogai
npm/json-parse-even-better-errors@2.3.1 None 0 10.4 kB isaacs
npm/json-schema-traverse@0.3.1 None 0 16.8 kB esp
npm/kind-of@6.0.3 None 0 22.8 kB doowb
npm/lines-and-columns@1.2.4 None 0 5.39 kB eventualbuddha
npm/lodash@4.17.14 None 0 1.4 MB jdalton
npm/make-fetch-happen@10.2.1 environment, network 0 59.3 kB gar
npm/mime-db@1.36.0 None 0 184 kB dougwilson
npm/mime-types@2.1.20 None 0 14.9 kB dougwilson
npm/min-indent@1.0.1 None 0 2.97 kB thejameskyle
npm/minipass-collect@1.0.2 None 0 4.87 kB isaacs
npm/minipass-fetch@2.1.2 environment, network 0 46.3 kB gar
npm/minipass-flush@1.0.5 None 0 3.77 kB isaacs
npm/minipass-pipeline@1.2.4 None 0 7 kB isaacs
npm/minipass-sized@1.0.3 None 0 124 kB isaacs
npm/minipass@3.3.6 None 0 48.1 kB isaacs
npm/minizlib@2.1.2 None 0 17.3 kB isaacs
npm/nan@2.20.0 None 0 430 kB kkoopa
npm/negotiator@0.6.3 None 0 27.4 kB dougwilson
npm/node-github-graphql@0.2.7 environment, network 0 7.71 kB wilsonchingg
npm/node-gyp@8.4.1 environment, shell 0 1.98 MB rvagg
npm/node-sass@9.0.0 environment, filesystem, network 0 1.83 MB xzyfer
npm/nopt@5.0.0 environment 0 25.8 kB isaacs
npm/npmlog@6.0.2 None 0 17.1 kB lukekarrys
npm/p-map@4.0.0 None 0 8.69 kB sindresorhus
npm/promise-inflight@1.0.1 None 0 3.04 kB iarna
npm/promise-retry@2.0.1 None 0 15.6 kB achingbrain
npm/psl@1.1.29 None 0 550 kB lupomontero
npm/readable-stream@3.6.2 environment 0 124 kB matteo.collina
npm/retry@0.12.0 None 0 32.2 kB tim-kos
npm/sass-graph@4.0.1 filesystem 0 14.1 kB xzyfer
npm/scss-tokenizer@0.4.3 filesystem Transitive: network +1 266 kB xzyfer
npm/signal-exit@3.0.7 None 0 9.96 kB isaacs
npm/smart-buffer@4.2.0 None 0 138 kB joshglazebrook
npm/socks-proxy-agent@7.0.0 network 0 22.8 kB kikobeats
npm/socks@2.8.3 network 0 156 kB joshglazebrook
npm/sshpk@1.14.2 None 0 209 kB arekinath
npm/ssri@9.0.1 None 0 37.5 kB nlf
npm/stack-trace@0.0.10 None 0 8.85 kB felixge
npm/tar@6.2.1 environment, filesystem +1 236 kB isaacs
npm/true-case-path@2.2.1 filesystem 0 21.3 kB caseywebb
npm/uglify-js@3.3.28 eval, filesystem 0 684 kB alexlamsl
npm/unique-filename@2.0.1 None 0 3.45 kB lukekarrys
npm/unique-slug@3.0.0 None 0 2.62 kB lukekarrys
npm/uuid@3.3.2 None 0 43.6 kB broofa
npm/wide-align@1.1.5 None 0 4.47 kB iarna
npm/winston@2.4.4 filesystem 0 190 kB indexzero
npm/wrap-ansi@7.0.0 None 0 10.6 kB sindresorhus
npm/y18n@5.0.8 filesystem 0 23.4 kB oss-bot

🚮 Removed packages: npm/amdefine@1.0.1, npm/aproba@1.2.0, npm/are-we-there-yet@1.1.5, npm/block-stream@0.0.9, npm/cliui@3.2.0, npm/code-point-at@1.1.0, npm/fstream@1.0.12, npm/function-bind@1.1.1, npm/gauge@2.7.4, npm/get-caller-file@1.0.3, npm/graceful-fs@4.2.2, npm/http-cache-semantics@4.0.3, npm/in-publish@2.0.0, npm/invert-kv@1.0.0, npm/is-finite@1.0.2, npm/js-base64@2.5.1, npm/kind-of@6.0.2, npm/lcid@1.0.0, npm/nan@2.14.0, npm/negotiator@0.6.2, npm/node-gyp@3.8.0, npm/node-sass@4.13.0, npm/nopt@3.0.6, npm/npmlog@4.1.2, npm/number-is-nan@1.0.1, npm/os-locale@1.4.0, npm/osenv@0.1.5, npm/pinkie-promise@2.0.1, npm/pinkie@2.0.4, npm/readable-stream@3.4.0, npm/repeating@2.0.1, npm/require-main-filename@1.0.1, npm/sass-graph@2.2.4, npm/scss-tokenizer@0.2.3, npm/signal-exit@3.0.2, npm/tar@2.2.2, npm/true-case-path@1.0.3, npm/which-module@1.0.0, npm/wide-align@1.1.3, npm/wrap-ansi@2.1.0, npm/y18n@3.2.1

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants