[Snyk] Fix for 11 vulnerabilities #689

baby636 · 2023-11-27T20:49:10Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/ipfs-client-add-files/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipfs

The new version differs by 43 commits.

7f24131 chore: publish
93b81f9 chore: update contributors
33fa734 feat: ed25519 keys by default (feat: ed25519 keys by default ipfs/js-ipfs#3693)
2886134 chore: upgrade go-ipfs to 0.9.x (chore: upgrade go-ipfs to 0.9.x ipfs/js-ipfs#3805)
2f3df7a fix: return rate in/out as number (fix: return rate in/out as number ipfs/js-ipfs#3798)
4f532a5 fix: do not write blocks we already have (fix: do not write blocks we already have ipfs/js-ipfs#3801)
db302d0 chore: revert "chore(deps-dev): bump go-ipfs from 0.8.0 to 0.9.1" (chore: revert "chore(deps-dev): bump go-ipfs from 0.8.0 to 0.9.1" ipfs/js-ipfs#3803)
4c7ac57 chore(deps-dev): bump go-ipfs from 0.8.0 to 0.9.1 (chore(deps-dev): bump go-ipfs from 0.8.0 to 0.9.1 ipfs/js-ipfs#3765)
746a54c fix: fix up examples (fix: fix up examples ipfs/js-ipfs#3799)
b7fc9e8 docs: update files.rm example (docs: update files.rm example ipfs/js-ipfs#3797)
1ad6001 feat: make ipfs.get output tarballs (feat: make ipfs.get output tarballs ipfs/js-ipfs#3785)
79f661e fix: typescript errors (fix: typescript errors ipfs/js-ipfs#3781)
7fdba64 docs: update remote pinning docs (docs: update remote pinning docs ipfs/js-ipfs#3786)
fdc03ab chore: updated example dependencies
dde3d28 chore: publish
8178225 chore: update contributors
1bf35f8 fix: typo in 'multiformats' type defs (fix: typo in 'multiformats' type defs ipfs/js-ipfs#3778)
8380d71 fix: restore default level-js options (fix: restore default level-js options ipfs/js-ipfs#3779)
bf23e48 docs: update ipld/multiformats docs (docs: update ipld/multiformats docs ipfs/js-ipfs#3771)
349cbd0 chore: use multiformats sha3 impl (chore: use multiformats sha3 impl ipfs/js-ipfs#3772)
bb6113a chore: only run example tests if code has changed (chore: only run example tests if code has changed ipfs/js-ipfs#3773)
d4090e0 chore: restore git and eth graph traversal examples (chore: restore git and eth graph traversal examples ipfs/js-ipfs#3770)
4b79dcb chore: updated example dependencies
ef41f92 chore: publish

See the full diff

Package name: parcel

The new version differs by 250 commits.

84da50a v2.0.0
aa0a369 Small copy change
c78601b shouldVisitChild: Check parent and child node previously deferred separately (#7043)
2c83842 Fix scope resolution for TS enums (#7057)
dbe1153 Fix order of hoisted variable declarations (#7053)
bea9442 Fix named export with different export name for wrapped assets (#7052)
2175e1b Mark '*' as used when the reexport is only decided at runtime (#7049)
4312b91 Update Micromatch (#6958)
5afe766 Fail when unable to build a native package (#6962)
971ed24 Update watcher and source-map library to 2.0.0 (#7044)
810a854 Add missing C flags for SIMD support in build workflow (#7045)
d6de61d Fix shaking for functions types with overload signatures (#7036)
daf2cd9 Safely position the HMR script (#6961)
89b4e51 Unmark defer for dependency that become used ('does not export') (#7035)
b575212 Bump swc (#7033)
415710f Fix CSS tree shaking with 'build --no-scope-hoist' (#5728)
ea0f4e4 Allow jsx and tsx as lang for script block in Vue SFCs (#6983)
d2d4f1c Never enable JSX in a .ts file (#7031)
aafc318 Don't use deprecated querystring package (#6806)
a6a6fb2 Fix cache invalidation when shouldOptimize changes (#7030)
7d4d53a Update all references to v2.parceljs.org to just parceljs.org (#7029)
91de5c0 Ensure symbol order is consistent (#7021)
2ebed00 Ensure named exports are prioritized over wildcard re-exports (#7016)
4904f20 Fix autoinstall with Yarn 2+ (#7023)