Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: fs-extra, howler #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mikolajroszak
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

fs-extra
from 8.1.0 to 11.2.0 | 10 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 9 months ago
on 2023-11-28
howler
from 2.1.2 to 2.2.4 | 6 versions ahead of your current version | a year ago
on 2023-09-19

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908
405 No Known Exploit
Release notes
Package name: fs-extra from fs-extra GitHub release notes
Package name: howler
  • 2.2.4 - 2023-09-19
    • FIXED Invalid regex detection of Opera versions 100+ (#1676).
    • FIXED The pannerAttr method wouldn't set the values the first time it was called (#1497).
    • FIXED Error when refreshing the buffer on a sound that has already been unloaded (#1508).
  • 2.2.3 - 2021-06-30
    • FIXED Fatal error in Chrome for iOS (#1491).
  • 2.2.2 - 2021-06-27

    The README has been updated with more examples and various clarifications. PRs/issues with suggestions for further improvements are appreciated.

    • CHANGED Include keydown event when unlocking audio (#1417).
    • CHANGED The audio state is changed to loading while the player is buffering (#1444).
    • FIXED Looping sounds wouldn't always work correctly in recent versions of Firefox desktop (#1445).
    • FIXED Disabled WebM in Safari 14 until bug in Safari is resolved (#1476).
    • FIXED Error when calling seek() on audio that hasn't loaded (#1423).
    • FIXED Before a sound had loaded, calling pause() after seek() didn't have the intended behavior (#1439).
  • 2.2.1 - 2020-10-25
    • FIXED The latest Safari 14 changed how WAV support was detected (#1415).
    • FIXED Edge case that could cause an infinite loop while fading (#1369).
    • FIXED Calling seek without a seek value while a file was still loading no longer adds it to the queue and correctly returns 0 (#1189).
    • FIXED Correctly handle finite audio files that return Infinity duration in Safari (#658).
  • 2.2.0 - 2020-05-17
    • ADDED New xhr property that allows setting custom headers (such as for auth), changing the withCredentials setting and specifying the HTTP method for the request. These only apply to Web Audio (#997).
    • ADDED New Howler.stop() global stop method to stop all sounds at once (#1308).
    • ADDED Support for m4b audio format (#1170).
    • CHANGED Allow passing metadata string to preload option to only preload the metadata (#1140).
    • FIXED Correctly handle AudioContext interrupted state causing stuck suspending state (#1106).
    • FIXED The volume method would sometimes return incorrect values when using very short fade lengths (#1045).
    • FIXED Error that HowlerGlobal was not defined when using jsdom-global (#1331).
    • FIXED Memory leak in Safari when an audio context can't be unlocked (#1338).

    Breaking Changes

    • The xhrWithCredentials property is now included in the xhr property object with key withCredentials.
  • 2.1.3 - 2019-12-24
    • FIXED Don't try to obtain HTML5 audio if there is no audio support (#1191).
    • FIXED The x/y/z orientations for the top of the listener weren't being set properly (#1221).
    • FIXED Race condition that could prevent looping audio from always looping (#1225).
    • FIXED Race condition that could cause the main volume to be reset to 1 if called before unlockAudio (#1210).
  • 2.1.2 - 2019-04-19
    • FIXED Removed browser check for auto play unlock since all major browsers now implement this.
    • FIXED Live streams now stop downloading when they are stopped, also fixing issue in Chrome with stopping twice (#1129).
    • FIXED Prevent error in Edge when Audio isn't supported (#1147).
from howler GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - fs-extra from 8.1.0 to 11.2.0.
    See this package in npm: https://www.npmjs.com/package/fs-extra
  - howler from 2.1.2 to 2.2.4.
    See this package in npm: https://www.npmjs.com/package/howler

See this project in Snyk:
https://app.snyk.io/org/mikolaj-roszak/project/3153d0c2-48c4-44b7-b376-444eeca4ac9c?utm_source=github&utm_medium=referral&page=upgrade-pr

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Race condition (Detected by phrase)

Matched on "Race condition"

What is this? (2min video)

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.

Try a challenge in Secure Code Warrior

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/fs-extra@11.2.0 Transitive: filesystem +2 79.3 kB ryanzim
npm/howler@2.2.4 None 0 318 kB goldfire

🚮 Removed packages: npm/ajv@6.10.2), npm/fast-deep-equal@2.0.1), npm/howler@2.1.2)

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants