New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade bankai from 8.1.1 to 9.13.0 #12

Open

walaura wants to merge 1 commit into master from snyk-fix-e5c651c539f27b0987440f8b25e2f423

Owner

walaura commented Oct 5, 2022

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-JS-OPEN-174041	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-STATICEVAL-173693	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Arbitrary Command Injection npm:open:20180512	Yes	Proof of Concept
	794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Arbitrary Code Execution npm:static-eval:20171016	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bankai

The new version differs by 205 commits.

d907c26 9.13.0
ec4ca37 enable reload when necessary (#493)
a608940 correct router regex (#496)
1b5c959 Init bankai after mkdirp (#489)
f894c98 Switch to nanohtml. (#488)
61c3dc5 ci: Add Node 10.
a4ed1f1 swap `open` with `opn` (#484)
12236b9 9.12.1
4a8b2a7 🐛 Unify service-worker env url format (#483)
f95a4c9 use utils.find() (#482)
840a05b 9.12.0
02f2d98 Update v8-compile-cache to 2.0.0.
81bbfee Improve syntax error messages (#480)
73b34cc Fixed + more consistent basedir handling (#467)
260b3e6 9.11.2
2817d0f Fix outputting dynamic bundles, fixes #472 (#474)
8daa49b Add gitignore to example. (#476)
86e16d0 9.11.1
7c9d5b5 deps: add missing dependency `resolve` (#471)
122abdb Update example app.mount() usage (#469)
e6b5f90 Add quotes around theme-color `content`. (#466)
8b0fe15 9.11.0
cee3689 Disable Babel modules transform for dependencies (#455)
a4306c5 Add option babelifyDeps (#422)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn


          fix: package.json to reduce vulnerabilities

3edadac

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-OPEN-174041
- https://snyk.io/vuln/SNYK-JS-STATICEVAL-173693
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:open:20180512
- https://snyk.io/vuln/npm:static-eval:20171016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment