New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade tape-run from 6.0.1 to 11.0.0 #625

Open

leonardoadame wants to merge 1 commit into main from snyk-fix-f0648c6c1084b6f3b88290fa402ff19d

Owner

leonardoadame commented Jan 12, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- tools/node_modules/eslint/node_modules/parse-entities/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	726/1000 Why? Recently disclosed, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-6146929	Yes	No Known Exploit
	691/1000 Why? Recently disclosed, Has a fix available, CVSS 8.1	Use After Free SNYK-JS-ELECTRON-6146930	Yes	No Known Exploit
	726/1000 Why? Recently disclosed, Has a fix available, CVSS 8.8	Heap-based Buffer Overflow SNYK-JS-ELECTRON-6146931	Yes	No Known Exploit
	691/1000 Why? Recently disclosed, Has a fix available, CVSS 8.1	Use After Free SNYK-JS-ELECTRON-6146932	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tape-run

The new version differs by 16 commits.

dfc05e7 11.0.0
26d520a pkg: add `engines.node`
2730fcb fix ci ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #88)
01f5097 upgrade `through`
41c594a docs: security
8d0e790 10.0.0
e5579fb docs
fb87809 replace deprecated optimist with yargs ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #85)
ee4654e 9.0.0
57adc5f Bump browser-run to support sandbox option. Closes [Snyk] Security upgrade xo from 0.16.0 to 0.40.3 #82
ccad1ea Include more detailed Headless Testing section ([Snyk] Security upgrade standard from 11.0.1 to 15.0.0 #81)
31de6f9 8.0.0
20125a6 Bump browser-run to latest, fixing electron security issue ([Snyk] Fix for 5 vulnerabilities #80)
e93c616 travis: update node versions
463bed9 7.0.0
e032edb bump browser-run to 7.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use After Free


          fix: tools/node_modules/eslint/node_modules/parse-entities/package.js…

f54a99e

…on to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146929
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146930
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146931
- https://snyk.io/vuln/SNYK-JS-ELECTRON-6146932

stackblitz bot commented Jan 12, 2024

Run & review this pull request in StackBlitz Codeflow.

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet