Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade cabin from 9.0.4 to 10.0.3 #69

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade cabin from 9.0.4 to 10.0.3 #69

wants to merge 1 commit into from

Conversation

titanism
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Poisoning

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/arrify@2.0.1 None 0 3.19 kB sindresorhus
npm/base64-js@1.5.1 None 0 9.62 kB feross
npm/cabin@10.0.5 environment 0 122 kB titanism
npm/cli-boxes@2.2.1 None 0 6.14 kB sindresorhus
npm/console-control-strings@1.1.0 None 0 12.7 kB iarna
npm/constants-browserify@1.0.0 None 0 7.46 kB juliangruber
npm/core-js@2.6.12 environment, eval, filesystem 0 2.26 MB zloirock
npm/domain-browser@1.2.0 None 0 16.8 kB bevryme
npm/encodeurl@1.0.2 None 0 7.86 kB dougwilson
npm/escape-html@1.0.3 None 0 3.66 kB dougwilson
npm/estraverse@4.3.0 None 0 36.3 kB michaelficarra
npm/esutils@2.0.3 None 0 50.6 kB michaelficarra
npm/extend@3.0.2 None 0 23.5 kB ljharb
npm/extsprintf@1.3.0 None 0 22.8 kB dap
npm/get-caller-file@2.0.5 None 0 4.72 kB stefanpenner
npm/he@1.2.0 None 0 124 kB mathias
npm/ieee754@1.2.1 None 0 6.8 kB feross
npm/inherits@2.0.4 None 0 3.96 kB isaacs
npm/is-extglob@2.1.1 None 0 6.22 kB jonschlinkert
npm/is-stream@1.1.0 None 0 3.23 kB sindresorhus
npm/is-typedarray@1.0.0 None 0 4.41 kB hughsk
npm/is-windows@1.0.2 None 0 7.96 kB jonschlinkert
npm/isobject@3.0.1 None 0 6.93 kB doowb
npm/js-tokens@4.0.0 None 0 15.1 kB lydell
npm/json-stringify-safe@5.0.1 None 0 12.7 kB isaacs
npm/map-cache@0.2.2 None 0 7.6 kB jonschlinkert
npm/merge2@1.4.1 None 0 8.9 kB zensh
npm/methods@1.1.2 network 0 5.29 kB dougwilson
npm/ms@2.1.3 None 0 6.72 kB styfle
npm/object-assign@4.1.1 None 0 5.49 kB sindresorhus
npm/object-keys@1.1.1 None 0 26.5 kB ljharb
npm/os-browserify@0.3.0 None 0 2.74 kB coderpuppy
npm/parseurl@1.3.3 None 0 10.3 kB dougwilson
npm/path-is-absolute@1.0.1 None 0 3.62 kB sindresorhus
npm/path-key@3.1.1 None 0 4.55 kB sindresorhus
npm/process-nextick-args@2.0.1 None 0 3.17 kB cwmma
npm/process@0.11.10 None 0 15.3 kB cwmma
npm/querystring-es3@0.2.1 None 0 16.1 kB spaintrain
npm/remove-trailing-separator@1.1.0 None 0 4.25 kB darsain
npm/repeat-string@1.6.1 None 0 9.09 kB jonschlinkert
npm/safe-buffer@5.1.2 None 0 31.7 kB feross
npm/safer-buffer@2.1.2 None 0 42.3 kB chalker
npm/set-blocking@2.0.0 None 0 4.22 kB bcoe
npm/shell-quote@1.7.2 None 0 21 kB goto-bus-stop
npm/source-map@0.5.7 None 0 766 kB tromey
npm/tweetnacl@0.14.5 None 0 174 kB dchest
npm/unpipe@1.0.0 None 0 4.31 kB dougwilson
npm/util-deprecate@1.0.2 None 0 5.48 kB tootallnate
npm/utils-merge@1.0.1 None 0 3.72 kB jaredhanson
npm/uuid@3.4.0 None 0 34.3 kB ctavan
npm/vm-browserify@1.1.2 None 0 15.5 kB goto-bus-stop

View full report↗︎

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@titanism @snyk-bot