[Snyk] Upgrade node-weakauras-parser from 3.0.0 to 3.2.3 #63

311821105 · 2024-05-07T14:30:02Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade node-weakauras-parser from 3.0.0 to 3.2.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 21 versions ahead of your current version.
The recommended version was released 2 months ago, on 2024-03-16.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary File Overwrite SNYK-JS-TAR-1536528	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
Buffer Overflow SNYK-JS-NODEWEAKAURASPARSER-564886	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
Denial of Service SNYK-JS-NODEFETCH-674311	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-weakauras-parser

3.2.3 - 2024-03-16
- Trim ASCII whitespace at the end of the input when decoding a string;
- Allow usage of the legacy format when encoding a string;
- Update dependencies.
3.2.2 - 2023-07-30
No content.
3.2.1 - 2023-04-21
Update dependencies
3.2.0 - 2022-06-02
Switch to using Node-API
3.1.4 - 2022-06-02
Update dependencies
3.1.3 - 2021-05-13
Update dependencies
3.1.2 - 2021-01-03
Update neon to 0.6.
3.1.1 - 2021-01-03
3.1.0 - 2020-09-22
3.0.12 - 2021-05-13
Update dependencies
3.0.11 - 2021-01-03
3.0.10 - 2021-01-03
3.0.9 - 2020-09-21
3.0.8 - 2020-08-29
3.0.7 - 2020-05-10
3.0.6 - 2020-05-06
3.0.5 - 2020-04-29
3.0.4 - 2020-04-25
3.0.3 - 2020-04-12
3.0.2 - 2020-04-08
3.0.1 - 2020-04-06
3.0.0 - 2020-04-06

from node-weakauras-parser GitHub release notes

Commit messages

Package name: node-weakauras-parser

d60b471 Allow usage of the legacy format when encoding a string
dafc1a7 Trim ASCII whitespace at the end of the input when decoding a string
fafd437 Update dependencies
e8c65de Update dependencies
03f0a7a ci: drop python2
35040a4 Update dependencies, fix clippy warnings
5467754 Clean up CI
e127d43 Switch to Node-API
02bd852 Update dependencies
6479ddd ci: pre-build for Node v16
22e74ec Update dependencies
3f85863 Update neon to 0.6
c565719 Try to represent maps with numeric keys as arrays when decoding if possible
472871a Fix clippy warnings
00180bc Use a LibSerialize-compatible algorithm in encode()
a8d4f8c Update JS dependencies
af0dd1a Implement decoding of strings generated by WA 2.18+
639062a Make first letters of error messages uppercase
804d1f7 Update dependencies, switch to zlib-ng
6065c16 Implement a configurable memory usage limit for decompression
64dad67 Add some sanity checks for Huffman decompression
7bce56a Update dependencies, switch to zlib fork from Cloudflare
56d9819 Remove redundant imports
908f271 ci: pre-build for Node v14, drop Node v8