[Snyk] Fix for 12 vulnerabilities #29

MarcelRaschke · 2022-08-19T20:08:16Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/browser-http-client-upload-file/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	No	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	No	Proof of Concept
579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-JUSTSAFESET-1920917	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipfs

The new version differs by 250 commits.

38e78cc chore: release master (chore: release master ipfs/js-ipfs#4099)
919b27a chore: update deps
4e93dd5 fix: update to latest libp2p interfaces (fix: update to latest libp2p interfaces ipfs/js-ipfs#4111)
7165bf7 docs: add upgrade guide for ESM release (docs: add upgrade guide for ESM release ipfs/js-ipfs#4098)
74aee8b feat: update to libp2p 0.37.x (feat: update to libp2p 0.37.x ipfs/js-ipfs#4092)
361dab6 chore: release master (chore: release master ipfs/js-ipfs#4078)
8f7ce23 fix: upgrade dep of ipfs-utils ^9.0.2->^9.0.6 (fix: upgrade dep of ipfs-utils ^9.0.2->^9.0.6 ipfs/js-ipfs#4086)
c367840 fix: update car dependency for CARv2 read support (fix: update car dependency for CARv2 read support ipfs/js-ipfs#4085)
e90b8f1 fix: BWOptions.interval accepts number|string (fix: BWOptions.interval accepts number|string ipfs/js-ipfs#4061)
6c3cb73 fix: exclude fs from bundle (fix: exclude fs from bundle ipfs/js-ipfs#4076)
1a73160 fix(rmlink): fix rmlink to match docs (fix(rmlink): fix rmlink to match docs ipfs/js-ipfs#4073)
c51b160 chore: release master (chore: release master ipfs/js-ipfs#4057)
df1bd1b fix: add deps used in ipfs-core-types (fix: add deps used in ipfs-core-types ipfs/js-ipfs#4058)
125d42b fix: missing files on publish (fix: missing files on publish ipfs/js-ipfs#4056)
1082fce chore: fix links to config defaults (chore: fix links to config defaults ipfs/js-ipfs#4049)
e7f8531 chore: release master (chore: release master ipfs/js-ipfs#4041)
709831f fix: override hashing algorithm when importing files (fix: override hashing algorithm when importing files ipfs/js-ipfs#4042)
383dc07 chore: fix broken links and help text (chore: fix broken links and help text ipfs/js-ipfs#4043)
3a74c11 docs: fixed link to examples (docs: fixed link to js-ipfs-examples ipfs/js-ipfs#4037)
596b1f4 fix(dag): replace custom dag walk with multiformats/traversal (fix(dag): replace custom dag walk with multiformats/traversal ipfs/js-ipfs#3950)
2c8ec08 chore: re-enable examples (chore: re-enable examples ipfs/js-ipfs#4036)
8d26021 chore: re-enable build
b01b06b chore: release master (chore: release master ipfs/js-ipfs#4034)
cca6e32 chore: override last release

See the full diff

Package name: parcel

The new version differs by 250 commits.

84da50a v2.0.0
aa0a369 Small copy change
c78601b shouldVisitChild: Check parent and child node previously deferred separately (#7043)
2c83842 Fix scope resolution for TS enums (#7057)
dbe1153 Fix order of hoisted variable declarations (#7053)
bea9442 Fix named export with different export name for wrapped assets (#7052)
2175e1b Mark '*' as used when the reexport is only decided at runtime (#7049)
4312b91 Update Micromatch (#6958)
5afe766 Fail when unable to build a native package (#6962)
971ed24 Update watcher and source-map library to 2.0.0 (#7044)
810a854 Add missing C flags for SIMD support in build workflow (#7045)
d6de61d Fix shaking for functions types with overload signatures (#7036)
daf2cd9 Safely position the HMR script (#6961)
89b4e51 Unmark defer for dependency that become used ('does not export') (#7035)
b575212 Bump swc (#7033)
415710f Fix CSS tree shaking with 'build --no-scope-hoist' (#5728)
ea0f4e4 Allow jsx and tsx as lang for script block in Vue SFCs (#6983)
d2d4f1c Never enable JSX in a .ts file (#7031)
aafc318 Don't use deprecated querystring package (#6806)
a6a6fb2 Fix cache invalidation when shouldOptimize changes (#7030)
7d4d53a Update all references to v2.parceljs.org to just parceljs.org (#7029)
91de5c0 Ensure symbol order is consistent (#7021)
2ebed00 Ensure named exports are prioritized over wildcard re-exports (#7016)
4904f20 Fix autoinstall with Yarn 2+ (#7023)