[Snyk] Security upgrade tape-run from 6.0.1 to 11.0.0 #999

leonardoadame · 2024-05-21T13:15:07Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- tools/node_modules/eslint/node_modules/parse-entities/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
804/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1041745	Yes	Mature
794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Improper Validation SNYK-JS-ELECTRON-1047306	Yes	Mature
751/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1050882	Yes	Mature
704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1050999	Yes	No Known Exploit
704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1070013	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085705	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Out-of-bounds Write SNYK-JS-ELECTRON-1088600	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252279	Yes	Mature
876/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Out-of-bounds SNYK-JS-ELECTRON-1257943	Yes	Mature
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1296559	Yes	Proof of Concept
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-1312314	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1313765	Yes	Mature
704/1000 Why? Has a fix available, CVSS 9.8	Out-of-bounds Write SNYK-JS-ELECTRON-1315668	Yes	No Known Exploit
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1534883	Yes	Mature
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536581	Yes	Proof of Concept
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1656743	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910985	Yes	Mature
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Type Confusion SNYK-JS-ELECTRON-1911949	Yes	Proof of Concept
754/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1912085	Yes	Mature
794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Use After Free SNYK-JS-ELECTRON-2322001	Yes	Mature
704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-ELECTRON-2332173	Yes	No Known Exploit
809/1000 Why? Mature exploit, Has a fix available, CVSS 7.6	Use After Free SNYK-JS-ELECTRON-2414027	Yes	Mature
794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Type Confusion SNYK-JS-ELECTRON-2434822	Yes	Mature
919/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Type Confusion SNYK-JS-ELECTRON-2805803	Yes	Mature
859/1000 Why? Mature exploit, Has a fix available, CVSS 8.6	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2946881	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3014411	Yes	Mature
869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-3091122	Yes	Mature
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-570833	Yes	Proof of Concept
794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-6137744	Yes	Mature
884/1000 Why? Currently trending on Twitter, Mature exploit, Has a fix available, CVSS 8.8	Out-of-bounds Read SNYK-JS-ELECTRON-6179663	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tape-run

The new version differs by 16 commits.

dfc05e7 11.0.0
26d520a pkg: add `engines.node`
2730fcb fix ci ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #88)
01f5097 upgrade `through`
41c594a docs: security
8d0e790 10.0.0
e5579fb docs
fb87809 replace deprecated optimist with yargs ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #85)
ee4654e 9.0.0
57adc5f Bump browser-run to support sandbox option. Closes [Snyk] Security upgrade xo from 0.16.0 to 0.40.3 #82
ccad1ea Include more detailed Headless Testing section ([Snyk] Security upgrade standard from 11.0.1 to 15.0.0 #81)
31de6f9 8.0.0
20125a6 Bump browser-run to latest, fixing electron security issue ([Snyk] Fix for 5 vulnerabilities #80)
e93c616 travis: update node versions
463bed9 7.0.0
e032edb bump browser-run to 7.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"tape-run","from":"6.0.1","to":"11.0.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-2805803","priority_score":919,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Type Confusion"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-6179663","priority_score":884,"priority_score_factors":[{"type":"socialTrends","label":true,"score":111},{"type":"exploit","label":"High","score":167},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Out-of-bounds Read"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1257943","priority_score":876,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Out-of-bounds"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1041745","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1085705","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1088600","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Out-of-bounds Write"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1252279","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1656743","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1312314","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Access of Resource Using Incompatible Type ('Type Confusion')"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1910985","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1313765","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1534883","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Type Confusion"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-3014411","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-3091122","priority_score":869,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Type Confusion"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-2946881","priority_score":859,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Heap-based Buffer Overflow"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELECTRON-1911949","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Type Confusion"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-2414027","priority_score":809,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.6","score":380},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1021884","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Heap-based Buffer Overflow"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1047306","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Validation"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-2322001","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-2434822","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Type Confusion"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-6137744","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Heap-based Buffer Overflow"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELECTRON-1296559","priority_score":761,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Type Confusion"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELECTRON-1536581","priority_score":761,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use After Free"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELECTRON-570833","priority_score":761,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Type Confusion"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1912085","priority_score":754,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Mature","id":"SNYK-JS-ELECTRON-1050882","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Insufficient Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELECTRON-1050999","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Use After Free"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELECTRON-1315668","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Out-of-bounds Write"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELECTRON-2332173","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELECTRON-1070013","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Use After Free"}],"prId":"de7bdeb7-3765-45f0-885e-28cd06a2ae1e","prPublicId":"de7bdeb7-3765-45f0-885e-28cd06a2ae1e","packageManager":"npm","priorityScoreList":[919,884,876,869,869,869,869,869,869,869,869,869,869,869,859,811,809,804,794,794,794,794,761,761,761,754,751,704,704,704,704],"projectPublicId":"41aec9b3-a821-46c3-bdf1-1c1da0e2d4b0","projectUrl":"https://app.snyk.io/org/leonardoadame/project/41aec9b3-a821-46c3-bdf1-1c1da0e2d4b0?utm_source=github&utm_medium=referral&page=fix-pr","prType":"backlog","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["pkg-based-remediation","updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JS-ELECTRON-1021884","SNYK-JS-ELECTRON-1041745","SNYK-JS-ELECTRON-1047306","SNYK-JS-ELECTRON-1050882","SNYK-JS-ELECTRON-1050999","SNYK-JS-ELECTRON-1070013","SNYK-JS-ELECTRON-1085705","SNYK-JS-ELECTRON-1088600","SNYK-JS-ELECTRON-1252279","SNYK-JS-ELECTRON-1257943","SNYK-JS-ELECTRON-1296559","SNYK-JS-ELECTRON-1312314","SNYK-JS-ELECTRON-1313765","SNYK-JS-ELECTRON-1315668","SNYK-JS-ELECTRON-1534883","SNYK-JS-ELECTRON-1536581","SNYK-JS-ELECTRON-1656743","SNYK-JS-ELECTRON-1910985","SNYK-JS-ELECTRON-1911949","SNYK-JS-ELECTRON-1912085","SNYK-JS-ELECTRON-2322001","SNYK-JS-ELECTRON-2332173","SNYK-JS-ELECTRON-2414027","SNYK-JS-ELECTRON-2434822","SNYK-JS-ELECTRON-2805803","SNYK-JS-ELECTRON-2946881","SNYK-JS-ELECTRON-3014411","SNYK-JS-ELECTRON-3091122","SNYK-JS-ELECTRON-570833","SNYK-JS-ELECTRON-6137744","SNYK-JS-ELECTRON-6179663"],"vulns":["SNYK-JS-ELECTRON-2805803","SNYK-JS-ELECTRON-6179663","SNYK-JS-ELECTRON-1257943","SNYK-JS-ELECTRON-1041745","SNYK-JS-ELECTRON-1085705","SNYK-JS-ELECTRON-1088600","SNYK-JS-ELECTRON-1252279","SNYK-JS-ELECTRON-1656743","SNYK-JS-ELECTRON-1312314","SNYK-JS-ELECTRON-1910985","SNYK-JS-ELECTRON-1313765","SNYK-JS-ELECTRON-1534883","SNYK-JS-ELECTRON-3014411","SNYK-JS-ELECTRON-3091122","SNYK-JS-ELECTRON-2946881","SNYK-JS-ELECTRON-1911949","SNYK-JS-ELECTRON-2414027","SNYK-JS-ELECTRON-1021884","SNYK-JS-ELECTRON-1047306","SNYK-JS-ELECTRON-2322001","SNYK-JS-ELECTRON-2434822","SNYK-JS-ELECTRON-6137744","SNYK-JS-ELECTRON-1296559","SNYK-JS-ELECTRON-1536581","SNYK-JS-ELECTRON-570833","SNYK-JS-ELECTRON-1912085","SNYK-JS-ELECTRON-1050882","SNYK-JS-ELECTRON-1050999","SNYK-JS-ELECTRON-1315668","SNYK-JS-ELECTRON-2332173","SNYK-JS-ELECTRON-1070013"],"patch":[],"isBreakingChange":true,"remediationStrategy":"dependency"}'

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Type Confusion
🦉 Use After Free
🦉 Insufficient Validation

stackblitz · 2024-05-21T13:15:10Z

Run & review this pull request in StackBlitz Codeflow.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade tape-run from 6.0.1 to 11.0.0 #999

[Snyk] Security upgrade tape-run from 6.0.1 to 11.0.0 #999

leonardoadame commented May 21, 2024

stackblitz bot commented May 21, 2024

[Snyk] Security upgrade tape-run from 6.0.1 to 11.0.0 #999

Are you sure you want to change the base?

[Snyk] Security upgrade tape-run from 6.0.1 to 11.0.0 #999

Conversation

leonardoadame commented May 21, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

stackblitz bot commented May 21, 2024