New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 17 vulnerabilities #120

Open

BobCashStory wants to merge 1 commit into main from snyk-fix-125870058b9a94550b76d6483555759a

Contributor

BobCashStory commented Dec 19, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 8 commits.

a64050a Releasing 0.21.1
d57cd97 Updating changelog for 0.21.1 release
8b0f373 Use different socket for Win32 test (#3375)
e426910 Protocol not parsed when setting proxy config from env vars (#3070)
c7329fe Hotfix: Prevent SSRF (#3410)
f472e5d Adding a type guard for `AxiosError` (#2949)
7688255 Remove the skipping of the `socket` http test (#3364)
820fe6e Updating axios in types to be lower case (#2797)

See the full diff

Package name: puppeteer

The new version differs by 250 commits.

377cd83 chore: release main (#11081)
11f7c69 test: update Firefox BiDi expectations (#11082)
0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (#11077)
163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (#11063)
67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (#11075)
54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (#11064)
c5083bb docs: update link to `third_party/README.md` (#11068)
a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
28c1c26 test: crash mocha if unhandled errors occur (#11055)
c5f2d28 test: move queryObjects to a CDP only tests (#11050)
88681a8 test: Remove invalid drag and drop test (#11054)
eedbb13 chore: release main (#11051)
b0d7375 fix: remove the flag disabling bfcache (#11047)
30bd030 chore: use yargs for mocha runner (#11045)
03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (#11043)
897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (#11042)
f59537e ci: add sharding for chrome (#11038)
bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (#11040)
e853e63 refactor: use common debugError (#11039)
48f9382 test: synchronize bidi expectations changes for Bug 1756595 (#11005)
aa16ab1 chore: use RxJS for wait for Navigation (#11024)
c502ca8 chore: release main (#11025)
e0e7e3a test: move cdp only tests to a subfolder (#11033)
8993def ci: disable failing doctest (#11035)

See the full diff

Package name: sqlite3

The new version differs by 57 commits.

573784b v5.0.3
e5a24fd Deleted `examples/` folder
b05f459 Added note about GitHub Releases to CHANGELOG.md
33d0656 Modernised Usage example in README
9d05c55 Fixed up more README nits
08d6319 Fixed link to API docs
0e2235a Altered wording in README
76b6c56 Altered README header
e3df365 Updated README
426930f Enabled CI to run when pushing tags
a21d41f Fixed uploading binaries to commit artifacts
bc978c7 Fixed CI step wording
7f744a1 Added prebuilt binaries via GitHub Releases
b4b3c3a Deleted `scripts/` directory
71bbdea Pinned dev dependencies (#1558)
a597383 Updated badges in README
0eb4a0f Deleted Travis and Appveyor configs
b58d341 Downgraded `mocha` and `eslint`
f39b10d Added missing Node versions to CI
8db96d4 Replaced Python extraction script with JS (#1570)
11c988c Fixed Windows build architecture in CI
8e63848 Updated Windows CI runner to `windows-latest`
d9e7d8b Fixed building on MacOS Monterey 12.3
859b95b Updated `node-gyp` to v8.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary File Overwrite


          fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-WS-1296835

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment