New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 6 vulnerabilities #48

Open

magnologan wants to merge 1 commit into master from snyk-fix-73be518181122ee512ce68d4af7531b2

Owner

magnologan commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/bulk-edit/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Uncaught Exception SNYK-JS-ENGINEIO-5496331	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @theia/core

The new version differs by 250 commits.

5776951 v1.37.0
089aaa3 docs: update changelog for `1.37.0`
8c6833c repo: misc typo and doc updates
45b7707 nls: translation update for version `1.37.0` (Translation update for version 1.37.0 eclipse-theia/theia#12469)
b7d4088 monaco: parseSnippet RangeError handling (monaco: parseSnippet RangeError handling eclipse-theia/theia#12463)
1a2d07a tree: fix pointer issue due to decoration (Style: Indent decoration blocked pointer events eclipse-theia/theia#12436)
a1be6ec electron: bump to `23.2.4` (electron: bump to 23.2.4 eclipse-theia/theia#12464)
5bccaf2 dependency: add `clone` to baseline (dependency: add clone to baseline eclipse-theia/theia#12467)
e058c23 vscode: update default API to 1.74.2 ([chore][vscode] update default service API to 1.74.2 eclipse-theia/theia#12468)
a84ea35 Fix check for presence of files in DnD. Fixes Cannot DragAndDrop Files into TreeView eclipse-theia/theia#12404 (Fix DnD of files from OS Explorer into Tree Views eclipse-theia/theia#12409)
53b3841 [vscode] stub continuous test runs ([vscode] stub continuous test runs API eclipse-theia/theia#12456)
58be997 vscode: add support for `CommentThread` state property ([vscode] support CommentThread state property eclipse-theia/theia#12454)
76466cc [Compatibility] Apply default to missing 'task.scope'
a8aef29 Support 'onTaskType' activation
6652ba7 Update Quick input service 'pick'
a0e45ce monaco: add support for `inQuickOpen` (monaco-quick-input-service: set context key "inQuickOpen" eclipse-theia/theia#12427)
17e5269 plugin: Support LogOutputChannel (plugin: Support LogOutputChannel eclipse-theia/theia#12429)
0e0e9ee Ensure DebugWidget properly reports change in trackable widgets (Ensure DebugWidget properly reports change in trackable widgets eclipse-theia/theia#12241)
2deedba Support pushing large number of items in tree iterators (Support pushing large number of items in tree iterators eclipse-theia/theia#12172)
de6e6c4 chore(deps): use `@ theia/request` instead of `request` (chore(deps): switched from request to @theia/request eclipse-theia/theia#12413)
b206d89 theming: properly apply `theia-file-icons` theme (theming: Properly Apply Default Icon Theme eclipse-theia/theia#12419)
a9471e7 Support for vscode `l10n` API (Support for vscode l10n API eclipse-theia/theia#12192)
9245bb9 Enable context isolation and disable nodejs support. Fixes Electron security considerations eclipse-theia/theia#2018 (Enable context isolation and disable nodejs support. Fixes #2018 eclipse-theia/theia#12299)
a71f64e Add `${targetPlatform}` placeholder for plugin downloads (Add ${targetPlatform} placeholder for plugin downloads eclipse-theia/theia#12410)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Uncaught Exception
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn


          fix: packages/bulk-edit/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-5496331
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-5596892
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet