[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipfs-api

The new version differs by 250 commits.

• f382ac0 chore: release version v26.0.3
• 2856afe chore: update contributors
• 7fb2cff chore: release version v26.0.2
• 75e0771 chore: update contributors
• ddf8bee chore: release version v26.0.1
• a8f37d6 chore: update contributors
• 0b46750 fix: pin.ls ignored opts when hash was present (feature: enable cat and get files from sub dag trees ipfs/js-ipfs#875)
• 9eaaea3 chore: release version v26.0.0
• 3f927a9 chore: update contributors
• 979d8b5 fix: add missing and remove unused dependencies (progress-bar support ipfs/js-ipfs#879)
• 0652ac0 chore: update to ipld-dag-cbor 0.13
• c534375 chore: remove ipld formats re-export (Hashes created on iPad not resolvable through ipfs.io gateway ipfs/js-ipfs#872)
• ef49e95 feat: ipns over pubsub (pubsub scheme subject to timing? ipfs/js-ipfs#846)
• 14a4471 chore: release version v25.0.0
• 07d6351 chore: update contributors
• 834934f fix: add bl module to package dependencies (Fail: cannot find module async/each ipfs/js-ipfs#853) (Question about application management utilities for IPFS ipfs/js-ipfs#854)
• 68503cc chore: require just functions needed from lodash (Add basic example using ES7 async/await ipfs/js-ipfs#865)
• c510cb7 fix: add lodash dependency (Feat/block api update ipfs/js-ipfs#873)
• 180da77 fix: >150mb bodies no longer crashing Chromium (Running daemon in CLI screws up config ipfs/js-ipfs#868)
• afc5724 chore: set minimal node version to 8 (ipfs-address in the browser ipfs/js-ipfs#847)
• 118a965 small fix to bundle-browserify for recent js-ipfs-api (fix(object.get): treat ipfs hash strings as default base58 encoded ipfs/js-ipfs#849)
• cffbca7 chore: release version v24.0.2
• e0e2db0 chore: update contributors
• e290a38 fix: block.put options (PubSub tests are failing *only* on Travis CI ipfs/js-ipfs#844)

See the full diff

Package name: libp2p

The new version differs by 198 commits.

• 3bde9c8 chore: release version v0.24.4
• 14e12ee chore: update contributors
• 2374929 chore: update deps
• 26de739 chore: 2019 q1 okrs planning (Update libp2p-ipfs-browser to version 0.9.0 🚀 ipfs/js-ipfs#293)
• 0f8d6af chore: release version v0.24.3
• daa2685 chore: update contributors
• fdfb7b4 fix: not started yet (babel-runtime@6.9.2 breaks build ⚠️ ipfs/js-ipfs#297)
• 15bdb79 chore: release version v0.24.2
• 7d78728 chore: update contributors
• 53ed3bd fix: use symbol instead of constructor name (Update libp2p-ipfs to version 0.10.0 🚀 ipfs/js-ipfs#292)
• ae51388 chore: release version v0.24.1
• 7c78faa chore: update contributors
• 7d12eb9 feat: allow configurable validators and selectors to the dht (libp2p-swarm@0.19.3 breaks build 🚨 ipfs/js-ipfs#288)
• 581a1de docs: merge example links: Peer and Content Routing (Windows install missing dependancy ipfs/js-ipfs#285)
• 288ac17 chore: update changelog
• 2e4459b chore: release version v0.24.0
• 2a5232b chore: update contributors
• 44915b3 0.24.0-rc.3
• 64bba57 chore: add publish files to package
• 88ebd1f test: improve multiaddr trim test
• 92cd591 chore: update deps
• 320d84f docs: update examples (roadmap / readme dont have listing of modules ipfs/js-ipfs#271)
• 970deec feat: add maxNumProviders to findprovs (update deps ipfs/js-ipfs#283)
• 714b6ec fix: improve get peer info errors

See the full diff

Package name: libp2p-circuit

The new version differs by 28 commits.

• 702fddc chore: release version v0.3.3
• 5b709dc chore: update contributors
• 29ed23c chore: update dependencies (init ipfs/js-ipfs#42)
• 36e0e44 chore: release version v0.3.2
• 4d0a673 chore: update contributors
• c27c344 fix: connection establishment event handling (IPLD Data Importing - Set of Importers ipfs/js-ipfs#41)
• b2698fd chore: release version v0.3.1
• 1d872ca chore: update contributors
• e830ad8 chore: update files for publish
• f17539a fix: catch bad peerid and update deps (feat/id ipfs/js-ipfs#39)
• 26ad29f chore: release version v0.3.0
• b0ac05a chore: update contributors
• 9dd3a40 correctly close streams on error conditions (update README ipfs/js-ipfs#33)
• 4a71892 chore: remove non jenkins ci
• 1ac430d fix: listener should emit connection (🚣 captain.log - IPFS JavaScript implementation 🌟 ipfs/js-ipfs#30)
• a35ce50 chore: release version v0.2.1
• 9edabe8 chore: update contributors
• f3cb926 Chore/cleanup (Add new repos to the ROADMAP thing ipfs/js-ipfs#29)
• ffd2f8d chore: remove unused deps
• 22e8518 fix: options
• 546af97 fix: close streams
• 800c394 chore: prettify code ([Snyk] Security upgrade read-pkg-up from 3.0.0 to 8.0.0 #21)
• b374735 chore: add lead maintainer (webcrypto ipfs/js-ipfs#27)
• 80fbfd9 docs: typo (realy => relay) ([Snyk] Security upgrade libp2p-mdns from 0.9.2 to 0.11.0 #24)

See the full diff

Package name: libp2p-kad-dht

The new version differs by 75 commits.

• 323da51 chore: release version v0.14.2
• 955b887 chore: update contributors
• 441e29e chore: update dependencies (http-api - get version test with js-ipfs-api fails **only** on Travis ipfs/js-ipfs#70)
• 59d1a94 chore: release version v0.14.1
• 40a33a9 chore: update contributors
• de5a9fb fix: typo get many option (feature object ipfs/js-ipfs#63)
• 56c65e0 chore: release version v0.14.0
• 490161c chore: update contributors
• 3046b54 chore: update options timeout property (Use buffer-loader for tests ipfs/js-ipfs#62)
• d645235 chore: release version v0.13.0
• 43f9b4a chore: update contributors
• 742b3fb feat: run queries on disjoint paths (js-ipfsd-ctl ipfs/js-ipfs#37) (feat/id ipfs/js-ipfs#39)
• 54336dd fix: make 'find peer query' test reliable (object ipfs/js-ipfs#58)
• 60dc71e chore: release version v0.12.1
• 0fe134f chore: update contributors
• b731a1d feat: allow configurable validators and selectors (daemon ipfs/js-ipfs#57)
• 31fb401 chore: release version v0.12.0
• 0533e26 chore: update contributors
• 03ad002 chore: add error code to all errors (Add config command to cli ipfs/js-ipfs#53)
• f246eda chore: release version v0.11.1
• 339c4ac chore: update contributors
• 40bd243 chore: add max num providers to find providers (Run core tests in the browser ipfs/js-ipfs#55)
• 3a5581b chore: release version v0.11.0
• 326c149 chore: update contributors

See the full diff

Package name: libp2p-mdns

The new version differs by 21 commits.

• c4e90b4 chore: release version v0.12.2
• d38e84b chore: update contributors
• bd333c8 chore: update deps
• 7398c19 chore: release version v0.12.1
• 0ab8893 chore: update contributors
• d267551 chore: upgrade dependencies
• 28a1177 chore: add lead maintainer and fix readme headers (Add /api/v0/config/replace endpoint ipfs/js-ipfs#75)
• 313f74c chore: update gitignore
• 85ced60 chore: release version v0.12.0
• fcee5be chore: update contributors
• 02eea97 docs: update README
• d3eeb6e feat: (BREAKING CHANGE) update constructor. add tag
• 526392b chore: release version v0.11.0
• db03208 chore: update contributors
• 7017875 chore: release version v0.10.0
• 856136f chore: fix npm scripts
• 78b9f3e chore: update deps
• 2048b24 chore: update deps
• c69ab01 docs(readme): mdns messages (Integrate libp2p - Get swarm listener and dialer as part of the mix ipfs/js-ipfs#73)
• cb69f2f feat: Use latest multicast-dns and dns-packet (WIP: Make http-api endpoints as specified by the http-api-spec, for the features present in core  ipfs/js-ipfs#69)
• fa8fe22 feat: service names (ID command now generates a public key for output ipfs/js-ipfs#68)

See the full diff

Package name: libp2p-secio

The new version differs by 15 commits.

• 9b16472 chore: release version v0.11.1
• dac8520 chore: update contributors
• 581d80f chore: update deps
• f95a406 fix: reduce bundle size
• 80e3420 chore: release version v0.11.0
• 5d46976 chore: update contributors
• a6290f2 chore: update dependencies
• 35230c9 chore: release version v0.10.1
• 34d80e6 chore: update contributors
• dcc86ee chore: fix package deps
• 0c2a733 chore: update deps
• eee15dd docs: Lead maintainer (Update README.md ipfs/js-ipfs#102)
• 39f70c6 chore: release version v0.10.0
• 0a5490e chore: update contributors
• 5ae98b1 chore: update deps

See the full diff

Package name: libp2p-webrtc-star

The new version differs by 47 commits.

• cbcab9b chore: release version v0.15.7
• 0383758 chore: update contributors
• 87bb612 chore: update dependencies (libp2p-ipfs@0.3.3 breaks build ⚠️ ipfs/js-ipfs#166)
• b3f644e Revert "feat: only send new peers, not the whole peer list" (libp2p-ipfs@0.3.2 breaks build ⚠️ ipfs/js-ipfs#164)
• e12089b feat: only send new peers, not the whole peer list
• b848620 chore: release version v0.15.6
• 87eb120 chore: update contributors
• 5746089 chore: upgrade dependencies (ipfs-blocks@0.2.2 breaks build ⚠️ ipfs/js-ipfs#162)
• 85784db chore: release version v0.15.5
• b3da591 chore: update contributors
• b65d509 fix: catch RTCPeerConnection failed connections
• 85943d3 chore: release version v0.15.4
• f4165c4 chore: update contributors
• 7e3ddf1 chore: update wrtc
• 8fa68ef docs: fix wrong module name in usage
• 400b38b docs: add lead-maintainer
• 8d5d8d2 chore: release version v0.15.3
• 15c39d3 chore: update contributors
• 93488fc chore: release version v0.15.2
• 362c4e5 chore: update contributors
• 03983f2 feat: add tag
• 6c85130 chore: upgrade deps
• 6db6f36 Revert "feat: using block-stream to control webRTC transport"
• eb41dbf Revert "fix: race condition using pump"

See the full diff

Package name: libp2p-websocket-star

The new version differs by 77 commits.

• c102915 chore: release version v0.10.1
• d8796c6 chore: update contributors
• 4741340 chore: update dependencies (WIP: Make http-api endpoints as specified by the http-api-spec, for the features present in core  ipfs/js-ipfs#69)
• 63608af chore: release version v0.10.0
• 013668e chore: update contributors
• ae9fb1c feat: retrieve peers on connect (add full architecture visualization ipfs/js-ipfs#64)
• f3e1dc4 fix: remove dead code
• e9f9fe1 chore: release version v0.9.1
• e426f1c chore: update contributors
• c4f110a chore: upgrade dependencies
• 8f19b49 chore: release version v0.9.0
• 6800e62 chore: update contributors
• faa7c57 fix: better ws errors
• 9953f95 feat: fix stream closing behaviour
• 50de6af Update dependencies and remove non jenkins ci files (track: Files API + MFS ipfs/js-ipfs#60)
• 7ca0a5d chore: update lead maintainer
• 7e2b894 chore: release version v0.8.1
• 0570c75 chore: update contributors
• ce983aa feat: add tag
• e503b12 fix: debug log error
• caa451e fix: debug log error
• eed5472 misc: fix package.json lint
• ee69c45 feat: add tag
• 2aa89c9 chore: upgrade deps

See the full diff

Package name: peer-book

The new version differs by 14 commits.

• aea87ba chore: release version v0.9.0
• 2be0d64 chore: update contributors
• 645f504 chore: updates deps
• 516c30b Merge pull request docs/roadmap status ipfs/js-ipfs#38 from libp2p/chore/upgrade-dependencies
• 94d1958 chore: upgrade dependencies
• d625fed chore: release version v0.8.0
• 35a60a5 chore: update contributors
• c777ae7 docs: add lead maintainer
• 34a192e chore: update deps
• 4c7a887 chore: release version v0.7.0
• 6ba15e2 chore: update contributors
• d7a0b87 chore: release version v0.6.0
• 6cae1ff chore: update contributors
• 4a327a8 chore: update deps

See the full diff

Package name: peer-info

The new version differs by 17 commits.

• b89f0ff chore: release version v0.15.0
• 8478835 chore: update contributors
• 0c44427 Merge pull request WIP: Make http-api endpoints as specified by the http-api-spec, for the features present in core  ipfs/js-ipfs#69 from libp2p/chore/upgrade-dependencies
• 6bcb085 chore: upgrade dependencies
• e83cfa8 docs: add lead maintainer
• 4323518 chore: update deps
• 40f1dd4 chore: release version v0.14.1
• 732ab32 chore: update contributors
• 03b60ae chore: update deps
• 0dc8e03 feat: add filter functionality for multiaddr (feature object ipfs/js-ipfs#63)
• cf71234 chore: release version v0.14.0
• 706556e chore: update contributors
• 17729b5 chore: release version v0.13.0
• 85b6c09 chore: update contributors
• 8e08022 chore: release version v0.12.0
• 2675720 chore: update contributors
• 3f835a3 chore: update deps

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic