New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 6 vulnerabilities #185

Open

leonardoadame wants to merge 1 commit into main from snyk-fix-9519acffab82f7275e8fe044edec7e29

Owner

leonardoadame commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/node_modules/abort-controller/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-USERAGENT-174737	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mysticatea/eslint-plugin

The new version differs by 3 commits.

6604ccd 🔖 9.0.0
409fd38 ✅ remove extra test that is syntax error
c0aa800 💥 update typescript settings

See the full diff

Package name: karma

The new version differs by 105 commits.

1b48637 chore(release): 5.0.0 [skip ci]
a5dbe89 Update issue templates (detect "full-icu" module nodejs/node#3460)
1074f38 chore(ci): rely on karma-runnre/integration-tests for saucelabs config (btoa() and atob() nodejs/node#3462)
4d45cf0 chore(ci): remove more old connection security stuffs (test: harden test-child-process-fork-regr-gh-2847 nodejs/node#3459)
be76fcc chore(ci): use travis UI for sauce config (test: fix test-net-keepalive for AIX nodejs/node#3458)
a04a542 chore(ci): remove secure encryption var (error handling nodejs/node#3457)
1eaf35e fix: install semantic-release as a regular dev dependency (util: make inherits work with classes nodejs/node#3455)
0647109 docs: Fix simple typo, overriden -> overridden (test: wrap assert.fail when passed to callback nodejs/node#3453)
ec1e69a fix(server): replace optimist on yargs lib (When using visual studio 2015 community to build, vcbuild says that the configuration is invalid nodejs/node#3451)
ffad7fa refactor(launcher): use class syntax (test: repl-persistent-history is no longer flaky nodejs/node#3437)
7166ce2 fix(server): detection new MS Edge Chromium (docs: add missing shell option to execSync nodejs/node#3440)
b8b2ed8 fix(ci): echo travis env that gates release after_success (Node cannot be run when installed from tar.gz. nodejs/node#3446)
33a069f refactor: use native Promise instead of Bluebird (First REPL command as CTRL+C nodejs/node#3436)
131d154 refactor: drop safe-buffer dependency in favor of native Buffer (doc: more use-cases for promise events nodejs/node#3438)
cb1bcbf fix(server): cleanup import of the removed method (Extended TypedArray reverts to parent class. nodejs/node#3439)
5c334f5 fix(server): createPreprocessor was removed (repl: event ordering: delay 'close' until 'flushHistory' nodejs/node#3435)
d7128d4 refactor(server): remove PromiseContainer class (How to pass a value from Node.js server to an embedded Javascript code inside HTML page? nodejs/node#3416)
057d527 feat(docs): document `DEFAULT_LISTEN_ADDR` constant (test-dns-ipv6.js fails on systems without IPv6 support nodejs/node#3443)
a673aa8 ci: drop node 8, adopt node 12 (Fix flaky test-child-process-emfile nodejs/node#3430)
9eb6436 chore(server): Convert PromiseContainer to object and remove (fs: decode filenames using UTF-8 in fs.watch nodejs/node#3401)
0856234 chore(travis): release on node 10 success (How to use node with WRL? nodejs/node#3428)
708ae13 feat(preprocessor): obey Pattern.isBinary when set (Node aborts when logging to stdout in JS called from C++ nodejs/node#3422)
00d536f chore(test): logLevel debug in proxy test (Node.js Installer to notify new version nodejs/node#3427)
da9d8bd chore(docs): delete PULL_REQUEST_TEMPLATE.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)


          fix: deps/npm/node_modules/abort-controller/package.json to reduce vu…

7861a04

…lnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-USERAGENT-174737
- https://snyk.io/vuln/npm:braces:20180219

stackblitz bot commented Nov 28, 2023

Run & review this pull request in StackBlitz Codeflow.

leonardoadame mentioned this pull request

[Snyk] Fix for 15 vulnerabilities #225

Open

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet