[Snyk] Fix for 10 vulnerabilities #233

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Open

radhakrishna4687 wants to merge 1 commit into master from snyk-fix-1e6f2670259dff293cc87aaccb668f7c

Owner

radhakrishna4687 commented Dec 19, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- aws-node-puppeteer/package.json
- aws-node-puppeteer/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: puppeteer

The new version differs by 250 commits.

377cd83 chore: release main (#11081)
11f7c69 test: update Firefox BiDi expectations (#11082)
0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (#11077)
163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (#11063)
67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (#11075)
54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (#11064)
c5083bb docs: update link to `third_party/README.md` (#11068)
a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
28c1c26 test: crash mocha if unhandled errors occur (#11055)
c5f2d28 test: move queryObjects to a CDP only tests (#11050)
88681a8 test: Remove invalid drag and drop test (#11054)
eedbb13 chore: release main (#11051)
b0d7375 fix: remove the flag disabling bfcache (#11047)
30bd030 chore: use yargs for mocha runner (#11045)
03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (#11043)
897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (#11042)
f59537e ci: add sharding for chrome (#11038)
bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (#11040)
e853e63 refactor: use common debugError (#11039)
48f9382 test: synchronize bidi expectations changes for Bug 1756595 (#11005)
aa16ab1 chore: use RxJS for wait for Navigation (#11024)
c502ca8 chore: release main (#11025)
e0e7e3a test: move cdp only tests to a subfolder (#11033)
8993def ci: disable failing doctest (#11035)

See the full diff

Package name: serverless-offline

The new version differs by 218 commits.

8937d9a v5.0.0
ad633d8 Merge pull request chore: Remove inaccessible example from readme serverless/examples#654 from BorjaMacedo/master
62486b8 Merge pull request feat: Add aws-node-notifications community example serverless/examples#680 from dnalborczyk/travis
feeba79 Merge branch 'dnalborczyk-hueniverse'
0ebe5ee Remove node.js v11.x (end-of-life) from travis
3a8c820 Merge master, fix test cases
8ac8df9 cleanup
576bc24 Lint
7805fbd Update lock file
a098ff0 Fix permissions
c5e49cf Upgrade to hapi 18
c064ae0 Merge pull request [Community examples] add monorepo microservices template serverless/examples#673 from dl748/master
f3c68f8 - Adding updated package-lock.json
85c1484 -- Packages Upgrade --
322a6e6 v4.10.6
e3de153 Merge pull request Add a new community example to Readme and fix issue #665 serverless/examples#669 from leruitga-ss/master
d4da3ec skip HEAD routes defined in resources
6748755 v4.10.5
06651cf Merge pull request Add idempotent serverless function examples serverless/examples#666 from dl748/master
985c059 getting 403 error during deployment (not able to create lamba function) while using stripe example serverless/examples#638 Fix for encoding, aws looks to not do encoding anymore
da88ee3 v4.10.4
a3e0bc5 Merge pull request [New Community Examples] Examples of idempotent functions serverless/examples#665 from Andorbal/master
8581cf5 Call cleanup as part of the callback and error handler instead of in the finally block to address another part of [BUG] The "create" function under aws-python-http-api-with-pynamodb is not idempotent serverless/examples#659
91a9a7b v4.10.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Directory Traversal


          fix: aws-node-puppeteer/package.json & aws-node-puppeteer/package-loc…

67b9250

…k.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/SNYK-JS-MOMENT-2944238
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/npm:debug:20170905

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet