Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 43 vulnerabilities #32

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Fix for 43 vulnerabilities #32

wants to merge 1 commit into from

Conversation

naiba4
Copy link
Owner

@naiba4 naiba4 commented Apr 22, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

    • package.json

  • Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
    Find out more.

⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 Yes Proof of Concept
critical severity 786/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.3		 Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 Yes Proof of Concept
medium severity 554/1000
Why? Has a fix available, CVSS 6.8		 Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ETHERS-1586048		 No Proof of Concept
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Open Redirect
SNYK-JS-EXPRESS-6474509		 No No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 No Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 No Proof of Concept
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 Yes No Known Exploit
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASHTEMPLATE-1088054		 No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
medium severity 536/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1047770		 No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1584358		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1585624		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-2824151		 No Proof of Concept
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579152		 No No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579155		 No No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5		 Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 No Proof of Concept
low severity 379/1000
Why? Has a fix available, CVSS 3.3		 Insecure Credential Storage
SNYK-JS-WEB3-174533		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-WEB3UTILS-6229337		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 No Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:braces:20180219		 No Proof of Concept
medium severity 641/1000
Why? Mature exploit, Has a fix available, CVSS 5.1		 Uninitialized Memory Exposure
npm:concat-stream:20160901		 No Mature
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @truffle/config The new version differs by 250 commits.
  • 033fc64 Publish
  • 8c81e30 Merge pull request #6187 from trufflesuite/decapitate
  • 7591024 Remove gitHead field that snuck its way in
  • 4c80841 Merge pull request #6180 from legobeat/node-version
  • 25f02d2 Merge pull request #6185 from legobeat/devdeps-dedupe-babel
  • d235365 Merge pull request #6186 from legobeat/ci-node-20.5
  • 48a2052 chore: yarn dedupe @ babel/ packages
  • d355b79 chore(ci): pin node 20 to 20.5 due to regression in 20.6
  • d0d0c89 Merge pull request #6178 from legobeat/achrinza-node-ipc
  • a9d543f Merge pull request #6177 from legobeat/deps-semver
  • 1c79efe chore(deps): unpin semver
  • 5ae76e9 deps(codec-components): bump @ microsoft/api-extractor to fix semver CVE
  • cb8bf8b yarn dedupe browserslist@^4.x
  • a830ff5 deps: dedupe core-js-compat to remove semver@7.0.0
  • c31707c update yarn.lock
  • b349c1c deps: semver@^7.5.2->^7.5.4
  • 53fcef0 update yarn.lock
  • 005ebb9 deps: semver@7.5.2->7.5.4
  • 4ff7c58 update yarn.lock
  • cfde067 devDeps(spinners): remove unused @ types/semver
  • 6af2e11 devDeps: @ types/semver->7.5.1
  • b1810cc deps: semver@7.5.2->7.5.4
  • b7bc4c1 deps(core): semver@7.5.2->7.5.4
  • 9c581ec compile-solidity: type-assertion due to incompletely typed @ types/semver

See the full diff

Package name: @truffle/contract The new version differs by 250 commits.
  • a26df1f Publish
  • 4df99df Merge pull request #6193 from legobeat/ci-yarn-deduplicate
  • 39ffb36 apply lint:fix:dependencies
  • d37ed52 ci: enforce deduped lockfile when linting dependencies
  • b999099 chore: add yarn lockfile deduplication package scripts using yarn-deduplicate
  • 6b2a081 Merge pull request #6194 from legobeat/yarn-dedupe-full-fewer
  • 0f3d963 yarn refresh lockfile
  • 17536c4 yarn deduplicate fewer
  • 6accdbf devDeps: yarn deduplicate readable-stream
  • f322892 devDeps: yarn deduplicate object.assign
  • 4fac8f1 devDeps: yarn deduplicate http-cache-semantics
  • 7b2d2ff devDeps: yarn deduplicate acorn,ajv
  • 6a0c3bd deps: yarn deduplicate bn.js@^5
  • a82c4ad devDeps: yarn deduplicate @ types/
  • f28ce63 deps: yarn dedupe strip-ansi,ansi-regex
  • 9b23a59 devDeps: webpack@^5.73.0->^5.88.2
  • 09ebe21 deps: yarn dedupe,lockbump apollo-server packages
  • a267cab yarn dedupe graphql,tslib
  • 16e723d devDeps(db,db-kit): madge@^5.0.1->6.1.0
  • 3344b45 Merge pull request #6192 from legobeat/deps-bump-eth-libs
  • 4372ee3 update yarn.lock after rebase
  • 0625db5 Merge pull request #6191 from legobeat/deps-dedupe-libs
  • 0500ff7 deps: bump/dedupe web3, ethereumjs-util packages
  • 4d64055 yarn dedupe ethers

See the full diff

Package name: @truffle/hdwallet-provider The new version differs by 250 commits.
  • 033fc64 Publish
  • 8c81e30 Merge pull request #6187 from trufflesuite/decapitate
  • 7591024 Remove gitHead field that snuck its way in
  • 4c80841 Merge pull request #6180 from legobeat/node-version
  • 25f02d2 Merge pull request #6185 from legobeat/devdeps-dedupe-babel
  • d235365 Merge pull request #6186 from legobeat/ci-node-20.5
  • 48a2052 chore: yarn dedupe @ babel/ packages
  • d355b79 chore(ci): pin node 20 to 20.5 due to regression in 20.6
  • d0d0c89 Merge pull request #6178 from legobeat/achrinza-node-ipc
  • a9d543f Merge pull request #6177 from legobeat/deps-semver
  • 1c79efe chore(deps): unpin semver
  • 5ae76e9 deps(codec-components): bump @ microsoft/api-extractor to fix semver CVE
  • cb8bf8b yarn dedupe browserslist@^4.x
  • a830ff5 deps: dedupe core-js-compat to remove semver@7.0.0
  • c31707c update yarn.lock
  • b349c1c deps: semver@^7.5.2->^7.5.4
  • 53fcef0 update yarn.lock
  • 005ebb9 deps: semver@7.5.2->7.5.4
  • 4ff7c58 update yarn.lock
  • cfde067 devDeps(spinners): remove unused @ types/semver
  • 6af2e11 devDeps: @ types/semver->7.5.1
  • b1810cc deps: semver@7.5.2->7.5.4
  • b7bc4c1 deps(core): semver@7.5.2->7.5.4
  • 9c581ec compile-solidity: type-assertion due to incompletely typed @ types/semver

See the full diff

Package name: eslint The new version differs by 250 commits.
  • e0cbc50 9.0.0
  • 75cb5f4 Build: changelog update for 9.0.0
  • 19f9a89 chore: Update dependencies for v9.0.0 (#18275)
  • 7c957f2 chore: package.json update for @ eslint/js release
  • d73a33c chore: ignore `/docs/v8.x` in link checker (#18274)
  • d54a412 feat: Add --inspect-config CLI flag (#18270)
  • e151050 docs: update get-started to the new `@ eslint/create-config` (#18217)
  • 610c148 fix: Support `using` declarations in no-lone-blocks (#18269)
  • 44a81c6 chore: upgrade knip (#18272)
  • 94178ad docs: mention about `name` field in flat config (#18252)
  • 1765c24 docs: add Troubleshooting page (#18181)
  • e80b60c chore: remove code for testing version selectors (#18266)
  • 96607d0 docs: version selectors synchronization (#18260)
  • e508800 fix: rule tester ignore irrelevant test case properties (#18235)
  • a129acb fix: flat config name on ignores object (#18258)
  • 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (#17662)
  • 651ec91 docs: remove `/* eslint-env */` comments from rule examples (#18249)
  • 950c4f1 docs: Update README
  • 3e9fcea feat: Show config names in error messages (#18256)
  • b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (#18232)
  • 12f5746 docs: add info about dot files and dir in flat config (#18239)
  • b93f408 docs: update shared settings example (#18251)
  • 26384d3 docs: fix `ecmaVersion` in one example, add checks (#18241)
  • 7747097 docs: Update PR review process (#18233)

See the full diff

Package name: eth-gas-reporter The new version differs by 32 commits.

See the full diff

Package name: husky The new version differs by 27 commits.

See the full diff

Package name: solhint The new version differs by 90 commits.
  • 37d9b14 Merge pull request #406 from protofire/feature/new-npm-publish-3-3-9
  • e2f078f updated changelog and version
  • 48d4f6e Merge pull request #403 from protofire/fix/named-parameters-in-mappings
  • 107c5ed newRule: named-parameters-mapping
  • 57ce266 Merge pull request #390 from juanpcapurro/no-global-imports
  • f371bad set no-global-import as recommended
  • 2fa6418 no-global-import rule
  • d4c0a46 Merge pull request #396 from protofire/fix/disable-func-visibility-for-free-functions
  • b81c3fc Merge pull request #399 from protofire/fix/no-unused-vars-false-positive
  • 2970288 Merge pull request #394 from protofire/fix/avoid-low-level-calls
  • 021c960 Merge pull request #391 from protofire/fix/no-console-update
  • 242dd06 corrected line due feedback update
  • 7110266 Simplify no-console implementation
  • d1fba2b fix: no-unused-vars false positive for unnamed payable parameters
  • 92d3b79 improved test cases and implementation
  • bc437e3 fix: remove deprecated call.value() statement
  • 735dd49 Merge pull request #392 from protofire/fix/quiet-option-to-all-files
  • 0ced110 deleted useless line and comments
  • 93b28e2 Merge pull request #388 from protofire/fix/dirs-with-sol-extension
  • 1292516 fix: skip free functions on func-visibility
  • 254b120 fix: transfers with .call excluded from warning as low level code
  • 074c822 fix: --quiet option works for all files
  • a2b8ea3 Merge pull request #389 from juanpcapurro/fix-doc-generation
  • 62e9eb9 fix: no-console rule

See the full diff

Package name: solidity-coverage The new version differs by 80 commits.
  • 0a33e13 0.8.0
  • 4c63612 Add hardhat to peerDependencies (#722)
  • 9ce20ff Typo / Grammar fix. (#738)
  • 204a5eb Added a section for the report location. (#739)
  • ed3d504 Fix README for v0.8 release
  • 05ab320 Fixes for Hardhat 2.11.0 (#740)
  • bc7d076 0.8.0 Additional Coverage Measurements & Restructure (Merge)
  • a7db2fe More README changes
  • 16367d1 Remove truffle files from project
  • 26898c1 Remove Builder-E2E test
  • 8ea8ec9 Fix true/false scoped method definition function visibilities
  • 21ca46e Temporarily skip truffle integration tests
  • 22992e1 Fix constructor test
  • cf126ea Fix assert tests
  • 0ba3f11 Remove more buildler things
  • d57a131 Remove buidler
  • 3bcec94 Fix rebase errors & regenerate yarn.lock
  • 88c1d00 Fix loops, modifiers, options and statements tests
  • 0deb001 Fix if/else tests
  • 29c0fdd Fix constructor keyword test
  • d4e8536 Update tests for adjusted statement coverage
  • 3edfd25 Stop injecting statement coverage into conditionals
  • 7eb94a9 Update @ solidity-parser/parser to 0.14.1
  • e9133d7 Generate mocha JSON output with --matrix (#601)

See the full diff

Package name: truffle The new version differs by 250 commits.
  • 94dda0c Publish
  • 2c68fb1 Merge pull request #5730 from trufflesuite/subCMDHelp
  • 28f3d26 fix TypeError: Cannot read properties of undefined (reading 'subCommand')
  • ee9165c Merge pull request #5727 from trufflesuite/thanksify
  • 281c938 Update Sourcify networks
  • 3950dca Merge pull request #5717 from trufflesuite/revert-5359-db-jest-resolver
  • f17aa05 Revert "Internal improvements: Custom jest resolver for db"
  • b9087b5 Merge pull request #5713 from trufflesuite/dependabot/npm_and_yarn/loader-utils-1.4.2
  • 4095a68 Bump loader-utils from 1.4.1 to 1.4.2
  • 31cc6eb dashboard: Decode requests (#5621)
  • eb8a3a6 Merge pull request #5709 from trufflesuite/bump-mocha
  • 6af18fa Merge pull request #5707 from trufflesuite/dependabot/npm_and_yarn/loader-utils-1.4.2
  • cee41e5 Merge pull request #5710 from trufflesuite/sweep-up
  • 8db49f7 Publish
  • 76acaa0 Merge pull request #5708 from trufflesuite/picky-dash-event-handlers
  • 9ab12a8 get rid of unnecessary gitHead property from package.jsons
  • b186513 bump mocha to 10.1.0
  • 58f42bd events: Early return dashboard event handlers if network isn't dashboard
  • 81dd430 Bump loader-utils from 1.4.1 to 1.4.2
  • f3d1c7a Merge pull request #5700 from trufflesuite/trim-it
  • 4e8df7b Merge pull request #5646 from trufflesuite/add-compilations-simple
  • 360fc65 Add test that overlapping id array has correct length
  • d7715e8 Return all overlapping IDs in error
  • b756ba2 Factor out repeat compilation check and put it in encoder

See the full diff

Package name: web3 The new version differs by 250 commits.
  • 5b5bf87 changelog updates
  • 45d55c3 version update
  • 4358140 Release/4.0.1 rc.2 (#6152)
  • cdc2835 fix canary auth (#6151)
  • 55a4de1 add util polyfill (#6150)
  • 45edf3d Canary releases (#6143)
  • 01ce365 Proposal for rearranging docs (#6141)
  • 86082bc skip '### Breaking Changes' section from unreleasedSection array (#6138)
  • d60c285 Fix plugin example tests with `4.0.1-rc.1` (#6134)
  • 88ac791 Correct and enhance documentation for subscribing to events (#6129)
  • daaaff7 Autotype for contract methods (#6137)
  • ab80131 support ESM builds (#6131)
  • 6202d1e min build whitelisting (#6132)
  • 7a924db migration guide update (#6130)
  • 4f423fc Fix validation of nested tuples (#6125)
  • 408332d fix!: remove non read-only ens methods (#6084)
  • 8c5ea34 Providers Tutorial (#6095)
  • f2abd6a Eth turorial (#6120)
  • 210455a transaction integration tests (#6071)
  • fe959a1 Contract options fix (#6118)
  • bf1311f update docs so web is imported by default (#6112)
  • 3b95b5e fix estimateGas to accept hex data without 0x prefix (#6103)
  • 8c3a17b Add a tutorial for smart contract basic interaction (#6089)
  • edc7a84 `defaultTransactionTypeParser` Refactor (#6102)

See the full diff

Package name: web3-eth-abi The new version differs by 250 commits.
  • 5b5bf87 changelog updates
  • 45d55c3 version update
  • 4358140 Release/4.0.1 rc.2 (#6152)
  • cdc2835 fix canary auth (#6151)
  • 55a4de1 add util polyfill (#6150)
  • 45edf3d Canary releases (#6143)
  • 01ce365 Proposal for rearranging docs (#6141)
  • 86082bc skip '### Breaking Changes' section from unreleasedSection array (#6138)
  • d60c285 Fix plugin example tests with `4.0.1-rc.1` (#6134)
  • 88ac791 Correct and enhance documentation for subscribing to events (#6129)
  • daaaff7 Autotype for contract methods (#6137)
  • ab80131 support ESM builds (#6131)
  • 6202d1e min build whitelisting (#6132)
  • 7a924db migration guide update (#6130)
  • 4f423fc Fix validation of nested tuples (#6125)
  • 408332d fix!: remove non read-only ens methods (#6084)
  • 8c5ea34 Providers Tutorial (#6095)
  • f2abd6a Eth turorial (#6120)
  • 210455a transaction integration tests (#6071)
  • fe959a1 Contract options fix (#6118)
  • bf1311f update docs so web is imported by default (#6112)
  • 3b95b5e fix estimateGas to accept hex data without 0x prefix (#6103)
  • 8c3a17b Add a tutorial for smart contract basic interaction (#6089)
  • edc7a84 `defaultTransactionTy...

@snyk-bot
fix: package.json & .snyk to reduce vulnerabilities
f9d2f11 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ASYNC-2441827
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
- https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026
- https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
- https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
- https://snyk.io/vuln/SNYK-JS-ES5EXT-6095076
- https://snyk.io/vuln/SNYK-JS-ETHERS-1586048
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MOCHA-2863123
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770
- https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1584358
- https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1585624
- https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-2824151
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TAR-6476909
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-WEB3-174533
- https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:concat-stream:20160901
- https://snyk.io/vuln/npm:debug:20170905


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
@codesandbox CodeSandbox
Copy link

codesandbox bot commented Apr 22, 2024

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Apr 22, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@snyk/protect@1.1290.0 environment, filesystem, network 0 47.8 kB snyk-admin
npm/@truffle/hdwallet-provider@2.1.15 Transitive: environment, filesystem, network +68 19.5 MB haltman
npm/eslint@9.1.0 environment, filesystem Transitive: unsafe +35 4.04 MB eslintbot
npm/husky@4.3.8 environment, filesystem, shell +5 115 kB typicode
npm/istanbul@0.4.5 filesystem, unsafe Transitive: environment, eval +25 1.57 MB gotwarlost
npm/lint-staged@10.5.4 environment, filesystem Transitive: shell +30 649 kB okonet
npm/mocha-junit-reporter@2.2.1 environment, filesystem +6 223 kB mrmichael
npm/solhint@3.6.2 filesystem Transitive: environment, shell, unsafe +23 13.5 MB diego.bale.arg
npm/solidity-coverage@0.8.12 environment, filesystem Transitive: network +38 4.4 MB cgewecke
npm/truffle-assertions@0.9.2 None +1 25.3 kB rkalis
npm/truffle-flatten@1.0.8 filesystem +1 1.42 MB ejwessel
npm/truffle-plugin-verify@0.6.7 Transitive: environment, filesystem, network +10 2.2 MB rkalis
npm/truffle@5.6.7 environment, filesystem, network, shell, unsafe +1 48.7 MB cliffoo
npm/web3-eth-abi@4.2.1 None +6 984 kB luu-alex
npm/web3@4.8.0 Transitive: network +36 7.37 MB luu-alex

🚮 Removed packages: npm/@truffle/hdwallet-provider@1.7.0, npm/eslint@7.32.0

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Uses eval npm/js-yaml@3.14.1
Dynamic require npm/js-yaml@3.14.1
Uses eval npm/js-yaml@3.14.1
Environment variable access npm/chalk@2.4.2
Dynamic require npm/import-fresh@3.3.0
  • orphan: npm/import-fresh@3.3.0
New author npm/level-concat-iterator@2.0.1
  • orphan: npm/level-concat-iterator@2.0.1
Environment variable access npm/execa@1.0.0
Shell access npm/execa@1.0.0
Environment variable access npm/execa@1.0.0
Trivial Package npm/at-least-node@1.0.0
  • orphan: npm/at-least-node@1.0.0
Floating dependency npm/@types/cacheable-request@6.0.3
  • orphan: npm/@types/cacheable-request@6.0.3
Floating dependency npm/@types/cacheable-request@6.0.3
  • orphan: npm/@types/cacheable-request@6.0.3
Floating dependency npm/@types/keyv@3.1.4
  • orphan: npm/@types/keyv@3.1.4
Unmaintained npm/@protobufjs/aspromise@1.1.2
  • Last Publish: 4/24/2017, 10:38:32 AM
  • orphan: npm/@protobufjs/aspromise@1.1.2
Unmaintained npm/@protobufjs/base64@1.1.2
  • Last Publish: 6/9/2017, 9:32:02 AM
  • orphan: npm/@protobufjs/base64@1.1.2
Unmaintained npm/@protobufjs/codegen@2.0.4
  • Last Publish: 6/9/2017, 8:56:18 PM
  • orphan: npm/@protobufjs/codegen@2.0.4
Unmaintained npm/@protobufjs/eventemitter@1.1.0
  • Last Publish: 1/25/2017, 6:12:24 PM
  • orphan: npm/@protobufjs/eventemitter@1.1.0
Unmaintained npm/@protobufjs/fetch@1.1.0
  • Last Publish: 1/27/2017, 3:50:55 PM
  • orphan: npm/@protobufjs/fetch@1.1.0
Network access npm/@protobufjs/fetch@1.1.0
  • orphan: npm/@protobufjs/fetch@1.1.0
Unmaintained npm/@protobufjs/float@1.0.2
  • Last Publish: 4/2/2017, 10:45:42 AM
  • orphan: npm/@protobufjs/float@1.0.2
Unmaintained npm/@protobufjs/inquire@1.1.0
  • Last Publish: 1/25/2017, 6:13:02 PM
  • orphan: npm/@protobufjs/inquire@1.1.0
Unmaintained npm/@protobufjs/path@1.1.2
  • Last Publish: 2/23/2017, 4:54:18 PM
  • orphan: npm/@protobufjs/path@1.1.2
Unmaintained npm/@protobufjs/pool@1.1.0
  • Last Publish: 1/25/2017, 6:13:19 PM
  • orphan: npm/@protobufjs/pool@1.1.0
Unmaintained npm/@protobufjs/utf8@1.1.0
  • Last Publish: 1/25/2017, 6:15:35 PM
  • orphan: npm/@protobufjs/utf8@1.1.0
Unmaintained npm/lodash.sortby@4.7.0
  • Last Publish: 8/13/2016, 5:44:38 PM
  • orphan: npm/lodash.sortby@4.7.0
Debug access npm/@humanwhocodes/module-importer@1.0.1
Dynamic require npm/@humanwhocodes/module-importer@1.0.1
New author npm/bech32@1.1.4
Dynamic require npm/istanbul@0.4.5
Dynamic require npm/istanbul@0.4.5
Filesystem access npm/istanbul@0.4.5
Dynamic require npm/istanbul@0.4.5
Debug access npm/istanbul@0.4.5
Debug access npm/istanbul@0.4.5
Dynamic require npm/istanbul@0.4.5
Unmaintained npm/istanbul@0.4.5
  • Last Publish: 8/21/2016, 8:02:09 PM
Deprecated npm/istanbul@0.4.5
  • Reason: This module is no longer maintained, try this instead: npm i nyc Visit https://istanbul.js.org/integrations for other alternatives.
Network access npm/@ethersproject/web@5.7.1
Network access npm/@ethersproject/web@5.7.1
Network access npm/@ethersproject/web@5.7.1
Unmaintained npm/eth-ens-namehash@2.0.8
  • Last Publish: 11/27/2017, 5:29:18 PM
Network access npm/ethers@4.0.49
Network access npm/xmlhttprequest@1.8.0
Filesystem access npm/xmlhttprequest@1.8.0
Shell access npm/xmlhttprequest@1.8.0
Unmaintained npm/xmlhttprequest@1.8.0
  • Last Publish: 10/11/2015, 8:15:32 PM
Network access npm/xmlhttprequest@1.8.0
Filesystem access npm/conf@10.2.0
Environment variable access npm/conf@10.2.0
New author npm/check-error@1.0.3
Deprecated npm/request-promise@4.2.6
Filesystem access npm/mocha-junit-reporter@2.2.1
Environment variable access npm/mocha-junit-reporter@2.2.1
Environment variable access npm/mocha-junit-reporter@2.2.1
Environment variable access npm/mocha-junit-reporter@2.2.1
Environment variable access npm/husky@4.3.8
Shell access npm/husky@4.3.8
Filesystem access npm/husky@4.3.8
Install scripts npm/husky@4.3.8
  • Install script: postinstall
  • Source: opencollective-postinstall || exit 0
Install scripts npm/husky@4.3.8
  • Install script: install
  • Source: node husky install
Environment variable access npm/husky@4.3.8
Environment variable access npm/husky@4.3.8
Environment variable access npm/husky@4.3.8
Environment variable access npm/husky@4.3.8

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    None yet
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.

    None yet
    2 participants
    @naiba4 @snyk-bot