Skip to content

[Snyk] Fix for 9 vulnerabilities #26

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 9 vulnerabilities #26

wants to merge 19 commits into from

Conversation

leonardoadame
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • tools/node_modules/eslint/node_modules/gensync/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-MERGE-1040469		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-MERGE-1042987		 Yes Proof of Concept
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:braces:20180219		 Yes Proof of Concept
medium severity 469/1000
Why? Has a fix available, CVSS 5.1		 Denial of Service (DoS)
npm:mem:20180117		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

snyk-bot and others added 19 commits May 2, 2023 17:57
@snyk-bot
fix: deps/uv/docs/requirements.txt to reduce vulnerabilities
5f861c5 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-BABEL-1278589
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
@snyk-bot
fix: upgrade multiple dependencies with Snyk
6ce3053 
Snyk has created this PR to upgrade:
  - @babel/types from 7.1.3 to 7.21.4.
    See this package in npm: https://www.npmjs.com/package/@babel/types
  - @babel/generator from 7.1.3 to 7.21.4.
    See this package in npm: https://www.npmjs.com/package/@babel/generator
  - @babel/parser from 7.1.3 to 7.21.4.
    See this package in npm: https://www.npmjs.com/package/@babel/parser
  - @babel/template from 7.1.2 to 7.20.7.
    See this package in npm: https://www.npmjs.com/package/@babel/template
  - @babel/traverse from 7.1.4 to 7.21.4.
    See this package in npm: https://www.npmjs.com/package/@babel/traverse

See this project in Snyk:
https://app.snyk.io/org/leonardoadame/project/17b9377e-05c7-466c-817b-64859e210aa8?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade globals from 10.1.0 to 10.4.0
70497e0 
Snyk has created this PR to upgrade globals from 10.1.0 to 10.4.0.

See this package in npm:
https://www.npmjs.com/package/globals

See this project in Snyk:
https://app.snyk.io/org/leonardoadame/project/17b9377e-05c7-466c-817b-64859e210aa8?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade tempy from 0.5.0 to 0.7.1
04c3980 
Snyk has created this PR to upgrade tempy from 0.5.0 to 0.7.1.

See this package in npm:
https://www.npmjs.com/package/tempy

See this project in Snyk:
https://app.snyk.io/org/leonardoadame/project/17b9377e-05c7-466c-817b-64859e210aa8?utm_source=github&utm_medium=referral&page=upgrade-pr
@leonardoadame
Merge pull request #7 from leonardoadame/snyk-upgrade-2995fc05233b7a0…
6292d1a 
…94a74ffadedd8032d

[Snyk] Upgrade tempy from 0.5.0 to 0.7.1
@leonardoadame
Merge pull request #6 from leonardoadame/snyk-upgrade-4d5b4bd486c2748…
616a8bf 
…2cad22ca48f99fb34

[Snyk] Upgrade globals from 10.1.0 to 10.4.0
@snyk-bot
fix: deps/uv/docs/requirements.txt to reduce vulnerabilities
a614a8a 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
@leonardoadame
Merge pull request #10 from leonardoadame/snyk-fix-8d86d74fb78e75dbf9…
52682c9 
…14fcf9fdb45341

[Snyk] Security upgrade requests from 2.22.0 to 2.31.0
@leonardoadame
Merge pull request #3 from leonardoadame/snyk-fix-3fed45732244c5baec2…
2e2374f 
…452a2501c403d

[Snyk] Fix for 5 vulnerabilities
@snyk-bot
fix: tools/node_modules/eslint/node_modules/@babel/core/package.json …
eb66b7e 
…to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
@snyk-bot
fix: tools/node_modules/eslint/node_modules/@babel/eslint-parser/pack…
47a5b14 
…age.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
@snyk-bot
fix: deps/v8/tools/package.json & deps/v8/tools/package-lock.json to …
30fc1d1 
…reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
@snyk-bot
fix: tools/node_modules/eslint/node_modules/@babel/helper-compilation…
1100bde 
…-targets/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
@leonardoadame
Merge pull request #13 from leonardoadame/snyk-fix-ee8912d3a9cd5262aa…
853f217 
…8829879580bfb4

[Snyk] Security upgrade semver from 6.3.0 to 7.5.2
@leonardoadame
Merge pull request #15 from leonardoadame/snyk-fix-900859a513e8ed4cc8…
35fab6e 
…aa20aac868f5e5

[Snyk] Security upgrade semver from 6.3.0 to 7.5.2
@leonardoadame
Merge pull request #14 from leonardoadame/snyk-fix-b7180ea97e108aabee…
f827f4a 
…5479ebc6233124

[Snyk] Security upgrade local-web-server from 4.2.1 to 5.0.0
@leonardoadame
Merge pull request #4 from leonardoadame/snyk-upgrade-f919faf2a9ba7c3…
73ba401 
…fa026d85a0edb65c5

[Snyk] Upgrade: @babel/types, @babel/generator, @babel/parser, @babel/template, @babel/traverse
@leonardoadame
Merge pull request #12 from leonardoadame/snyk-fix-763b7501c41ba23cc9…
d735ea2 
…11126a17ab65f0

[Snyk] Security upgrade semver from 6.3.0 to 7.5.2
@snyk-bot
fix: tools/node_modules/eslint/node_modules/gensync/package.json to r…
49e3f78 
…educe vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-MERGE-1040469
- https://snyk.io/vuln/SNYK-JS-MERGE-1042987
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:mem:20180117
@bolt-new-by-stackblitz
Copy link

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot
Copy link

changeset-bot bot commented Jul 6, 2023

⚠️ No Changeset found

Latest commit: 49e3f78

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@leonardoadame leonardoadame force-pushed the main branch 2 times, most recently from 1eeaa09 to d9438cc Compare July 7, 2023 00:52
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leonardoadame @snyk-bot