New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade aegir from 36.2.3 to 37.1.1 #13

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-979e992c3ab5f9e7b1027744c2340d65

snyk-bot commented Oct 22, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/ipfs-grpc-server/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	Information Exposure SNYK-JS-SEMANTICRELEASE-2866292	Yes	No Known Exploit

Commit messages

Package name: aegir

The new version differs by 51 commits.

fc4d7b9 chore(release): 37.1.1 [skip ci]
c0dff4b chore(deps): bump playwright-test from 7.4.1 to 8.0.0 (clean up , working builds on node v8.4.0 ipfs/js-ipfs#980)
f717f1d chore(release): 37.1.0 [skip ci]
05ea778 chore(deps-dev): bump electron from 18.3.3 to 19.0.4 (Safari Support ipfs/js-ipfs#995)
0170bcf chore(deps): bump conventional-changelog-conventionalcommits from 4.6.3 to 5.0.0 (Adds quiet flags ipfs/js-ipfs#987)
9bcb366 feat: ensure readme is in correct format (Essential Tests for Feat/gateway ipfs/js-ipfs#997)
0b82fee fix: sort exports map ([FIXED] Essential Tests for Feat/gateway ipfs/js-ipfs#999)
6f9cf21 Add .github/workflows/stale.yml
56f2681 sync: update CI config files (docs: fix example ipfs-101 ipfs/js-ipfs#982)
c66edc0 chore(release): 37.0.17 [skip ci]
3feff4a fix: ignore minified files and transpiled fixtures in dep-check (⚡️ v0.26.0 RELEASE 🚀 ipfs/js-ipfs#986)
d0db6ac chore(release): 37.0.16 [skip ci]
0206c4c fix: ts tests (feat: complete the migration to p2p-webrtc-star ipfs/js-ipfs#984)
f18d914 chore(deps-dev): bump sinon from 13.0.2 to 14.0.0 (Require ipfs.min.js ipfs/js-ipfs#976)
03b2318 chore(release): 37.0.15 [skip ci]
479ad00 chore: update lilconfig version in package.json (Error: DHT is not available ipfs/js-ipfs#967)
61335c1 fix: export types (feat: add gateway route to daemon ipfs/js-ipfs#968)
d554606 chore(release): 37.0.14 [skip ci]
43f20bf fix: run dep check in prod mode (Uncaught TypeError: Cannot read property 'generateKey' of undefined ipfs/js-ipfs#964)
95429d6 chore(release): 37.0.13 [skip ci]
57e6fff fix: make resolve node-only (Connection Closing ipfs/js-ipfs#962)
86695bb chore(release): 37.0.12 [skip ci]
e2d14de fix: run compiled tests (Adopt next aegir ipfs/js-ipfs#961)
1883dfc chore(release): 37.0.11 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)


          fix: packages/ipfs-grpc-server/package.json to reduce vulnerabilities

86299f0

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218
- https://snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://snyk.io/vuln/SNYK-JS-SEMANTICRELEASE-2866292

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment