Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 37 vulnerabilities #1263

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Oct 6, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • integrations/zopim/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Prototype Pollution
SNYK-JS-AJV-584908
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-ENGINEIO-1056749
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept
medium severity 591/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.4
Cross-site Scripting (XSS)
SNYK-JS-KARMA-2395349
Yes Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Open Redirect
SNYK-JS-KARMA-2396325
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASH-1040724
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-450202
Yes Proof of Concept
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2
Prototype Pollution
SNYK-JS-LODASH-567746
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-608086
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-73638
Yes Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639
Yes Proof of Concept
medium severity 489/1000
Why? Has a fix available, CVSS 5.5
Information Exposure
SNYK-JS-LOG4JS-2348757
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388
Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Prototype Pollution
SNYK-JS-MINIMIST-2429795
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MINIMIST-559764
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-561476
Yes No Known Exploit
medium severity 490/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370
Yes No Known Exploit
high severity 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1
Improper Privilege Management
SNYK-JS-SHELLJS-2332187
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Insecure Defaults
SNYK-JS-SOCKETIO-1024859
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-1056752
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647
Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:braces:20180219
Yes Proof of Concept
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:eslint:20180222
Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8
Arbitrary Code Injection
npm:growl:20160721
Yes No Known Exploit
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
npm:lodash:20180130
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
npm:ws:20160624
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Insecure Randomness
npm:ws:20160920
No No Known Exploit
high severity 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
npm:ws:20171108
Yes Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint The new version differs by 250 commits.
  • c4fffbc 8.0.0
  • d51f4cf Build: changelog update for 8.0.0
  • 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixes #15036) (#15146)
  • 2174a6f Fix: require-atomic-updates property assignment message (fixes #15076) (#15109)
  • f885fe0 Docs: add note and example for extending the range of fix (refs #13706) (#13748)
  • 3da1509 Docs: Add jsdoc `type` annotation to sample rule (#15085)
  • 68a49a9 Docs: Update Rollup Integrations (#15142)
  • d867f81 Docs: Remove a dot from curly link (#15128)
  • 9f8b919 Sponsors: Sync README with website
  • 4b08f29 Sponsors: Sync README with website
  • ebc1ba1 Sponsors: Sync README with website
  • 2d654f1 Docs: add example .eslintrc.json (#15087)
  • 16034f0 Docs: fix fixable example (#15107)
  • 07175b8 8.0.0-rc.0
  • 71faa38 Build: changelog update for 8.0.0-rc.0
  • 67c0074 Update: Suggest missing rule in flat config (fixes #14027) (#15074)
  • cf34e5c Update: space-before-blocks ignore after switch colons (fixes #15082) (#15093)
  • c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081)
  • 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` (#14860)
  • 7f2346b Docs: Update release blog post template (#15094)
  • fabdf8a Chore: Remove `target.all` from `Makefile.js` (#15088)
  • e3cd141 Sponsors: Sync README with website
  • 05d7140 Chore: document target global in Makefile.js (#15084)
  • 0a1a850 Update: include `ruleId` in error logs (fixes #15037) (#15053)

See the full diff

Package name: eslint-plugin-mocha The new version differs by 250 commits.

See the full diff

Package name: karma The new version differs by 250 commits.
  • ab4b328 chore(release): 6.3.16 [skip ci]
  • ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
  • c1befa0 chore(release): 6.3.15 [skip ci]
  • d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
  • 653c762 ci: prevent duplicate CI tasks on creating a PR
  • c97e562 chore(release): 6.3.14 [skip ci]
  • 91d5acd fix: remove string template from client code
  • 69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
  • 839578c fix(security): remove XSS vulnerability in `returnUrl` query param
  • db53785 chore(release): 6.3.13 [skip ci]
  • 5bf2df3 fix(deps): bump log4js to resolve security issue
  • 36ad678 chore(release): 6.3.12 [skip ci]
  • 41bed33 fix: remove depreciation warning from log4js
  • c985155 docs: create security.md
  • c96f0c5 chore(release): 6.3.11 [skip ci]
  • a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
  • de0df2f test: fix version regex in the CLI test case
  • eddb2e8 chore(release): 6.3.10 [skip ci]
  • 0d24bd9 fix(logger): create parent folders if they are missing
  • b8eafe9 chore(release): 6.3.9 [skip ci]
  • cf318e5 test: add test case for restarting test run on file change
  • 92ffe60 fix: restartOnFileChange option not restarting the test run
  • b153355 style: fix grammar error in browser capture log message
  • 8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

Package name: karma-coverage The new version differs by 36 commits.

See the full diff

Package name: mocha The new version differs by 250 commits.
  • eb781e2 Release v6.2.3
  • 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
  • 848d6fb security: update mkdirp, yargs, yargs-parser
  • 843a322 6.2.2
  • aec8b02 update CHANGELOG for v6.2.2 [ci skip]
  • 7a8b95a npm audit fixes
  • cebddf2 Improve reporter documentation for mocha in browser. (#4026)
  • 3f7b987 uncaughtException: report more than one exception per test (#4033)
  • ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (#4046)
  • e9c036c special-case parsing of "require" in unparseNodeArgs(); closes #4035 (#4063)
  • 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (#4051)
  • 816dc27 uncaughtException: fix double EVENT_RUN_END events (#4025)
  • 9650d3f add OpenJS Foundation logo to website (#4008)
  • f04b81d Adopt the OpenJSF Code of Conduct (#3971)
  • aca8895 Add link checking to docs build step (#3972)
  • ef6c820 Release v6.2.1
  • 9524978 updated CHANGELOG for v6.2.1 [ci skip]
  • dfdb8b3 Update yargs to v13.3.0 (#3986)
  • 18ad1c1 treat '--require esm' as Node option (#3983)
  • fcffd5a Update yargs-unparser to v1.6.0 (#3984)
  • ad4860e Remove extraGlobals() (#3970)
  • b269ad0 Clarify effect of .skip() (#3947)
  • 1e6cf3b Add Matomo to website (#3765)
  • 91b3a54 fix style on mochajs.org (#3886)

See the full diff

Package name: npm-check The new version differs by 5 commits.

See the full diff

Package name: watchify The new version differs by 9 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-KARMA-2395349
- https://snyk.io/vuln/SNYK-JS-KARMA-2396325
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MOCHA-561476
- https://snyk.io/vuln/SNYK-JS-RAMDA-1582370
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:eslint:20180222
- https://snyk.io/vuln/npm:growl:20160721
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:ws:20160624
- https://snyk.io/vuln/npm:ws:20160920
- https://snyk.io/vuln/npm:ws:20171108
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant