Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 25 vulnerabilities #40

Open
wants to merge 1 commit into
base: latest
Choose a base branch
from
Open

[Snyk] Fix for 25 vulnerabilities #40

wants to merge 1 commit into from

Conversation

bumplzz69
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary File Overwrite
SNYK-JS-BINLINKS-537608		 Yes Proof of Concept
low severity 451/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 2.6		 Unauthorized File Access
SNYK-JS-BINLINKS-537609		 Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary File Write
SNYK-JS-BINLINKS-537610		 Yes Proof of Concept
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Arbitrary File Overwrite
SNYK-JS-FSTREAM-174725		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 Yes Proof of Concept
medium severity 626/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.1		 Man-in-the-Middle (MitM)
SNYK-JS-HTTPSPROXYAGENT-469131		 Yes Proof of Concept
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 Yes Proof of Concept
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 Yes No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 Yes No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579147		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579152		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579155		 Yes No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary File Overwrite
SNYK-JS-TAR-174125		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept
medium severity 434/1000
Why? Has a fix available, CVSS 4.4		 Time of Check Time of Use (TOCTOU)
npm:chownr:20180731		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gentle-fs The new version differs by 14 commits.
  • 5ee7008 chore(release): 2.3.1
  • 223c4c6 chore: update project settings
  • 0cbe090 chore(release): 2.3.0
  • a0f09a6 update travis config
  • a929196 feat: add option to gently create bin links/shims
  • 16f9d41 add cmd-shim dep
  • b1d0536 add a test for index file
  • ece492d chore(release): 2.2.1
  • 1c69beb fix(link): properly detect that we should chown the link
  • 8231188 chore(release): 2.2.0
  • 4891c09 feat: export mkdir method
  • c4df8a8 fix: don't chown if we didn't make any dirs
  • ea6c4df chore(release): 2.1.0
  • 0dd2879 feat: infer ownership of created dirs and links

See the full diff

Package name: libcipm The new version differs by 27 commits.
  • ef52f1e chore(release): 4.0.8
  • 85cfff4 chore: update project settings, add deprecation to readme
  • ed2d735 fix: add repo to bin pkg, bump to 2.0.1
  • b66d520 chore(release): 4.0.7
  • 189980e test: deletes node_modules contents but keep the dir itself
  • f668181 chore: delete node_modules contents but keep the dir itself
  • 3394de0 chore(release): 4.0.4
  • 576ab36 fix: pack git directories properly
  • 8c11b6d respect no-optional argument
  • 3fa8efb chore(release): 4.0.3
  • 250808c chore: update travis yml
  • 46b2101 fix: do not pass opts.log to lifecycle
  • 9f2bfa9 chore(release): 4.0.2
  • 7166364 chore: fix repository links and license
  • 1623565 chore(release): 4.0.1
  • 20b7372 fix: respect and retain all configs passed in
  • 21efbcc chore(release): 4.0.0
  • 84b8d7e npm-lifecycle@3.0.0
  • 7af39e6 fix(lifecycle): remove warning from bluebird (readable-stream@3.0.2 npm/cli#59)
  • 109cbaa chore(release): 3.0.3
  • 018df27 fix(scripts): pass in opts.dir directly
  • 193d74e chore(release): 3.0.2
  • 4371558 fix(worker): missed a spot
  • 02cdffa chore(release): 3.0.1

See the full diff

Package name: read-package-tree The new version differs by 16 commits.
  • 3174edf 5.3.1
  • 6acf66a Revert breaking change, preserve legacy design bug
  • c995ab2 only the node_modules in root should be ignored
  • 5534e74 5.3.0
  • 0515c80 auto-publish on version bump
  • 4231410 Restore node v6 compatability
  • e9cd536 Use custom cachable fs.realpath implementation
  • 4eed760 Add promise API to readme
  • 9a290ec drop old versions from travis
  • 4782b1f Refactor to be promise-based
  • f656af8 Use tap snapshots
  • 4633948 update tap
  • ee595cb 5.2.2
  • 4b6e0a3 fix(audit): npm audit fix --force
  • 0989a5c fix(name): fix calculation of node and link names
  • a7f0ab7 feat(test): add travis badge to readme

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary File Overwrite

@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
0c4e400 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BINLINKS-537608
- https://snyk.io/vuln/SNYK-JS-BINLINKS-537609
- https://snyk.io/vuln/SNYK-JS-BINLINKS-537610
- https://snyk.io/vuln/SNYK-JS-FSTREAM-174725
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SSRI-1246392
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TAR-174125
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/npm:chownr:20180731
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bumplzz69 @snyk-bot