Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 23 vulnerabilities #55

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 23 vulnerabilities #55

wants to merge 1 commit into from

Conversation

HugoCapocci
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-73638		 Yes Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASHTEMPLATE-1088054		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Open Redirect
SNYK-JS-NODEFORGE-2330875		 Yes Proof of Concept
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-NODEFORGE-2331908		 Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337		 Yes No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339		 Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-NODEFORGE-598677		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5		 Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 Yes No Known Exploit
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: googleapis The new version differs by 250 commits.
  • 20409df chore: release 49.0.0 (#2022)
  • 7de4e78 chore(deps): update dependency null-loader to v4 (#2044)
  • 340f78d chore(deps): update dependency ts-loader to v7 (#2043)
  • 254f878 chore: remove unused dev packages (#2042)
  • f4eb6e0 chore: update lint ignore files (#2040)
  • 0110f3e docs: update readme for drive readme (#2039)
  • 73d284b fix(deps): update common and auth (#2038)
  • 476b71e test: use discovery docs from fixture (#2037)
  • 3a3b61d build: remove unused codecov config (#2034)
  • fea414a feat!: regenerate the API (#2028)
  • 48a4f05 chore(dep)!: deprecate node 8 (#2021)
  • 99ebacf test: the kitchen sink system test sometimes times out (#2020)
  • 05090da fix: apache license URL (#468) (#2017)
  • d15c656 chore: remove duplicate mocha config (#2016)
  • 874edc3 build: update templates (#2013)
  • dc16586 build: set AUTOSYNTH_MULTIPLE_COMMITS=true for context aware commits (#2012)
  • 741c58b chore: update github actions configuration (#1999)
  • 1fe744b chore(deps): update dependency @ types/rimraf to v3 (#1995)
  • 5512eb5 chore(deps): update dependency typedoc to ^0.17.0 (#1993)
  • 0a4db38 chore: release 48.0.0 (#1979)
  • 074f641 fix: allow an empty requestBody to be provided for APIs that support multipart post (#1988)
  • 8bcb212 feat!: run the generator (adds: displayvideo, gamesConfiguration, managedidentities, networkmanagement) (#1989)
  • 8677588 build(tests): fix coveralls and enable build cop (#1982)
  • 0679c78 build: update linkinator config (#1981)

See the full diff

Package name: gulp The new version differs by 134 commits.
  • 55eb23a Release: 4.0.0
  • 173a532 Docs: Fix the installation instructions
  • ec54d09 Docs: Improve note about out-of-date docs
  • 03b7c98 Docs: Update recipes to install gulp@next
  • 2eba29e Docs: Remove run-sequence from recipes
  • 76eb4d6 Docs: Add installation instructions & update badges
  • fbc162f Docs: Remove references to gulp-util
  • 3011cf9 Scaffold: Normalize repository
  • f27be05 Update: Remove graceful-fs from test suite
  • 361ab63 Upgrade: Update glob-watcher
  • 064d100 Build: Avoid broken node 9
  • 057df59 Release: 4.0.0-alpha.3
  • c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
  • 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
  • 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
  • 723cbc4 Docs: Fix syntax in recipe example (#1715)
  • d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
  • 29ece6f Upgrade: Update undertaker
  • e931cb0 Docs: Fix changelog typos (#1696)
  • 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
  • d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
  • 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
  • 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
  • c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-coffee The new version differs by 15 commits.

See the full diff

Package name: gulp-concat-css The new version differs by 3 commits.

See the full diff

Package name: gulp-filter The new version differs by 14 commits.

See the full diff

Package name: gulp-jasmine The new version differs by 5 commits.

See the full diff

Package name: gulp-jshint The new version differs by 6 commits.
  • 32a25b0 2.1.0
  • 2c57c9f Merge pull request #157 from spalger/remove-gulp-util
  • 5f621f8 vinyl is only used in testing
  • 5eaabdd add yarn.lock file for dev
  • 154180d [gulp-util/PluginError] use plugin-error directly
  • 357ab98 [gulp-util/File] use Vinyl directly

See the full diff

Package name: gulp-less The new version differs by 17 commits.

See the full diff

Package name: gulp-mocha The new version differs by 28 commits.
  • 983b0ac 5.0.0
  • 7bc8d9c Add example of using the `exit` option (#185)
  • 3f53145 Add example of using reporterOptions in readme.md (#179)
  • 5045939 Improve usage example
  • 64fef33 Bump Mocha to v4
  • 06b96ba Meta tweaks
  • ac3d7fc Drop dependency on deprecated `gulp-util` (#187)
  • 67b1e3e 4.3.1
  • 315275f Rewrite tests to use AVA
  • 4ac3c98 Cleanup
  • 9ddcbd0 Convert objects to key value lists. Closes #167 (#171)
  • 55004ca Fix `require` option for multiple entries (#173)
  • e878086 4.3.0
  • 9cedf6e Increase the max buffer
  • 43f4b4d 4.2.0
  • edfa4dd Forward stderr too (#168)
  • 9e5d38a Minor readme tweaks
  • 92ec619 4.1.0
  • 915351f Use the local Mocha dependency of this package
  • bf30380 Print mocha output immediately, not when process finished (#160)
  • 12d44db Convert all arrays to comma separated lists for Mocha
  • fbcaf85 Add compiler option description to the readme (#157)
  • 32afe0d 4.0.1
  • 4e05dce Add manual test gulpfile

See the full diff

Package name: gulp-strip-debug The new version differs by 2 commits.

See the full diff

Package name: nodemailer The new version differs by 7 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Regular Expression Denial of Service (ReDoS)
馃 Prototype Pollution
馃 Open Redirect
馃 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json to reduce vulnerabilities
d836662 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@HugoCapocci @snyk-bot