New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 14 vulnerabilities #11

Open

austin-doll wants to merge 1 commit into main from snyk-fix-dbee5849318c35acbb5706e331de52ed

Owner

austin-doll commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hbs

The new version differs by 63 commits.

7a0da80 v4.1.1
0647f9b deps: handlebars@4.7.6
3cc3455 deps: handlebars@4.7.3
07d4acc build: mocha@7.1.1
0717195 build: eslint-plugin-markdown@1.0.2
da7edaf tests: add test for typical model usage
a9dbdc2 build: mocha@7.1.0
8640b2d build: eslint@6.8.0
2fb94e0 build: Node.js@12.16
74e5568 build: Node.js@10.19
da05674 lint: apply to readme
504a635 build: mocha@7.0.1
55df109 v4.1.0
54780a9 build: remove deprecated mocha.opts
42e5550 build: nyc@15.0.0
04ff393 build: mocha@7.0.0
57a2086 deps: handlebars@4.5.3
00b0449 build: Node.js@12.14
0d99d08 build: Node.js@10.18
e49d614 build: Node.js@8.17
c3f0070 build: Node.js@10.17
b3252a3 deps: handlebars@4.4.5
7f9133b docs: fix history formatting
5b74831 build: Node.js@12.13

See the full diff

Package name: humanize-ms

The new version differs by 7 commits.

d9cdffe Release 1.2.1
c6da77c deps: ms@2
3b6f1ba fix: package.json to reduce vulnerabilities ([Snyk] Upgrade moment from 2.15.1 to 2.29.4 #3)
51a95e8 Add license text ([Snyk] Upgrade body-parser from 1.9.0 to 1.20.2 #2)
627c5c4 Release 1.2.0
e584c58 add benchmark
4cf945f deps: upgrade ms to 0.7.0

See the full diff

Package name: tap

The new version differs by 250 commits.

8f2baa7 16.0.0
65e599e drop support for node v10
84fc6df docs: changelog for v16
e6acf7b update coveralls documentation to say to install it
3c7b3ef document coveralls removal in the cli help output
43bf1df undocument synonyms
1ff75a4 make coveralls an optional peer dep
3f1ae47 Add eslint for linting
162c1a8 Support Typescript for --before and --after
28d2d03 Fix script on using node-tap with codecov
3a0e81c docs: fix broken link
1b636b2 Add jsonpath-faster
c4bdeef fix typo `than` to `that`
20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
90dda0b update cli doc
636ab18 15.2.3
e609d8f docs: changelog for 15.2
c182328 tap-parser@11.0.1
f576a60 docs: setting t.snapshotFile
d9fa241 libtap@1.3.0
a02f33e update cli doc
d1500b6 15.2.2
b784d77 tap-parser@11
567384e update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn


          fix: package.json & package-lock.json to reduce vulnerabilities

9e9ec6b

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962463
- https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970
- https://snyk.io/vuln/SNYK-JS-KINDOF-537849
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
- https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:ms:20170412

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet