[Snyk] Fix for 3 vulnerabilities #11

snyk-bot · 2020-08-11T01:32:16Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Issue	Breaking Change	Exploit Maturity
Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	No	No Known Exploit
Regular Expression Denial of Service (ReDoS ) SNYK-JS-MARKED-584281	Yes	No Known Exploit

Commit messages

Package name: marked

The new version differs by 250 commits.

1ad8e69 Merge pull request docs: state decoding behavior for url pathname nodejs/node#1731 from UziTech/release-1.1.1
7e17526 1.1.1
7fbee6e Merge pull request core: set PROVIDER type as Persistent class id nodejs/node#1730 from UziTech/update-deps
6f7522f Merge pull request Which is the future of compatibility of nodejs and iojs after joining Node Foundation? nodejs/node#1729 from UziTech/quick-ref
f8024eb remove ending slash
524ae66 remove ending slash
0d6e056 build
04ac593 update dev deps
f36f676 🗜️ build [skip ci]
dddf9ae Merge pull request tools: make eslint work on subdirectories nodejs/node#1686 from calculuschild/EmphasisFixes
6b729ed Merge branch 'EmphasisFixes' of https://github.com/calculuschild/marked into EmphasisFixes
e27e6f9 Sorted strong and em into sub-objects
a761316 Merge pull request Add more robust option parsing [WIP] nodejs/node#1726 from UziTech/show-rules
f8193ed add npm run rules
ad720c1 Make emEnd const
1fb141d Make strEnd const
226bbe7 Lint
cc778ad Removed redundancy in "startEM" check
211b9f9 Removed Lookbehinds
982b57e Merge pull request crypto: fix legacy SNICallback nodejs/node#1720 from vassudanagunta/docs-patch-1
2a847e6 clarify level of support for Markdown flavors
bd4f8c4 Fix unrestricted "any character" for REDOS
4e7902e Gaaaah lint
4db32dc Links are masked only once per inline string

See the full diff

Package name: standard

The new version differs by 91 commits.

ff1a156 authors
17727fc 12.0.0
bdbd248 changelog
3db3a62 https
cf1802c eslint-plugin-standard ~4.0.0
7d779b8 eslint-plugin-import ~2.14.0
66f676b eslint ~5.4.0
3933c6b Use npm versions of eslint shared configs
c00dc66 Use ~ for eslint dep
588d5ab Add links to French README translation!
aee57b4 ESLint 5
c89d5c7 Merge pull request test: fix test-http-content-length nodejs/node#1145 from theo4u/patch-1
6477dbf Merge pull request Exception on startup if $PWD is deleted nodejs/node#1184 from standard/greenkeeper/babel-eslint-9.0.0
8792b9b Merge pull request CreateReadStream doesn't close the file nodejs/node#1180 from standard/greenkeeper/eslint-plugin-promise-4.0.0
ff070b8 Merge branch 'master' into greenkeeper/eslint-plugin-promise-4.0.0
df1b7c4 Merge pull request io.js TC Meeting 2015-03-18 nodejs/node#1187 from standard/greenkeeper/eslint-plugin-react-7.11.1
3e65b08 Merge pull request net: shutdown gracefully nodejs/node#1164 from standard/greenkeeper/eslint-plugin-node-7.0.0
b340216 Merge pull request lib: remove broken NODE_MODULE_CONTEXTS feature nodejs/node#1162 from charliegerard/master
cb2de87 Update package.json
2f36650 chore(package): update babel-eslint to version 9.0.0
82780e5 fix(package): update eslint-plugin-promise to version 4.0.0
506ac11 fix(package): update eslint-plugin-react to version 7.11.1
b6919b4 Merge pull request require should treat "." and ".." like any other directory names nodejs/node#1178 from brodybits/patch-1
4db4dbf README.md add standardx

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-MARKED-451341 - https://snyk.io/vuln/SNYK-JS-MARKED-584281

pull-assistant · 2020-09-29T10:21:01Z

Best reviewed: commit by commit

Optimal code review plan

fix: deps/npm/package.json to reduce vulnerabilities

Powered by Pull Assistant. Last update 672ef7a ... 672ef7a. Read the comment docs.

fix: deps/npm/package.json to reduce vulnerabilities

672ef7a

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-MARKED-451341 - https://snyk.io/vuln/SNYK-JS-MARKED-584281

kadirselcuk merged commit f58c361 into master Sep 29, 2020

delete-merged-branch bot deleted the snyk-fix-c68a871c1cec3f38a9740a1927c09e1b branch September 29, 2020 10:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 3 vulnerabilities #11

[Snyk] Fix for 3 vulnerabilities #11

snyk-bot commented Aug 11, 2020

pull-assistant bot commented Sep 29, 2020

[Snyk] Fix for 3 vulnerabilities #11

[Snyk] Fix for 3 vulnerabilities #11

Conversation

snyk-bot commented Aug 11, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

pull-assistant bot commented Sep 29, 2020