[Snyk] Security upgrade aegir from 37.12.1 to 42.2.0

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/ipfs-core-utils/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aegir

The new version differs by 208 commits.

• af54374 chore(release): 42.2.0 [skip ci]
• 5dbd120 feat: switch to @ anolilab/multi-semantic-release (chore(README): Add migration note about upgrading from < 0.30.0 ipfs/js-ipfs#1450)
• b8c8996 chore(release): 42.1.3 [skip ci]
• 1a3dffc fix: add missing @ types/mdast dep (Close streams when done with them ipfs/js-ipfs#1445)
• 889b03a fix: remove premove and merge-options ([documentation] Fixing incorrect npm run test line ipfs/js-ipfs#1449)
• 3474407 chore(release): 42.1.2 [skip ci]
• 3794628 fix: update check-config command to handle release-please monorepos (chore: enable dag.put with hashAlg test ipfs/js-ipfs#1448)
• 4d8c8fb chore(release): 42.1.1 [skip ci]
• c5b96a3 fix: point to esbuild bundle analysis tool instead of bundlebuddy (Daemon can be crashed by remote user ipfs/js-ipfs#1447)
• c948321 chore(release): 42.1.0 [skip ci]
• b705c13 feat: support cname for docs publishing (cannot find ipfs module  ipfs/js-ipfs#1442)
• dd98696 chore(release): 42.0.1 [skip ci]
• 4dde4a3 deps: bump eslint-plugin-jsdoc from 46.10.1 to 48.0.2 (chore: update mfs dep to make interop tests pass ipfs/js-ipfs#1439)
• 313cd61 deps: bump c8 from 8.0.1 to 9.0.0 (Make js-ipfs capable of working with cidv1b32 ipfs/js-ipfs#1440)
• 95493be chore(release): 42.0.0 [skip ci]
• a66384a fix!: check for missing production dependencies (docs: add MFS API ipfs/js-ipfs#1426)
• f8e63d3 chore(release): 41.3.5 [skip ci]
• 57934c9 deps: bump p-queue from 7.4.1 to 8.0.1 (docs: fix libp2p peer discovery modules config key ipfs/js-ipfs#1433)
• 8189645 deps: bump undici from 5.28.2 to 6.2.1 (fix: aegir docs fails if outer function is called pin ipfs/js-ipfs#1429)
• aa3eabe chore(release): 41.3.4 [skip ci]
• e1c4dfc deps: bump lilconfig from 2.1.0 to 3.0.0 (fix: update hlsjs-ipfs-loader version (#1422) ipfs/js-ipfs#1427)
• cfae15f deps(dev): bump @ types/gh-pages from 5.0.1 to 6.1.0 (chore: update fe example dep ipfs/js-ipfs#1431)
• 85abe2a deps: bump uint8arrays from 4.0.10 to 5.0.1 (chore: fix changelog ipfs/js-ipfs#1428)
• 9869be9 deps: bump p-map from 6.0.0 to 7.0.1 (j s-ipfs runs on the phone but a heavy CPU load, so can it reduce power consumption? ipfs/js-ipfs#1435)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[codecov]

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (8f351a8) 79.04% compared to head (3822606) 68.30%.
Report is 18 commits behind head on master.

Files	Patch %	Lines
packages/ipfs-http-client/src/dht/map-event.js	33.33%	4 Missing ⚠️
packages/ipfs-http-client/src/bootstrap/add.js	50.00%	1 Missing ⚠️
packages/ipfs-http-client/src/bootstrap/clear.js	50.00%	1 Missing ⚠️
packages/ipfs-http-client/src/bootstrap/list.js	50.00%	1 Missing ⚠️
packages/ipfs-http-client/src/bootstrap/reset.js	50.00%	1 Missing ⚠️
packages/ipfs-http-client/src/bootstrap/rm.js	50.00%	1 Missing ⚠️
packages/ipfs-http-client/src/swarm/addrs.js	50.00%	1 Missing ⚠️
packages/ipfs-http-client/src/swarm/local-addrs.js	50.00%	1 Missing ⚠️
packages/ipfs-http-client/src/swarm/peers.js	50.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           master     #141       +/-   ##
===========================================
- Coverage   79.04%   68.30%   -10.74%     
===========================================
  Files         557      154      -403     
  Lines       36428     5358    -31070     
  Branches     2923      452     -2471     
===========================================
- Hits        28795     3660    -25135     
+ Misses       7633     1698     -5935     

Flag	Coverage Δ
chrome	68.30% <58.62%> (-0.56%)	⬇️
node	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
aegir	42.2.0	environment	+283	485 MB	npm-service-account-ipfs