New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 6 vulnerabilities #35

Open

doron2402 wants to merge 1 commit into master from snyk-fix-a3cc22f75ca91721f876c97c34400dac

Owner

doron2402 commented Dec 4, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hapi

The new version differs by 164 commits.

fff431f Route client timeout
5567606 6.10.0
4a0129c Merge pull request #1998 from hapijs/pez
5c0c1f7 Merge pull request #1993 from arb/bossy
5a7d496 subtext interface changes
1cfde60 Cleanup for #1928
bf35316 Initial subtext api changes
84dcf59 Merge pull request #1928 from kanongil/empty-charset
ed0e621 Replaced optimist with bossy.
110be82 Merge pull request #1991 from shama/doc-typos
1e1a07f Typo fixes in the docs
5275b12 move payload to subtext
43f3b8c Fix multipart test
717a035 Merge pull request #1980 from gergoerdosi/documentation-typo
5737371 Fix link.
327d088 remove AUTHORS
83201d2 update changelog
dfac28f Merge pull request #1968 from hapijs/vision
8a06eb2 misc
ffc4939 test for valid view options
7213aa5 rename Plain to Message
3946a0f Move mime to mimos
a14793c Final API changes
f566ae8 Merge branch 'master' of github.com:hapijs/hapi into vision

See the full diff

Package name: mongoose

The new version differs by 250 commits.

ddff80d release 4.0.0
2ef9a42 Merge branch '3.8.x'
73d7dc6 Merge pull request #2791 from Automattic/docs-switch
06ee56c fix; docs generation for embedded docs
c339edd chore; set up legacy / master doc generation
3846944 chore; update gitter badge to Automattic/, reference acquit in README
5eb0b7d upgraded; node driver to 2.0.24
5ed48e2 Merge pull request #2789 from chetverikov/patch-2
343811b Merge pull request #2788 from chetverikov/errors
5d488e1 LearnBoost -> Automattic
9408e1d Fix errors is not defined
174e1f0 fix; test broken from 3.8.x merge
0ffbf77 Merge branch '3.8.x'
1624116 Merge pull request #2783 from artiifix/patch-1
e1196a9 Correct typo in documentation
8454a49 Merge branch '3.8.x'
b7c7040 Fix #2656; upgrade to node driver 2.0.23
ea2558b Merge pull request #2775 from LearnBoost/improve-cast-error
3d201b9 Persist cast errors across calls to validate()
5371e36 Repro issue with cast errors not persisting across validation
ad4462c Merge pull request #2773 from chetverikov/gh2719
80f8332 Merge branch 'master' into gh2719
a6a47cd Merge remote-tracking branch 'upstream/master'
78f3ebb Fix #2719

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)


          fix: package.json to reduce vulnerabilities

ddf03b6

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-KERBEROS-568900
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/npm:hoek:20180212

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet