[Snyk] Fix for 1 vulnerabilities #10

qmutz · 2024-02-11T23:46:32Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: libp2p

The new version differs by 250 commits.

d6bb967 chore: release version v0.32.0
d48005b chore: update contributors
67b97e3 chore: add migration guide to 0.32 (#957)
664ba2d chore: release version v0.32.0-rc.0
608564b chore: update contributors
af723b3 fix: do not allow dial to large number of multiaddrs (#954)
13cf476 chore: update to new multiformats (#948)
39b0358 chore: use libp2p-tcp with types (#952)
f7183e8 chore: release version v0.31.7
b9988ad chore: update contributors
b291bc0 fix: dialer leaking resources after stopping (#947)
755eb90 chore: update gossipsub dep for example
afe0f85 chore: use node 16
50f7f32 chore: update branch
052aad4 chore: use node 15 in ci
2c4b567 chore: restructure pubsub tests
2a6a635 chore: remove ipfs-utils dep (#953)
cd152f1 chore: add secure websockets example (#930)
2959794 chore: add more details on DHT configuration in CONFIGURATION.md (#951)
2068c84 chore: configuration format fix
d8ba284 fix: chat example with new multiaddr (#946)
869d35d chore: release version v0.31.6
d6540bf chore: update contributors
478963a feat: keychain rotate passphrase (#944)

See the full diff

Package name: libp2p-kad-dht

The new version differs by 241 commits.

42eb5eb chore: release version v0.19.0
0ed345a chore: update contributors
568c19c chore: use new content and peer routing apis (#181)
129566f chore: update interface links (#182)
a00b470 chore: release version v0.19.0-pre.0
12d0872 chore: use libp2p 0.28.x branch
f0fb212 chore: peer-discovery not using peer-info (#180)
b9e45ff chore: release version v0.19.0-pre.0
67a2db7 chore: update contributors
194c701 chore: use new peer store api (#179)
6456cc8 chore: release version v0.18.6
8d31075 chore: update contributors
fe3b218 chore(deps): bump cids from 0.7.5 to 0.8.0 (#178)
7b8d115 chore(deps): bump p-map from 3.0.0 to 4.0.0 (#177)
764ba63 chore(deps-dev): bump sinon from 8.1.1 to 9.0.0 (#176)
5ee91d7 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 (#175)
698fc51 chore: release version v0.18.5
636d4c2 chore: update contributors
de85eb6 fix: remove use of assert module (#173)
7b99370 chore: release version v0.18.4
c5721d0 chore: update contributors
3731a2e chore(deps): bump libp2p-interfaces from 0.1.7 to 0.2.3 (#171)
49f8e46 chore(deps-dev): bump datastore-level from 0.12.1 to 0.14.1 (#169)
6b7dcbf chore(deps-dev): bump sinon from 7.5.0 to 8.1.1 (#168)

See the full diff

Package name: libp2p-mdns

The new version differs by 79 commits.

afca4bf chore: release version v0.17.0
3787bfa chore: update contributors
0b974bc chore: update deps (feat: add KadDHT ipfs-inactive/js-libp2p-ipfs-nodejs#100)
0bb4d4a chore: release version v0.16.0
3285018 chore: update contributors
b8c7bf3 chore: update deps (Update libp2p-swarm to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#98)
ddcc10b chore: release version v0.15.0
061c3f0 chore: update contributors
3cf0e75 chore: upgrade deps (Update peer-info to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#97)
e1087a9 chore: release version v0.14.3
0ecc116 chore: update contributors
9fea1f6 fix: ensure event handlers are removed on MulticastDNS.stop (Update peer-book to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#96)
9186dbf chore: release version v0.14.2
183c065 chore: update contributors
9f45f73 fix: actually check tcp multiaddrs (Update libp2p-mdns to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#94)
60a0dbe chore: release version v0.14.1
edec51d chore: update contributors
3dc9475 test(fix): wait for the right peer in 3+ tests (Update peer-info to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#92)
cfe90c6 chore: use address manager (Advanced peer-book ipfs-inactive/js-libp2p-ipfs-nodejs#91)
5b46aaa chore: release version v0.14.0
bcf3e44 chore: update contributors
fca175e chore: peer-discovery not using peer-info (Update libp2p to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#90)
ecdda6e chore: release version v0.13.3
28c0ae1 chore: update contributors

See the full diff

Package name: libp2p-tcp

The new version differs by 104 commits.

9fcd053 chore: release version v0.17.0
162adc4 chore: update contributors
b3e315a chore: update deps (#147)
23e4fde chore: use node 16 in ci (#146)
c9207e1 chore: release version v0.16.0
3780621 chore: update contributors
3249e02 feat: add types (#145)
4789cf1 chore: release version v0.15.4
48b8376 chore: update contributors
7dfdf10 chore: update deps (#144)
d39ad01 chore: update url interfaces (#143)
37406d1 chore: release version v0.15.3
2df4789 chore: update contributors
3813100 fix: hanging close promise (#140)
8661c09 chore: release version v0.15.2
f9e3297 chore: update contributors
af9804e fix: intermittent error when asking for interfaces (#137)
e9e1f56 chore: release version v0.15.1
dee839e chore: update contributors
8ff9f60 chore: update deps (#136)
f17525a chore: update deps (#135)
b524848 chore: release version v0.15.0
926a99c chore: update contributors
d9f9912 chore: update deps (#134)

See the full diff

Package name: libp2p-webrtc-star

The new version differs by 234 commits.

590c5fc chore: release version v0.23.0
e88d63d chore: update contributors
e4360f2 chore: update deps (#365)
c629cc1 chore: release version v0.22.4
d01cd4a chore: update contributors
441a34e chore: update deps and use socket.io server v4 (#362)
4822c40 chore: release version v0.22.3
a046a72 chore: update contributors
1076b5b chore: update ipfs-utils dep (#341)
f61c4a1 chore: remove unecessary async fn in test (#336)
2eacc5f chore: release version v0.22.2
4ccf5be chore: update contributors
4c82721 chore: add err code for unknown signal server on dial (#335)
c780457 chore: release version v0.22.1
68b206f chore: update contributors
5b7b142 feat: support multiple listeners (#330)
53cbde6 chore: release version v0.22.0
35ea046 chore: update contributors
44f4232 chore: update deps (#329)
f644b08 chore: release version v0.21.2
b8b3fd0 chore: update contributors
8ef0358 chore(deps): bump err-code from 2.0.3 to 3.0.1 (#302)
aa9f08a chore: release version v0.21.1
1f080b2 chore: update contributors

See the full diff

Package name: libp2p-websockets

The new version differs by 87 commits.

e9189bb chore: release version v0.16.0
c4005b3 chore: update contributors
27f6c41 chore: update deps (#134)
db343b2 chore: use node 16 in ci (#133)
19e6f59 chore: release version v0.15.9
6e6a90c chore: update contributors
7bfdcb9 chore: update ipfs-utils dep (#132)
62a3276 chore: release version v0.15.8
a996e16 chore: update contributors
ee47570 fix: listener get addrs with wss (#130)
237fa15 chore: release version v0.15.7
488847e chore: update contributors
01ad18e chore: update ipfs-utils dep (#128)
e929104 chore: release version v0.15.6
47c234d chore: update contributors
76a4809 chore: update multiaddr to uri (#125)
90f13e9 chore: release version v0.15.5
c7522a3 chore: update contributors
67a95cb chore: update deps (#124)
f1a5d21 chore: release version v0.15.4
c5ddb0b chore: update contributors
ff4b764 chore: update deps (#123)
d07d1b7 chore: release version v0.15.3
9934161 chore: update contributors

See the full diff

Package name: mafmt

The new version differs by 107 commits.

41dfe7c chore: release version v10.0.0
c522889 chore: update contributors
2785b23 chore: upgrade multiaddr (Update libp2p to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#81)
14d8cae Upgrade to GitHub-native Dependabot (Feat/new api ipfs-inactive/js-libp2p-ipfs-nodejs#80)
e80cbe6 chore: release version v9.0.0
58c3f55 chore: update contributors
d20caf5 chore: update deps and types (Update aegir to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-nodejs#79)
5c177cd chore: add util dev dep
1d9532a chore(deps-dev): bump aegir from 31.0.4 to 32.0.2
2524351 chore(deps-dev): bump aegir from 30.3.0 to 31.0.3 (#74)
6a8b586 chore: fix lint
175e166 chore(deps-dev): bump aegir from 29.2.2 to 30.3.0
e1dedc8 chore: release version v8.0.4
edc37b4 chore: update contributors
ac7d10c feat: add QUIC support (#70)
38a1f1f chore: release version v8.0.3
ce180cc chore: update contributors
c8430c1 fix: add webrtc direct with p2p as valid P2P multiaddr (#71)
f5beeee chore: release version v8.0.2
a4ee2a9 chore: update contributors
10e131d chore: fix json format ts config (#68)
810466c chore(deps-dev): bump uint8arrays from 1.1.0 to 2.0.5 (#66)
161aa30 chore(deps-dev): bump aegir from 28.2.0 to 29.0.1 (feat: enable bootstrap to be an option ipfs-inactive/js-libp2p-ipfs-nodejs#64)
b02922e chore: release version v8.0.1

See the full diff

Package name: multiaddr

The new version differs by 168 commits.

5f1e3d6 chore: release version v10.0.1
665ece7 chore: update contributors
1296370 chore: remove .DS_Store file
19e6f14 chore: update uint8arrays (#206)
3014294 chore: release version v10.0.0
755d494 chore: update contributors
7e3aff9 chore: update to new multiformats (#200)
0b3bfe5 chore: release version v9.0.2
25a37c0 chore: update contributors
2201344 Support buffer with any byteOffset values instead of 0 (#201)
a95b991 chore(deps-dev): bump sinon from 10.0.1 to 11.1.1 (#199)
b58474f chore: release version v9.0.1
cc9e03e chore: update contributors
54633f4 fix: types property (#195)
9067450 chore: update changelog with breaking change examples
ac7da1b chore: release version v9.0.0
15f36bc chore: update contributors
7d284e4 feat: add types (#189)
aac0144 chore: release version v8.1.2
d56cf70 chore: update contributors
0ac20ba fix: tell bundlers to return false for node dns module (#163)
1cc85e3 chore: make tsconfig valid json (#162)
967b845 chore(deps-dev): bump aegir from 28.2.0 to 29.0.1 (#158)
449d49b chore: release version v8.1.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-6240864

fix: package.json to reduce vulnerabilities

0710db3

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-6240864

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities #10

[Snyk] Fix for 1 vulnerabilities #10

qmutz commented Feb 11, 2024

[Snyk] Fix for 1 vulnerabilities #10

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #10

Conversation

qmutz commented Feb 11, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: