[Snyk] Fix for 1 vulnerabilities

[rtpro]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: libp2p

The new version differs by 250 commits.

• bbf8ef7 chore: release version v0.29.0
• d6d1a74 chore: update contributors
• 28b79a7 test: fix pubsub intermittent test (test: 'get recursive' test ipfs/js-ipfs#741)
• 81e70df chore: update interop version (🌟 feat: add websocket bootstrapers to the config ipfs/js-ipfs#740)
• e9478ce chore: release version v0.29.0-rc.1
• 7be17a3 chore: update contributors
• 93dda74 fix: peer record interop with go (DNS support for Bootstrapper nodes ipfs/js-ipfs#739)
• cfbd52d chore: migration to 0.29 should use webrtc-star0.20
• 6cd23ea chore: use gossipsub0.6
• 9b75a0f chore: bump libp2p-webrtc-star
• b606ce0 chore: release version v0.29.0-rc.0
• 64c8c0f chore: update contributors
• 9be582e docs: migration 0.28 to 0.29 (Add failing get recursive test ipfs/js-ipfs#736)
• 55c9bfa feat: gossipsub 1.1 (test: refactor for test sanity ipfs/js-ipfs#733)
• 1e86971 fix: replace node buffers with uint8arrays (Should not append /ipfs/id if the multiaddr already has it ipfs/js-ipfs#730)
• 9107efe chore: apply suggestions from code review
• cd09327 chore: add notice for addressBook.set
• ca57e65 chore: apply suggestions from code review
• f574e82 chore: apply suggestions from code review
• 15613cc fix: do not return self on peerstore.peers
• dab1c8b chore: increase bundle size
• d437def chore: rename isEqual to equals in tests
• 74d414c chore: add certified peer records to persisted peer store
• 8f2e690 feat: cerified addressbook

See the full diff

Package name: libp2p-kad-dht

The new version differs by 250 commits.

• 61ee22b chore: release version v0.20.0
• d3d8256 chore: update contributors
• 989be87 fix: replace node buffers with uint8arrays (lodash@4.12.0 breaks build ⚠️ ipfs/js-ipfs#202)
• 8eabccf chore: release version v0.19.9
• f8b041c chore: update contributors
• f3188be fix: actually send the add provider rpc with addresses (hapi@13.4.0 breaks build ⚠️ ipfs/js-ipfs#201)
• 91f6e4f feat: add support for client mode (joi@8.1.0 breaks build ⚠️ ipfs/js-ipfs#200)
• c8658b7 chore: release version v0.19.8
• 21edef5 chore: update contributors
• 578c5d0 fix: check for an existing connection before using the dialer (Update ipfs-block-service to version 0.4.0 🚀 ipfs/js-ipfs#199)
• 4ede048 chore: release version v0.19.7
• ba3f81f chore: update contributors
• 506ac5c chore: update deps (files add, cat, get core + cli ipfs/js-ipfs#197)
• fa5f95c chore: release version v0.19.6
• 44dfae6 chore: update contributors
• 534a2d9 fix: use utils.mapParallel for parallel processing of peers (libp2p-ipfs@0.3.3 breaks build ⚠️ ipfs/js-ipfs#166)
• eacdc6b chore: use final libp2p release (Bitswap Quest ipfs/js-ipfs#195)
• 1623861 chore: release version v0.19.5
• 9de96f6 chore: update contributors
• 59f373a fix: providers leaking resources on dht construction (refactor(core): split IPFS into multiple files ipfs/js-ipfs#194)
• 57a0411 chore: release version v0.19.4
• f5ced46 chore: update contributors
• 2ae983c chore: use caret version for interface-datastore
• dda530a chore(deps-dev): bump datastore-level from 0.14.1 to 1.1.0

See the full diff

Package name: libp2p-mdns

The new version differs by 55 commits.

• ddcc10b chore: release version v0.15.0
• 061c3f0 chore: update contributors
• 3cf0e75 chore: upgrade deps (removes --force ipfs/js-ipfs#97)
• e1087a9 chore: release version v0.14.3
• 0ecc116 chore: update contributors
• 9fea1f6 fix: ensure event handlers are removed on MulticastDNS.stop ('ipfs init': CLI + tests ipfs/js-ipfs#96)
• 9186dbf chore: release version v0.14.2
• 183c065 chore: update contributors
• 9f45f73 fix: actually check tcp multiaddrs (tests use random ports for gateways now ipfs/js-ipfs#94)
• 60a0dbe chore: release version v0.14.1
• edec51d chore: update contributors
• 3dc9475 test(fix): wait for the right peer in 3+ tests (track: jsipfs swarm ipfs/js-ipfs#92)
• cfe90c6 chore: use address manager ('init' implementation. ipfs/js-ipfs#91)
• 5b46aaa chore: release version v0.14.0
• bcf3e44 chore: update contributors
• fca175e chore: peer-discovery not using peer-info (Pick random ports on tests ipfs/js-ipfs#90)
• ecdda6e chore: release version v0.13.3
• 28c0ae1 chore: update contributors
• cf180e1 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2
• e362b04 fix: remove use of assert module (jsipfs swarm ipfs/js-ipfs#87)
• bea3dd1 chore: release version v0.13.2
• 0d2c1a1 chore: update contributors
• 084ee53 chore: remove unused dep async (upgrades peer-id to 0.6.0 ipfs/js-ipfs#86)
• a9661bd chore: release version v0.13.1

See the full diff

Package name: libp2p-secio

The new version differs by 73 commits.

• 2e37947 chore: release version v0.13.0
• a6a37f2 chore: update contributors
• c3f1f34 fix: replace node buffers with uint8arrays (js-libp2p-spdy ipfs/js-ipfs#124)
• 328e68f chore: release version v0.12.6
• a7784bd chore: update contributors
• 34c4844 fix: comply with message framing spec (js-libp2p-tcp ipfs/js-ipfs#123)
• 5649f44 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (js-libp2p-swarm ipfs/js-ipfs#122)
• 0bb318d chore: release version v0.12.5
• dbc8077 chore: update contributors
• 70a8a98 fix: return public key (js-multistream ipfs/js-ipfs#121)
• d2efc8c chore: remove commitlint from CI (js-multiaddr ipfs/js-ipfs#120)
• 7ef0f25 chore: release version v0.12.4
• 5da41f6 chore: update contributors
• 914eb4f fix: add buffer (js-multihash ipfs/js-ipfs#118)
• ef5f09d chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 (js-peer-id ipfs/js-ipfs#117)
• a0bfc86 chore: release version v0.12.3
• 4ef9b70 chore: update contributors
• 027e0ad fix: remove use of assert module (js-ipfs-repo ipfs/js-ipfs#114)
• 74e95e2 chore: release version v0.12.2
• 2c2d467 chore: update contributors
• ab3fe44 chore: update deps (js-ipfs-unixfs ipfs/js-ipfs#113)
• b3a7040 chore: release version v0.12.1
• f1e79ce chore: update contributors
• b22152a chore: clean up published package (Shared Core API (standardise across js-ipfs and js-ipfs-api) ipfs/js-ipfs#110)

See the full diff

Package name: libp2p-webrtc-star

The new version differs by 127 commits.

• 2af1167 chore: release version v0.19.0
• 5ffbe88 chore: update contributors
• 306b453 fix: use relaxed webrtc check (Update ipfs-unixfs-engine to version 0.7.0 🚀 ipfs/js-ipfs#249)
• 68805b0 fix: replace node buffers with uint8arrays (Update libp2p-ipfs to version 0.6.0 🚀 ipfs/js-ipfs#244)
• 9b87e9b chore(deps): bump streaming-iterables from 4.1.2 to 5.0.2 (Update libp2p-ipfs to version 0.5.0 🚀 ipfs/js-ipfs#239)
• 1d03c8a chore: add webrtc servers (Update libp2p-swarm to version 0.13.0 🚀 ipfs/js-ipfs#232)
• 4007894 chore: release version v0.18.6
• de4cd12 chore: update contributors
• 5795435 fix: use simple-peer fork that does not throw when setting error codes (Update multiaddr to version 2.0.0 🚀 ipfs/js-ipfs#231)
• c07ac28 chore: release version v0.18.5
• 8a02859 chore: update contributors
• f09d007 chore: use ipfs utils for webrc support (daemon leaves behind api file lock on error ipfs/js-ipfs#229)
• 79059da chore(deps-dev): bump aegir from 22.1.0 to 23.0.0 (WIP http cat ipfs/js-ipfs#227)
• f89449a chore: release version v0.18.4
• 130da90 chore: update contributors
• 74e9059 fix: do not signal if channel destroyed (chore(package): update ipfs-api to version 4.0.3 ipfs/js-ipfs#226)
• dc9bfa6 fix: add error handler for incoming connections (aegir@3.0.4 breaks build ⚠️ ipfs/js-ipfs#224)
• 50dd42d chore: make the docker image much smaller. (aegir@3.0.3 breaks build ⚠️ ipfs/js-ipfs#223)
• 7fc8a8b chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (Update ipfs-api to version 4.0.1 🚀 ipfs/js-ipfs#221)
• bb781a3 chore: release version v0.18.3
• 7357362 chore: update contributors
• fe14c96 chore: release version v0.18.2
• d571fd0 chore: update contributors
• 830507d chore: update aegir (Update ipfs-api to version 4.0.0 🚀 ipfs/js-ipfs#220)

See the full diff

Package name: peer-id

The new version differs by 92 commits.

• 5468ee0 chore: release version v0.14.3
• f895151 chore: update contributors
• e7d0eaa chore: update deps (Fix a typo: infrasture -> infrastructure ipfs/js-ipfs#137)
• 41ab96c docs: correct case for RSA keyType (snazzy@3.0.1 breaks build ⚠️ ipfs/js-ipfs#136)
• 4178e53 docs: add documentation for isPeerId(id) (Update ipfs-repo to version 0.6.0 🚀 ipfs/js-ipfs#134) (Update ipfs-repo to version 0.6.1 🚀 ipfs/js-ipfs#135)
• 10ead07 chore: release version v0.14.2
• d940099 chore: update contributors
• b2ee342 feat: has inline public key method (Fix peer-id errors on browser tests ipfs/js-ipfs#132)
• ecc1e5b chore: release version v0.14.1
• 153bc8e chore: update contributors
• d40d588 fix: ts constructor types (peer-id@0.6.3 breaks build 🚨 ipfs/js-ipfs#130)
• 224b30c fix: privKey possible undefined (Update karma-spec-reporter to version 0.0.26 🚀 ipfs/js-ipfs#129)
• 6d571ae fix: typo in readme (Video player with js-ipfs ipfs/js-ipfs#128)
• ff4bd96 chore: release version v0.14.0
• 427b46c chore: update contributors
• d16ce9c fix: replace node buffers with uint8arrays (example: Use js-ipfs to load the entire assets of a WebSite/WebApplication ipfs/js-ipfs#127)
• cd99cb2 chore: release version v0.13.13
• c295329 chore: update contributors
• bb32b12 chore: update deps (js-libp2p-ipfs-browser ipfs/js-ipfs#126)
• 6fd5ca2 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (js-libp2p-spdy ipfs/js-ipfs#124)
• 020b963 chore: release version v0.13.12
• e3da29a chore: update contributors
• 8cd9dfb feat(cli): add support for specifying type and size (js-libp2p-swarm ipfs/js-ipfs#122)
• 3598a43 chore: release version v0.13.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic