New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 5 vulnerabilities #34

Open

saumyakaran wants to merge 1 commit into master from snyk-fix-b1b2a603fc5d848d6553d1f8a88189e4

Member

saumyakaran commented Dec 19, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- backend/package.json
- backend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 18 commits.

a64050a Releasing 0.21.1
d57cd97 Updating changelog for 0.21.1 release
8b0f373 Use different socket for Win32 test (#3375)
e426910 Protocol not parsed when setting proxy config from env vars (#3070)
c7329fe Hotfix: Prevent SSRF (#3410)
f472e5d Adding a type guard for `AxiosError` (#2949)
7688255 Remove the skipping of the `socket` http test (#3364)
820fe6e Updating axios in types to be lower case (#2797)
94ca24b Releasing 0.21.0
2130a0c Updating changelog for 0.21.0 release
fbdc150 Lock travis to not use node v15 (#3361)
3a8b87d Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
9a78465 Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
6d05b96 Fix typos (#3309)
fa36737 fix axios.delete ignores config.data (#3282)
b7e954e Fixing node types (#3237)
04d45f2 Fixing requestHeaders.Authorization (#3287)
e8c6e19 docs: Fix simple typo, existant -> existent (#3252)

See the full diff

Package name: puppeteer

The new version differs by 250 commits.

377cd83 chore: release main (#11081)
11f7c69 test: update Firefox BiDi expectations (#11082)
0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (#11077)
163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (#11063)
67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (#11075)
54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (#11064)
c5083bb docs: update link to `third_party/README.md` (#11068)
a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
28c1c26 test: crash mocha if unhandled errors occur (#11055)
c5f2d28 test: move queryObjects to a CDP only tests (#11050)
88681a8 test: Remove invalid drag and drop test (#11054)
eedbb13 chore: release main (#11051)
b0d7375 fix: remove the flag disabling bfcache (#11047)
30bd030 chore: use yargs for mocha runner (#11045)
03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (#11043)
897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (#11042)
f59537e ci: add sharding for chrome (#11038)
bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (#11040)
e853e63 refactor: use common debugError (#11039)
48f9382 test: synchronize bidi expectations changes for Bug 1756595 (#11005)
aa16ab1 chore: use RxJS for wait for Navigation (#11024)
c502ca8 chore: release main (#11025)
e0e7e3a test: move cdp only tests to a subfolder (#11033)
8993def ci: disable failing doctest (#11035)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)


          fix: backend/package.json & backend/package-lock.json to reduce vulne…

b14f9ba

…rabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/npm:debug:20170905

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment