[Snyk] Upgrade: marked, nuxt, sockjs-client #29
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
marked
from 4.0.10 to 4.3.0 | 25 versions ahead of your current version | a year ago
on 2023-03-22
nuxt
from 2.16.0 to 2.18.1 | 10 versions ahead of your current version | 3 months ago
on 2024-06-28
sockjs-client
from 1.6.0 to 1.6.1 | 1 version ahead of your current version | 2 years ago
on 2022-05-28
Issues fixed by the recommended upgrade:
SNYK-JS-HTMLMINIFIER-3091181
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-BROWSERIFYSIGN-6037026
SNYK-JS-IP-6240864
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
SNYK-JS-WS-7266574
SNYK-JS-TAR-6476909
SNYK-JS-JSON5-3182856
SNYK-JS-ELLIPTIC-7577916
SNYK-JS-ELLIPTIC-7577917
SNYK-JS-ELLIPTIC-7577918
SNYK-JS-EVENTSOURCE-2823375
Release notes
Package name: marked
4.3.0 (2023-03-22)
Bug Fixes
Features
4.2.12 (2023-01-14)
Sorry for all of the quick releases. We were testing out different ways to build the files for releases. v4.2.5 - v4.2.12 have no changes to how marked works. The only addition is the version number in the comment in the build files.
Bug Fixes
4.2.11 (2023-01-14)
Bug Fixes
4.2.10 (2023-01-14)
Bug Fixes
4.2.9 (2023-01-14)
Bug Fixes
4.2.8 (2023-01-14)
Bug Fixes
4.2.7 (2023-01-14)
Bug Fixes
4.2.6 (2023-01-14)
Bug Fixes
4.2.5 (2022-12-23)
Bug Fixes
4.2.4 (2022-12-07)
Bug Fixes
Package name: nuxt
👉 Changelog
compare changes
🩹 Fixes
mkdirp
(f67056b9e)❤️ Contributors
👉 Changelog
compare changes
🚀 Enhancements
memfs
(#27652)🩹 Fixes
sessionStorage
(#27662)🏡 Chore
❤️ Contributors
👉 Changelog
compare changes
🩹 Fixes
serve-static
types to v1.15.7 (1c44c376d)html-minifier-terser
(#26914)🏡 Chore
@ nuxt/config
(c283cc039)✅ Tests
page
in e2e tests (1700aa131)🤖 CI
dev
(2a5d05257)❤️ Contributors
Package name: sockjs-client
Fixes
eventsource
to2.0.2
due to CVE-2022-1650. Fixes #590minimist
to1.2.6
. Fixes #585Fixes
agent: false
to allow usage ofglobalAgent
. Fixes #421dependencies
url-parse
due to CVE-2022-0686, CVE-2022-0639, and CVE-2022-0512. Fixes #576json3
dependency. Fixes #476eventsource
to1.1.0
faye-websocket
to0.11.4
debug
to3.2.7
devDependencies
follow-redirects
(devDep) due to CVE-2022-0536 and CVE-2022-0155karma
(devDep) due to CVE-2022-0437cached-path-relative
(devDep) due to CVE-2021-23518fsevents
(devDep) to fix:ini
CVE-2020-7788minimist
CVE-2020-7598tar
CVE-2021-37713, CVE-2021-37701, CVE-2021-32804, CVE-2021-32803copy-props
(devDep) due to CVE-2020-28503eslint
,mocha
,gulp-replace
,karma-browserify
,gulp-sourcemaps
, andbrowserify
Other Changes
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"marked","from":"4.0.10","to":"4.3.0"},{"name":"nuxt","from":"2.16.0","to":"2.18.1"},{"name":"sockjs-client","from":"1.6.0","to":"1.6.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTMLMINIFIER-3091181","issue_id":"SNYK-JS-HTMLMINIFIER-3091181","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","issue_id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":691,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSON5-3182856","issue_id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-7577916","issue_id":"SNYK-JS-ELLIPTIC-7577916","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-7577917","issue_id":"SNYK-JS-ELLIPTIC-7577917","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-7577918","issue_id":"SNYK-JS-ELLIPTIC-7577918","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-EVENTSOURCE-2823375","issue_id":"SNYK-JS-EVENTSOURCE-2823375","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"}],"prId":"70059cc1-737c-40fe-9289-bc05280259bc","prPublicId":"70059cc1-737c-40fe-9289-bc05280259bc","packageManager":"npm","priorityScoreList":[586,786,589,751,691,696,646,641,776,776,776,646],"projectPublicId":"323b2ded-22d3-407f-aebc-4d64e7376adb","projectUrl":"https://app.snyk.io/org/nps2003/project/323b2ded-22d3-407f-aebc-4d64e7376adb?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-HTMLMINIFIER-3091181","SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-BROWSERIFYSIGN-6037026","SNYK-JS-IP-6240864","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574","SNYK-JS-TAR-6476909","SNYK-JS-JSON5-3182856","SNYK-JS-ELLIPTIC-7577916","SNYK-JS-ELLIPTIC-7577917","SNYK-JS-ELLIPTIC-7577918","SNYK-JS-EVENTSOURCE-2823375"],"upgradeInfo":{"versionsDiff":25,"publishedDate":"2023-03-22T05:54:41.043Z"},"vulns":["SNYK-JS-HTMLMINIFIER-3091181","SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-BROWSERIFYSIGN-6037026","SNYK-JS-IP-6240864","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574","SNYK-JS-TAR-6476909","SNYK-JS-JSON5-3182856","SNYK-JS-ELLIPTIC-7577916","SNYK-JS-ELLIPTIC-7577917","SNYK-JS-ELLIPTIC-7577918","SNYK-JS-EVENTSOURCE-2823375"]}'