[Snyk] Fix for 12 vulnerabilities#20

Open

edmooney wants to merge 1 commit intomasterfrom

snyk-fix-995b923290e0b4c3b9eb6c94a221b6f0

Owner

edmooney commented Dec 20, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: selenium-standalone

The new version differs by 64 commits.

27356a6 6.21.0
4c470ea Remove useless packages (Move server API routes to /api/ path? mozilla/send#509)
70d96a0 Replace request with got (fixes 478 mozilla/send#508)
ebc70a0 chore(deps): pin dependencies (Changed cursor to No-Drop Ø Symbol when trying to upload many files/f… mozilla/send#507)
287a9a2 Add Eslint + prettier (Improve text of landing page mozilla/send#497)
df10900 remove doctoc mention
16c869d Update docs (404 page mozilla/send#506)
db9be9a chore(deps): update ubuntu:latest docker digest to 4e4bc99 (Don't run tests+linting on Pontoon commits? mozilla/send#501)
db81929 remove phantomjs and minor updates (fixed build:css on windows mozilla/send#500)
ce97b58 update iedriver version (use import/export in the frontend code mozilla/send#499)
e360c0a update nodejs to 12 (Cannot connect to Send running in Docker: connection reset by peer mozilla/send#498)
9450f18 remove some node versions (Problems with build:css on Windows mozilla/send#495)
a630774 chore(deps): update ubuntu:latest docker digest to 1d7b639 (added progress to tab title when not in focus mozilla/send#485)
40cef52 fix chromiumedge download on macos (Using on Firefox focus crashes/doesn't work mozilla/send#494)
4b473b6 6.20.2
1ecb872 bump deps
be93c33 Merge pull request Delete button enhancement mozilla/send#486 from StefanStadler/update-chromedriver-version
a08d7f4 Updated Chromedriver Version
b084adb Merge pull request Delete button enhancement mozilla/send#483 from vvo/renovate/docker-ubuntu-latest
7434091 chore(deps): update ubuntu:latest docker digest to 2e70e9c
00b2626 update changelog
066aef6 6.20.1
0cbffa3 fix(node6): object.values => _.values
aab87ee Merge pull request Added Enhancement to delete button,gave it a red background to help i… mozilla/send#482 from mgrybyk/fix-chromiumedge-chmod

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service
🦉 Open Redirect


          fix: package.json & package-lock.json to reduce vulnerabilities

ce3b4a4

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/npm:debug:20170905

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet