Skip to content

[Snyk] Security upgrade adm-zip from 0.4.16 to 0.5.2 #286

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade adm-zip from 0.4.16 to 0.5.2 #286

wants to merge 1 commit into from

Conversation

wouldgo
Copy link
Member

@wouldgo wouldgo commented Feb 18, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 656/1000
Why? Recently disclosed, Has a fix available, CVSS 7.4		 Directory Traversal
SNYK-JS-ADMZIP-1065796		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: adm-zip The new version differs by 25 commits.
  • c5aeed4 Incremented version number
  • 119dcad Fixed path traversal issue GHSL-2020-198
  • 1d22ff6 Merge pull request #341 from 5saviahv/history
  • 492d148 added changelog
  • dd415ae Incremented version
  • 0f011a3 Fixed outFileName
  • bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
  • 92e9836 Updated dev dependency
  • 2b8d9ab Merge pull request #315 from enecciari/work_in_browser
  • 4fe58d1 Merge pull request #322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
  • 49218a4 Merge pull request #327 from kosuke-suzuki/multibyte-comment
  • a7e8932 Merge pull request #331 from 5saviahv/master
  • 7db0eda modified addLocalFolder method
  • e114929 typo
  • dc81063 modified addLocalFile method
  • bc0f594 Deflate needs min V2.0
  • dde4f51 Node v6
  • 003d4cf Added ZipCrypto decrypting ability
  • 63ed6e2 Detect and throw error with encrypted files
  • c64ac14 LICENSE filename in package.json
  • 1a334b2 add multibyte-encoded comment with byte length instead of character length
  • 96d492a Bump lodash from 4.17.15 to 4.17.19
  • b77f380 now it works in browser
  • 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
2c8fc18 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wouldgo @snyk-bot