[Snyk] Upgrade shx from 0.3.2 to 0.3.4

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade shx from 0.3.2 to 0.3.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2022-01-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: shx

• 0.3.4 - 2022-01-10
  

  0.3.4

• 0.3.3 - 2020-10-26
  

  0.3.3

• 0.3.2 - 2018-07-11
  

  0.3.2

from shx GitHub release notes

Commit messages

Package name: shx

• 2eb1a35 0.3.4
• 6aefc1a docs(changelog): updated by Nate Fischer [ci skip]
• 5d6365b chore: add back node v6 support (Update eslint-plugin-react to version 4.0.0 🚀 ipfs/ipfs-desktop#196)
• 92d8c42 chore: update dependencies (Update eslint to version 2.2.0 🚀 ipfs/ipfs-desktop#195)
• 1bb4289 refactor: rename "blacklist" -> "blocklist" (Update standard to version 6.0.6 🚀 ipfs/ipfs-desktop#193)
• 009e7bb chore: switch to GitHub Actions (Update standard to version 6.0.7 🚀 ipfs/ipfs-desktop#194)
• 7877b59 chore: change supported node versions (Update conventional-changelog to version 1.0.2 🚀 ipfs/ipfs-desktop#186)
• 43516c2 docs(changelog): updated by Nate Fischer [ci skip]
• 6d2d2f2 0.3.3
• e9e2ba1 Update shelljs to avoid circular dependency warnings on Node 14 (Update radium to version 0.16.6 🚀 ipfs/ipfs-desktop#184)
• b733ec9 Upgrade minimist to avoid security vulnerability (Update eslint-config-standard to version 5.1.0 🚀 ipfs/ipfs-desktop#179)
• 7e7bf7f docs(sed): document sed syntax, quoting, and escaping slash (Update menubar to version 4.0.0 🚀 ipfs/ipfs-desktop#170)
• e5c1513 chore(deps): update deps (Update electron-packager to version 5.2.1 🚀 ipfs/ipfs-desktop#161)
• 3f06631 chore(node): drop node v4 and v5 (Update to Electron 5 ipfs/ipfs-desktop#917) (Change example clone to be HTTPS based ipfs/ipfs-desktop#157)
• 8423b74 chore: script to bump supported node versions (Update radium to version 0.16.1 🚀 ipfs/ipfs-desktop#156)
• 062e50a chore(ci): switch to node language for travis (Update radium to version 0.16.0 🚀 ipfs/ipfs-desktop#155)
• c3bb1cc chore(npm): remove lockfile (FUSE automount ipfs/ipfs-desktop#154)
• 18a56c2 chore: remove es6-object-assign dependency (Update all the dependencies  ipfs/ipfs-desktop#152)
• fbe3b0a chore: update dev dependency (Window drag and drop file upload is broken ipfs/ipfs-desktop#153)
• 2ff8b0b chore(package-lock): switch to v6 format
• bfa0b7c chore(ci): fix codecov (Update ipfsd-ctl to version 0.7.1 🚀 ipfs/ipfs-desktop#150)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs