[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/delegated-routing/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipfs

The new version differs by 250 commits.

• 99053f7 chore: publish
• de5e701 chore: update contributors
• 71e5f53 chore: fix flaky test (#3680)
• efd147a chore: rename import types (#3678)
• bb8f8bc fix: only accept cid for ipfs.dag.get (#3675)
• 0b2d98c fix: reject requests when cors origin list is empty (#3674)
• 46618c7 fix: loosen input type for swarm.connect and swarm.disconnect (#3673)
• 5eb32a7 docs: add missing repo API docs link (#3672)
• 9029ee5 fix: update ipfs repo (#3671)
• eccb067 chore: remove sidetree test (#3670)
• f98af8e fix: mark ipld options as partial (#3669)
• 9bc2d7c docs: fix example for pin remote service add (#3636)
• 64cc1e1 fix: add missing type import (#3664)
• 0fe8892 fix: fix types (#3662)
• 61d0981 fix: only use public api in http api server (#3660)
• 06bd4f3 chore: update libp2p 0.31.2 (#3659)
• 0ddbb1b fix: update types after feedback from ceramic (#3657)
• 7e61fbf chore: fix docker images (#3654)
• 084589c fix: ignore the ts error caused by the recent protobufjs type change (#3656)
• 28ad9ad feat: support identity hash in block.get + dag.get (#3616)
• 9e5afd6 chore: update libp2p to final release version (#3652)
• 93e7dc4 chore: fix docker images (#3651)
• 3d68a44 docs: fix typo in readme (#3635)
• d46559d chore: update ipld-dag-cbor (#3642)

See the full diff

Package name: libp2p-delegated-content-routing

The new version differs by 32 commits.

• e69d013 chore: release version v0.5.0
• 67fc206 chore: update contributors
• 0c0f304 chore: make ipfs-http-client a peer dependency ([pull] master from libp2p:master #39)
• 2c97221 chore: remove peer-info from api ([pull] master from libp2p:master #34)
• 437c05e chore(deps-dev): bump ipfsd-ctl from 3.1.0 to 4.0.1 ([pull] master from libp2p:master #38)
• 2f9bcdb chore: release version v0.4.5
• 86eca3c chore: update contributors
• 9cc766c fix: catch find providers error ([pull] master from libp2p:master #37)
• 2e08fea chore: release version v0.4.4
• fb6c968 chore: update contributors
• b64511e chore: update ipfs-http-client and other deps (chore(deps): bump datastore-core from 7.0.3 to 8.0.1 #30)
• a5dcd46 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 ([Snyk] Security upgrade ipfs from 0.34.4 to 0.51.0 #27)
• dff4cbd chore: release version v0.4.3
• 4d166ab chore: update contributors
• d36b085 chore: update ipfs-http-client dep ([Snyk] Security upgrade ipfs from 0.34.4 to 0.51.0 #23)
• f672b84 docs: document required API endpoints ([Snyk] Fix for 3 vulnerabilities #21)
• ad91771 chore: release version v0.4.2
• 8e532ea chore: update contributors
• 7af6f74 chore: use it-all ([Snyk] Fix for 3 vulnerabilities #20)
• 6ff0e64 chore: release version v0.4.1
• 3868dce chore: update contributors
• b2690c7 fix: async it refs ([Snyk] Fix for 3 vulnerabilities #19)
• 31b26bc chore: release version v0.4.0
• 524e11f chore: update contributors

See the full diff

Package name: libp2p-delegated-peer-routing

The new version differs by 26 commits.

• 38d2848 chore: release version v0.5.0
• 1bb207a chore: update contributors
• a1b1b5e chore: make ipfs-http-client a peer dependency ([pull] master from libp2p:master #32)
• f49ddc0 chore: remove-peer-info-from-api ([Snyk] Fix for 1 vulnerabilities #25)
• 4e76474 chore(deps-dev): bump ipfsd-ctl from 3.1.0 to 4.0.1 ([pull] master from libp2p:master #31)
• 3255b6f chore: release version v0.4.3
• e90430c chore: update contributors
• 528adf3 chore: update deps (chore(deps): bump datastore-core from 7.0.3 to 8.0.1 #30)
• bdb89b6 chore: release version v0.4.2
• 46658e0 chore: update contributors
• 67536b4 chore: update ipfs-http-client to the latest version ([Snyk] Security upgrade ipfs from 0.34.4 to 0.51.0 #23)
• c777434 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2
• 00296ba chore: release version v0.4.1
• ee2128e chore: update contributors
• afbc877 chore: update ipfs-http-client dep ([Snyk] Fix for 3 vulnerabilities #17)
• 949c0c0 docs: document required API endpoint ([Snyk] Fix for 2 vulnerabilities #15)
• 9a46c6b chore: release version v0.4.0
• 1510fde chore: update contributors
• 36d852f chore: rename timeout option ([Snyk] Fix for 2 vulnerabilities #14)
• ce9543f chore: release version v0.3.1
• 78769e2 chore: update contributors
• e844d30 fix: limit concurrent HTTP requests ([Snyk] Security upgrade libp2p-gossipsub from 0.9.2 to 0.12.0 #12)
• f09bf3d chore: readme with correct usage dependency ([Snyk] Security upgrade ipfs from 0.34.4 to 0.41.0 #11)
• d1d1163 chore: release version v0.3.0

See the full diff

Package name: libp2p-kad-dht

The new version differs by 139 commits.

• c1f6b70 chore: release version v0.21.0
• 115d54c chore: update contributors
• 7195282 feat: add types and update all deps (Next release of js-libp2p should get proper fanfare, just like js-ipfs :) libp2p/js-libp2p#214)
• 6c85b6b chore: release version v0.20.6
• ded5639 chore: update contributors
• 6be6f32 chore: update deps (Cannot connect to nodes over the internet behind NAT. Throwing random errors.  libp2p/js-libp2p#213)
• 4321ae7 chore: release version v0.20.5
• 040136a chore: update contributors
• 3c2096e fix: do not throw on empty provider list (Get a nice packages table just like js-ipfs libp2p/js-libp2p#212)
• 5c39279 chore: release version v0.20.4
• 0905b74 chore: update contributors
• d0db16b feat: adds removeLocal function (Update webrtc and improve test consistency libp2p/js-libp2p#211)
• ba029ca chore: release version v0.20.3
• 24e3319 chore: update contributors
• c1f71f9 chore: add files to package json (libp2p (and friends) index.d.ts for TypeScript libp2p/js-libp2p#208)
• 20d57b5 feat: adds custom multicodec protocol option (refactor: use different defaultsDeep and clean up some code libp2p/js-libp2p#206)
• efd5e0f chore: release version v0.20.2
• 9e6e9cf chore: update contributors
• b28afdd feat: onPut and onRemove events (fix: dev install with Node.js 10 libp2p/js-libp2p#205)
• 87f8511 chore: release version v0.20.1
• 5840ab2 chore: update contributors
• 1d6f0bd chore: update deps (chore: update libp2p-switch libp2p/js-libp2p#203)
• 61ee22b chore: release version v0.20.0
• d3d8256 chore: update contributors

See the full diff

Package name: libp2p-mplex

The new version differs by 4 commits.

• 2a90b88 chore: release version v0.9.0
• 2dff14d chore: update contributors
• c9bede5 refactor: async iterators (chore(deps): bump @libp2p/interface-transport from 1.0.4 to 2.0.3 #94)
• 567bddf chore: add discourse badge (chore(deps): bump @libp2p/interface-stream-muxer from 2.0.2 to 3.0.2 #91)

See the full diff

Package name: libp2p-secio

The new version differs by 8 commits.

• b3a7040 chore: release version v0.12.1
• f1e79ce chore: update contributors
• b22152a chore: clean up published package (chore(deps-dev): bump @libp2p/interface-mocks from 4.0.3 to 9.1.1 #110)
• aea41de chore: release version v0.12.0
• c081ea5 chore: update contributors
• 8ad4c15 refactor: use async await (chore(deps-dev): bump @libp2p/websockets from 3.0.4 to 5.0.3 #108)
• 774267f docs(fix): readme typo (chore(deps-dev): bump @libp2p/interface-mocks from 4.0.3 to 9.0.1 #107)
• 1329e9c chore: add discourse badge (chore(deps): bump @libp2p/peer-store from 3.1.5 to 6.0.0 #105)

See the full diff

Package name: libp2p-webrtc-star

The new version differs by 11 commits.

• 90e69ae chore: release version v0.17.0
• 922bdc8 chore: update contributors
• db5c97e refactor: switch to async iterators (Setup connection-manager and expose it libp2p/js-libp2p#183)
• 983f464 chore: release version v0.16.1
• b8b67a9 chore: update contributors
• f4dc087 feat: start/stop discovery events when start/stop called (when listener handle a protocol, how to deal error? libp2p/js-libp2p#176)
• 6187da5 chore: release version v0.16.0
• 40041f8 chore: update contributors
• f7dc83a fix: update hapi ([feature request]: Support changing listeners at runtime libp2p/js-libp2p#173)
• 0fd71ad chore: add discourse badge (synchronously closing one side of the connection breaks libp2p libp2p/js-libp2p#170)
• bedea1b chore: use travis (stats: exposed and documented libp2p/js-libp2p#169)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution