[Snyk] Upgrade @tensorflow/tfjs-converter from 3.12.0 to 4.18.0

[aravindvnair99]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @tensorflow/tfjs-converter from 3.12.0 to 4.18.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 35 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2024-04-17.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Infinite loop SNYK-JS-MARKDOWNIT-6483324	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Resource Exhaustion SNYK-JS-JOSE-6419224	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @tensorflow/tfjs-converter

• 4.18.0 - 2024-04-17
  

  Core (4.17.0 ==> 4.18.0)

  Misc

  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.

  Data (4.17.0 ==> 4.18.0)

  Misc

  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.

  Layers (4.17.0 ==> 4.18.0)

  Misc

  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.

  Converter (4.17.0 ==> 4.18.0)

  Misc

  • Update lockfiles branch tfjs_4.18.0_lockfiles lock files. (#8251). Thanks, @ dbcp1.
  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.
  • nightly test fix (#8214).
  • Fixed typos in documentation string. (#7782). Thanks, @ shmishra99.

  Node (4.17.0 ==> 4.18.0)

  Misc

  • Update lockfiles branch tfjs_4.18.0_lockfiles lock files. (#8251). Thanks, @ dbcp1.
  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.

  Wasm (4.17.0 ==> 4.18.0)

  Misc

  • Update lockfiles branch tfjs_4.18.0_lockfiles lock files. (#8251). Thanks, @ dbcp1.
  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.

  Cpu (4.17.0 ==> 4.18.0)

  Misc

  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.

  Webgl (4.17.0 ==> 4.18.0)

  Misc

  • Update lockfiles branch tfjs_4.18.0_lockfiles lock files. (#8251). Thanks, @ dbcp1.
  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.

  WebGPU (4.17.0 ==> 4.18.0)

  Misc

  • Update lockfiles branch tfjs_4.18.0_lockfiles lock files. (#8251). Thanks, @ dbcp1.
  • Update monorepo to 4.18.0. (#8250). Thanks, @ dbcp1.
• 4.18.0-rc.0 - 2024-04-11
  

  • Update lockfiles branch tfjs_4.18.0-rc.0_lockfiles lock files.

  • Update verdaccio.yaml

• 4.17.0 - 2024-01-30
  

  Core (4.16.0 ==> 4.17.0)

  Misc

  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.

  Data (4.16.0 ==> 4.17.0)

  Misc

  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.

  Layers (4.16.0 ==> 4.17.0)

  Misc

  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.

  Converter (4.16.0 ==> 4.17.0)

  Misc

  • Update lockfiles branch tfjs_4.17.0_lockfiles lock files. (#8162). Thanks, @ dbcp1.
  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.
  • merge g3 cl (#8138).

  Node (4.16.0 ==> 4.17.0)

  Misc

  • Update lockfiles branch tfjs_4.17.0_lockfiles lock files. (#8162). Thanks, @ dbcp1.
  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.
  • Fix for windows installation #7341 (#8122). Thanks, @ vicmmg.
  • Update broken link for MacOS Catalina guide in README.md (#8032). Thanks, @ gaikwadrahul8.

  Wasm (4.16.0 ==> 4.17.0)

  Misc

  • Update lockfiles branch tfjs_4.17.0_lockfiles lock files. (#8162). Thanks, @ dbcp1.
  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.

  Cpu (4.16.0 ==> 4.17.0)

  Misc

  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.

  Webgl (4.16.0 ==> 4.17.0)

  Misc

  • Update lockfiles branch tfjs_4.17.0_lockfiles lock files. (#8162). Thanks, @ dbcp1.
  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.

  WebGPU (4.16.0 ==> 4.17.0)

  Misc

  • Update lockfiles branch tfjs_4.17.0_lockfiles lock files. (#8162). Thanks, @ dbcp1.
  • Update monorepo to 4.17.0. (#8161). Thanks, @ dbcp1.
• 4.17.0-rc.0 - 2024-01-23
  

  • Update lockfiles branch tfjs_4.17.0-rc.0_lockfiles lock files.

  • Update verdaccio.yaml

• 4.16.0 - 2024-01-11
  

  Core (4.15.0 ==> 4.16.0)

  Misc

  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.

  Data (4.15.0 ==> 4.16.0)

  Misc

  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.

  Layers (4.15.0 ==> 4.16.0)

  Misc

  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.

  Converter (4.15.0 ==> 4.16.0)

  Bug fixes

  • apply g3 fixes for jax (#8099).

  Misc

  • Update lockfiles branch tfjs_4.16.0_lockfiles lock files. (#8137). Thanks, @ dbcp1.
  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.
  • Add support for complex64 data type in parseDtypeParam function (#8083). Thanks, @ Lutra-Fs.

  Node (4.15.0 ==> 4.16.0)

  Misc

  • Update lockfiles branch tfjs_4.16.0_lockfiles lock files. (#8137). Thanks, @ dbcp1.
  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.

  Wasm (4.15.0 ==> 4.16.0)

  Misc

  • Update lockfiles branch tfjs_4.16.0_lockfiles lock files. (#8137). Thanks, @ dbcp1.
  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.

  Cpu (4.15.0 ==> 4.16.0)

  Misc

  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.

  Webgl (4.15.0 ==> 4.16.0)

  Misc

  • Update lockfiles branch tfjs_4.16.0_lockfiles lock files. (#8137). Thanks, @ dbcp1.
  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.

  WebGPU (4.15.0 ==> 4.16.0)

  Misc

  • Update lockfiles branch tfjs_4.16.0_lockfiles lock files. (#8137). Thanks, @ dbcp1.
  • Update monorepo to 4.16.0. (#8136). Thanks, @ dbcp1.
• 4.16.0-rc.0 - 2024-01-09
  

  • Update lockfiles branch tfjs_4.16.0-rc.0_lockfiles lock files.

  • Update verdaccio.yaml

• 4.15.0 - 2023-12-12
  Read more
• 4.15.0-rc.0 - 2023-12-05
  

  • Update lockfiles branch tfjs_4.15.0-rc.0_lockfiles lock files.

  • Update verdaccio.yaml

• 4.14.0 - 2023-11-30
• 4.14.0-rc.0 - 2023-11-17
• 4.13.0 - 2023-11-07
• 4.13.0-rc.0 - 2023-10-30
• 4.12.0 - 2023-10-18
• 4.12.0-rc.0 - 2023-10-11
• 4.11.0 - 2023-09-13
• 4.10.0 - 2023-08-01
• 4.9.0 - 2023-07-18
• 4.8.0 - 2023-06-20
• 4.7.0 - 2023-06-06
• 4.6.0 - 2023-05-17
• 4.5.0 - 2023-05-05
• 4.4.0 - 2023-04-06
• 4.3.0 - 2023-03-17
• 4.2.0 - 2023-01-03
• 4.1.0 - 2022-11-20
• 4.0.0 - 2022-10-13
• 3.21.0 - 2022-10-06
• 3.20.0 - 2022-08-23
• 3.19.0 - 2022-07-22
• 3.18.0 - 2022-05-20
• 3.17.0 - 2022-05-12
• 3.16.0 - 2022-04-19
• 3.15.0 - 2022-03-22
• 3.14.0 - 2022-03-03
• 3.13.0 - 2022-01-12
• 3.12.0 - 2021-12-08

from @tensorflow/tfjs-converter GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in 9adb532 path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in 9adb532 result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Automatically closed due to lack of recent activity. Tag @aravindvnair99 to reopen. Thank you for your contributions.