Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 25 vulnerabilities #40

Open
wants to merge 1 commit into
base: latest
Choose a base branch
from
Open

[Snyk] Fix for 25 vulnerabilities #40

wants to merge 1 commit into from

Conversation

bumplzz69
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary File Overwrite
SNYK-JS-BINLINKS-537608		 Yes Proof of Concept
low severity 451/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 2.6		 Unauthorized File Access
SNYK-JS-BINLINKS-537609		 Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary File Write
SNYK-JS-BINLINKS-537610		 Yes Proof of Concept
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Arbitrary File Overwrite
SNYK-JS-FSTREAM-174725		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 Yes Proof of Concept
medium severity 626/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.1		 Man-in-the-Middle (MitM)
SNYK-JS-HTTPSPROXYAGENT-469131		 Yes Proof of Concept
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 Yes Proof of Concept
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 Yes No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 Yes No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579147		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579152		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579155		 Yes No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary File Overwrite
SNYK-JS-TAR-174125		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept
medium severity 434/1000
Why? Has a fix available, CVSS 4.4		 Time of Check Time of Use (TOCTOU)
npm:chownr:20180731		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gentle-fs The new version differs by 14 commits.
  • 5ee7008 chore(release): 2.3.1
  • 223c4c6 chore: update project settings
  • 0cbe090 chore(release): 2.3.0
  • a0f09a6 update travis config
  • a929196 feat: add option to gently create bin links/shims
  • 16f9d41 add cmd-shim dep
  • b1d0536 add a test for index file
  • ece492d chore(release): 2.2.1
  • 1c69beb fix(link): properly detect that we should chown the link
  • 8231188 chore(release): 2.2.0
  • 4891c09 feat: export mkdir method
  • c4df8a8 fix: don't chown if we didn't make any dirs
  • ea6c4df chore(release): 2.1.0
  • 0dd2879 feat: infer ownership of created dirs and links

See the full diff

Package name: libcipm The new version differs by 27 commits.
  • ef52f1e chore(release): 4.0.8
  • 85cfff4 chore: update project settings, add deprecation to readme
  • ed2d735 fix: add repo to bin pkg, bump to 2.0.1
  • b66d520 chore(release): 4.0.7
  • 189980e test: deletes node_modules contents but keep the dir itself
  • f668181 chore: delete node_modules contents but keep the dir itself
  • 3394de0 chore(release): 4.0.4
  • 576ab36 fix: pack git directories properly
  • 8c11b6d respect no-optional argument
  • 3fa8efb chore(release): 4.0.3
  • 250808c chore: update travis yml
  • 46b2101 fix: do not pass opts.log to lifecycle
  • 9f2bfa9 chore(release): 4.0.2
  • 7166364 chore: fix repository links and license
  • 1623565 chore(release): 4.0.1
  • 20b7372 fix: respect and retain all configs passed in
  • 21efbcc chore(release): 4.0.0
  • 84b8d7e npm-lifecycle@3.0.0
  • 7af39e6 fix(lifecycle): remove warning from bluebird (readable-stream@3.0.2 npm/cli#59)
  • 109cbaa chore(release): 3.0.3
  • 018df27 fix(scripts): pass in opts.dir directly
  • 193d74e chore(release): 3.0.2
  • 4371558 fix(worker): missed a spot
  • 02cdffa chore(release): 3.0.1

See the full diff

Package name: read-package-tree The new version differs by 16 commits.
  • 3174edf 5.3.1
  • 6acf66a Revert breaking change, preserve legacy design bug
  • c995ab2 only the node_modules in root should be ignored
  • 5534e74 5.3.0
  • 0515c80 auto-publish on version bump
  • 4231410 Restore node v6 compatability
  • e9cd536 Use custom cachable fs.realpath implementation
  • 4eed760 Add promise API to readme
  • 9a290ec drop old versions from travis
  • 4782b1f Refactor to be promise-based
  • f656af8 Use tap snapshots
  • 4633948 update tap
  • ee595cb 5.2.2
  • 4b6e0a3 fix(audit): npm audit fix --force
  • 0989a5c fix(name): fix calculation of node and link names
  • a7f0ab7 feat(test): add travis badge to readme

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary File Overwrite

@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
0c4e400 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BINLINKS-537608
- https://snyk.io/vuln/SNYK-JS-BINLINKS-537609
- https://snyk.io/vuln/SNYK-JS-BINLINKS-537610
- https://snyk.io/vuln/SNYK-JS-FSTREAM-174725
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SSRI-1246392
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TAR-174125
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/npm:chownr:20180731
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@bumplzz69 @snyk-bot