[Snyk] Upgrade ipld-dag-cbor from 0.17.0 to 0.18.0 #510

X-oss-byte · 2024-03-28T09:33:29Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade ipld-dag-cbor from 0.17.0 to 0.18.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 2 versions ahead of your current version.
The recommended version was released 3 years ago, on 2021-03-11.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAPISTATEHOOD-2769251	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-NANOID-2332193	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: ipld-dag-cbor

0.18.0 - 2021-03-11
No content.
0.17.1 - 2021-03-03
No content.
0.17.0 - 2020-08-04
Bug Fixes
- replace node buffers with uint8arrays (#134) (41587e7)
BREAKING CHANGES
- - util.serialize now returns a Uint8Array

from ipld-dag-cbor GitHub release notes

Commit messages

Package name: ipld-dag-cbor

554ea20 chore: release version v0.18.0
0c9b792 chore: update contributors
cde65dd chore: add types ([Snyk] Upgrade @ganache/utils from 0.8.0 to 0.9.1 #139)
361f66e chore: release version v0.17.1
3d3a2ea chore: update contributors
cb402b7 chore: remove commands that aegir does not have now
2105b30 chore: update deps

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade ipld-dag-cbor from 0.17.0 to 0.18.0. See this package in npm: https://www.npmjs.com/package/ipld-dag-cbor See this project in Snyk: https://app.snyk.io/org/sammytezzy/project/cb740484-0d66-4e31-bf96-998366f9aefa?utm_source=github&utm_medium=referral&page=upgrade-pr

stackblitz · 2024-03-28T09:33:32Z

Run & review this pull request in StackBlitz Codeflow.

changeset-bot · 2024-03-28T09:33:33Z

⚠️ No Changeset found

Latest commit: fac4159

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sourcery-ai

We have skipped reviewing this pull request. Here's why:

It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
We don't review packaging changes - Let us know if you'd like us to change this.

sourcery-ai bot reviewed Mar 28, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade ipld-dag-cbor from 0.17.0 to 0.18.0 #510

[Snyk] Upgrade ipld-dag-cbor from 0.17.0 to 0.18.0 #510

X-oss-byte commented Mar 28, 2024

Bug Fixes

BREAKING CHANGES

stackblitz bot commented Mar 28, 2024

changeset-bot bot commented Mar 28, 2024

sourcery-ai bot left a comment

[Snyk] Upgrade ipld-dag-cbor from 0.17.0 to 0.18.0 #510

Are you sure you want to change the base?

[Snyk] Upgrade ipld-dag-cbor from 0.17.0 to 0.18.0 #510

Conversation

X-oss-byte commented Mar 28, 2024

Snyk has created this PR to upgrade ipld-dag-cbor from 0.17.0 to 0.18.0.

Bug Fixes

BREAKING CHANGES

stackblitz bot commented Mar 28, 2024

changeset-bot bot commented Mar 28, 2024

⚠️ No Changeset found

sourcery-ai bot left a comment

Choose a reason for hiding this comment