Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 2 vulnerabilities #205

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

levalleux-ludo
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • external/keepers/package.json
    • external/keepers/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ETHERS-1586048
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 41 commits.
  • e367be5 [Releasing] 0.21.3
  • 83ae383 Correctly add response interceptors to interceptor chain (#4013)
  • c0c8761 [Updating] changelog to include links to issues and contributors
  • 619bb46 [Releasing] v0.21.2
  • 82c9455 Create SECURITY.md (#3981)
  • 5b45711 Security fix for ReDoS (#3980)
  • 5bc9ea2 Update ECOSYSTEM.md (#3817)
  • e72813a Fixing README.md (#3818)
  • e10a027 Fix README typo under Request Config (#3825)
  • e091491 Update README.md (#3936)
  • b42fbad Removed un-needed bracket
  • 520c8dc Updating CI status badge (#3953)
  • 4fbeecb Adding CI on Github Actions. (#3938)
  • e9965bf Fixing the sauce labs tests (#3813)
  • dbc634c Remove charset in tests (#3807)
  • 3958e9f Add explanation of cancel token (#3803)
  • 69949a6 Adding custom return type support to interceptor (#3783)
  • 49509f6 Create FUNDING.yml (#3796)
  • 199c8aa Adding parseInt to config.timeout (#3781)
  • 94fc4ea Adding isAxiosError typeguard documentation (#3767)
  • 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
  • a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
  • 59fa614 [Updated] follow-redirects to the latest version (#3771)
  • 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: ethers The new version differs by 13 commits.
  • 4166b27 Updated dist files.
  • 32a6b2a Fix parseUints with excess zeros and fix ReDoS issue (#2016, #1975, #1976).
  • f2a32d0 docs: added provider.FeeData
  • 5762a1f updated dist files.
  • 8320d53 Temporarily remove the block miner for clique-based networks from CI testing (#1967).
  • c41b89a updated dist files.
  • b6a061e More readable errors involving Uint8Arrays.
  • a662490 Added Deferred Error support to Description objects to extent Interface parse methods (#1894).
  • bdb54ac docs: added cookbook entry to compute raw transaction (#1857).
  • 32a90b6 docs: added Alchemy tutorial
  • 95b87f6 docs: added BigNumber.toBigInt (#1799).
  • 017b1fe Fix address coder to prepare non-hexdatastring addresses as hexdatastring (#1906).
  • accb852 Removed temporary code for better errors needed until Alchemy added EIP-1559 support (#1893).

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)

@levalleux-ludo levalleux-ludo requested a review from a team September 26, 2022 09:05
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants