[Snyk] Fix for 11 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/ipfs-message-port-client/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-JUSTSAFESET-1920917	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	521/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-SIMPLEGIT-2421199	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-SIMPLEGIT-2434306	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aegir

The new version differs by 113 commits.

• 585b004 chore(release): 36.2.3 [skip ci]
• a4123d5 chore(deps): bump simple-git from 2.37.0 to 3.3.0 (Intermittent "ipfs-pubsub-room/v1" not supported ipfs/js-ipfs#944)
• 045ee8a chore(release): 36.2.2 [skip ci]
• cdd0ad1 chore: fix linting
• 677efd7 chore: slow ci is slow
• 2f88c95 fix: restore typesversions for ts config file
• 512e594 chore(release): 36.2.1 [skip ci]
• d03bb03 fix: types for test utils
• 539f597 fix: update config
• a849765 fix: publish utils dir
• 9b45b4b chore(release): 36.2.0 [skip ci]
• 3defb4f chore: add auto-release
• 3fec2e3 chore: remove unused dep
• dcb5be6 chore: add path dep
• feeeb54 fix: tsc receives forward args (files.cat stream doesn't auto resume .on('data') ipfs/js-ipfs#939)
• d3dc7cd fix: cache types dir
• 6136719 chore: add install browser deps action
• d8111a2 fix: remove playwright
• 7f83b6c fix: run playwright install-deps
• 40a49f6 fix: cache playwright browsers
• ad2f33b chore: change if clause
• f261653 chore: update clause
• 55f77f3 chore: print os runner
• fb41e56 chore: skip cache on windows

See the full diff

Package name: interface-ipfs-core

The new version differs by 250 commits.

• 7375caa chore: publish
• 2b59d9d chore: update contributors
• d147494 fix: always close writer so iterator throws on error (fix: always close writer so iterator throws on error ipfs/js-ipfs#3980)
• 6eeaca4 fix(pubsub): multibase in pubsub http rpc (fix(pubsub): multibase in pubsub http rpc ipfs/js-ipfs#3922)
• 33f1034 feat: improve collected metrics (feat: improve collected metrics ipfs/js-ipfs#3978)
• 73476f5 chore: Bump @ ipld/dag-cbor to v7 (chore: Bump @ipld/dag-cbor to v7 ipfs/js-ipfs#3977)
• adde8c1 fix: use peer store for id (fix: use peer store for id ipfs/js-ipfs#3973)
• dec9e4c chore: fix monitoring (chore: fix monitoring ipfs/js-ipfs#3972)
• c083645 chore: remove noise fork (chore: remove noise fork ipfs/js-ipfs#3969)
• 80ac58c fix: ensure directory is passed (fix: ensure directory is passed ipfs/js-ipfs#3968)
• 45ac973 fix: return nested value from dag.get (fix: return nested value from dag.get ipfs/js-ipfs#3966)
• 9018432 chore: switch from IPFS_REUSEPORT to LIBP2P_TCP_REUSEPORT (Switch from IPFS_REUSEPORT to LIBP2P_TCP_REUSEPORT ipfs/js-ipfs#3955)
• 38c01be feat: update DAG API to match go-ipfs@0.10 changes (feat: update DAG API to match go-ipfs@0.10 changes ipfs/js-ipfs#3917)
• 0c269cf chore: add default option extentions (chore: add default option extentions ipfs/js-ipfs#3965)
• 62d8ecb feat: dht client (feat: dht client ipfs/js-ipfs#3947)
• c272bfb docs: add CORS to getting started (docs: add CORS to getting started ipfs/js-ipfs#3943)
• 6178708 chore: publish
• 3bd8b25 chore: update contributors
• 484d255 chore: update aegir and multiformats (chore: update aegir and multiformats ipfs/js-ipfs#3949)
• 70c67e2 fix: typo (fix: typo ipfs/js-ipfs#3946)
• 041fc29 chore: update version
• 4dcd335 docs: fixing a broken link (Update BROWSERS.md - fixing a broken link. ipfs/js-ipfs#3942)
• fdc148b chore: publish
• f419553 fix: pass hasher loader to bitswap (fix: pass hasher loader to bitswap ipfs/js-ipfs#3944)

See the full diff

Package name: ipfs-core

The new version differs by 250 commits.

• 38e78cc chore: release master (chore: release master ipfs/js-ipfs#4099)
• 919b27a chore: update deps
• 4e93dd5 fix: update to latest libp2p interfaces (fix: update to latest libp2p interfaces ipfs/js-ipfs#4111)
• 7165bf7 docs: add upgrade guide for ESM release (docs: add upgrade guide for ESM release ipfs/js-ipfs#4098)
• 74aee8b feat: update to libp2p 0.37.x (feat: update to libp2p 0.37.x ipfs/js-ipfs#4092)
• 361dab6 chore: release master (chore: release master ipfs/js-ipfs#4078)
• 8f7ce23 fix: upgrade dep of ipfs-utils ^9.0.2->^9.0.6 (fix: upgrade dep of ipfs-utils ^9.0.2->^9.0.6 ipfs/js-ipfs#4086)
• c367840 fix: update car dependency for CARv2 read support (fix: update car dependency for CARv2 read support ipfs/js-ipfs#4085)
• e90b8f1 fix: BWOptions.interval accepts number|string (fix: BWOptions.interval accepts number|string ipfs/js-ipfs#4061)
• 6c3cb73 fix: exclude fs from bundle (fix: exclude fs from bundle ipfs/js-ipfs#4076)
• 1a73160 fix(rmlink): fix rmlink to match docs (fix(rmlink): fix rmlink to match docs ipfs/js-ipfs#4073)
• c51b160 chore: release master (chore: release master ipfs/js-ipfs#4057)
• df1bd1b fix: add deps used in ipfs-core-types (fix: add deps used in ipfs-core-types ipfs/js-ipfs#4058)
• 125d42b fix: missing files on publish (fix: missing files on publish ipfs/js-ipfs#4056)
• 1082fce chore: fix links to config defaults (chore: fix links to config defaults ipfs/js-ipfs#4049)
• e7f8531 chore: release master (chore: release master ipfs/js-ipfs#4041)
• 709831f fix: override hashing algorithm when importing files (fix: override hashing algorithm when importing files ipfs/js-ipfs#4042)
• 383dc07 chore: fix broken links and help text (chore: fix broken links and help text ipfs/js-ipfs#4043)
• 3a74c11 docs: fixed link to examples (docs: fixed link to js-ipfs-examples ipfs/js-ipfs#4037)
• 596b1f4 fix(dag): replace custom dag walk with multiformats/traversal (fix(dag): replace custom dag walk with multiformats/traversal ipfs/js-ipfs#3950)
• 2c8ec08 chore: re-enable examples (chore: re-enable examples ipfs/js-ipfs#4036)
• 8d26021 chore: re-enable build
• b01b06b chore: release master (chore: release master ipfs/js-ipfs#4034)
• cca6e32 chore: override last release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Open Redirect
🦉 Prototype Pollution