New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 3 vulnerabilities #846

Open

aliscco wants to merge 1 commit into master from snyk-fix-89675cc41579cb7fb2a431cfbf300166

Owner

aliscco commented Nov 30, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- tools/node_modules/eslint/node_modules/argparse/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

ff8c4bb 4.5.0
480bbee Build: changelog update for 4.5.0
decdd2c Update: allow arbitrary nodes to be ignored in `indent` (fixes test: update test child process send utf8 nodejs/node#8594) (Redefinition of function in context nodejs/node#9105)
79062f3 Update: fix indentation of multiline `new.target` expressions (http: defines all the fields in the constructor nodejs/node#9116)
d00e24f Upgrade: `chalk` to 2.x release (src: squelch unused function warnings in util.h nodejs/node#9115)
6ef734a Docs: add missing word in processor documentation (fs.statSync does not throw an error when accessing non-existent directory on Windows 10 nodejs/node#9106)
a4f53ba Fix: Include files with no messages in junit results (test: enable node-module-version/test.js with debug nodejs/node#9093) (Encountering problems while executing : npm install exec-sync nodejs/node#9094)
1d6a9c0 Chore: enable eslint-plugin/test-case-shorthand-strings (process.on beforeExit broken on Windows nodejs/node#9067)
f8add8f Fix: don't autofix with linter.verifyAndFix when `fix: false` is used (test: fix flaky test-child-process-fork-dgram nodejs/node#9098)
77bcee4 Docs: update instructions for adding TSC members (timers: fix regression with clearImmediate() nodejs/node#9086)
bd09cd5 Update: avoid requiring NaN spaces of indentation (fixes src: squelch unused function warnings in util.h nodejs/node#9083) (HTTP client strange behavior when server responds immediately without reading request body nodejs/node#9085)
c93a853 Chore: Remove extra space in blogpost template (stream: fix Writable subclass instanceof checks nodejs/node#9088)
0d9da6d 4.4.1
1ea9a6c Build: changelog update for 4.4.1
ec93614 Fix: no-multi-spaces to avoid reporting consecutive tabs (fixes test: use npm sandbox in test-npm-install nodejs/node#9079) (v6.8.1 patch release? nodejs/node#9087)
a113cd3 4.4.0
181bd46 Build: changelog update for 4.4.0
89196fd Upgrade: Espree to 3.5.0 (test-npm-install failing on freebsd 10/11 nodejs/node#9074)
b3e4598 Fix: clarify AST and don't use `node.start`/`node.end` (fixes src: bump version to v8.0.0 for master nodejs/node#8956) (Adding clarity to buffer toString docs. nodejs/node#8984)
62911e4 Update: Add ImportDeclaration option to indent rule (Streams memory leak nodejs/node#8955)
de75f9b Chore: enable object-curly-newline & object-property-newline.(fixes process: add emitExperimentalWarning() nodejs/node#9042) (console: using class nodejs/node#9068)
5ae8458 Docs: fix typo in object-shorthand.md (net: fix ambiguity in EOF handling nodejs/node#9066)
c3d5b39 Docs: clarify options descriptions (fixes More realistic custom inspect example nodejs/node#8875) (http: name anonymous functions in _http_server nodejs/node#9060)
37158c5 Docs: clarified behavior of globalReturn option (fixes readline: concievably typo in readline.js nodejs/node#8953) (http: name anonymous functions in _http_client nodejs/node#9058)

See the full diff

Package name: ndoc

The new version differs by 10 commits.

4d79972 6.0.0 released
ea4138d Pin stylus to latest commit (fix node v14 warnings)
5d9c2f4 Bump highlight.js version
5782140 rework docs create/publish
0a231de CI badge update
3a4832f CI: Travis => Github Actions
ef23ae8 CI: bump node version
1c18114 update package.lock
f798329 Update argparse to v2
fa3be0e Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation


          fix: tools/node_modules/eslint/node_modules/argparse/package.json to …

0012d7b

…reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692

github-actions bot added the tools label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment