[Snyk] Fix for 1 vulnerabilities

[bkawk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipfs

The new version differs by 250 commits.

• 89aeaf8 chore: release master (#4189)
• 051da16 deps: update libp2p to 0.39.0 (#4203)
• bb78ebf deps: upgrade @ multiformats/multiaddr to 10.4.0 (#4178)
• 83f9882 fix: query input types (#4201)
• c6d03ec docs: clarify state of DHT in js-ipfs (#4181)
• cb3533a docs: Update README.md (#4192)
• 8f351a8 chore: linting
• 39dbf70 deps!: update to libp2p@0.38.x (#4151)
• 7a7e091 chore: update docs/core-api/README (#4159)
• 3b25957 chore: houseclean README (#4157)
• e14dab8 chore: Update .github/workflows/stale.yml [skip ci]
• 3e7353f chore: houseclean ipfs/README (#4156)
• 89db371 chore: houseclean interface-ipfs-core/README (#4158)
• a05695f chore: houseclean ipfs-core/README (#4160)
• d5c1a54 Update .github/workflows/stale.yml
• 965f5a4 chore: release master (#4146)
• 00bd3dd fix: make pubsub message types consistent (#4145)
• c1cbc81 chore: update changelogs (#4144)
• 5a9039a chore: release master (#4143)
• 7be50bd fix: use default ws filters instead of connecting to everything (#4142)
• 0078aad chore: release master (#4132)
• 70e142a chore: cleanup changelog (#4129)
• 129ac77 fix: onMessage assignment should be undefined not null (#4131)
• 92155bc Add .github/workflows/stale.yml

See the full diff

Package name: keythereum

The new version differs by 64 commits.

• 50d5d54 Merge pull request #94 from ethereumjs/new-release
• 00dc88b Bumped version to v2.0.0, added CHANGELOG entry
• 9869955 Merge pull request #93 from paulmillr/master
• 36aed98 Update dependencies
• 3a80253 Merge pull request #82 from ethereumjs/add-changelog
• a9f51ab Added CHANGELOG file
• fd59e27 Bumped version
• 5c3ee93 Merge pull request #81 from ethereumjs/upgrade-crypto-deps
• 2f93a76 upgrade browserify, upgrade uglifyjs to terser
• d55dbd8 update node versions
• 337ade9 format to buffer for keccak
• 540e511 lint
• 6a1178c upgrade secp256k1 dependency
• 4866cca upgrade keccak dependency
• e5d632f use scrypt-js
• 6de4676 Merge pull request [Snyk] Security upgrade ipfs from 0.30.1 to 0.66.1 #72 from whymarrh/remove-lockfile
• f4a0ade Merge pull request [Snyk] Security upgrade ipfs from 0.30.1 to 0.51.0 #70 from whymarrh/travis-config
• 7819dfb Merge pull request [Snyk] Fix for 1 vulnerabilities #69 from whymarrh/fix-jsdoc
• bbc8149 Remove package-lock.json file
• 3767117 travis: Remove sudo: false config
• 16389a4 Add missing JSDoc params
• 428d501 Fix naming of incorrect JSDoc params
• 9e7f7c4 Fix casing of Buffer type in JSDoc
• 4fc9842 Merge pull request [Snyk] Fix for 2 vulnerabilities #65 from ethereumjs/tinybike/bump-dev-dependency-versions

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)