New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 4 vulnerabilities #1180

Open

aliscco wants to merge 1 commit into main from snyk-fix-4bf14fc3124e7272935190107316150b

Owner

aliscco commented Dec 1, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- node_modules/ava/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: del

The new version differs by 8 commits.

cd0543e 6.0.0
6c99805 Require Node.js 10
1df5280 Readme tweaks
4acd962 Add tip about deleting subdirectories ([Snyk] Fix for 5 vulnerabilities #116)
1a0c36c Add mention of GitHub Sponsors
1e0d705 Tidelift tasks
892ce2a Make it clear that it recursively deletes directories ([Snyk] Fix for 4 vulnerabilities #113)
728cb7c Fix benchmark

See the full diff

Package name: tap

The new version differs by 250 commits.

793c1c0 update versions
47a2289 add missing @ tapjs/mock service key polyfill
6622dca snapshot: update snapshot
556e520 mock: actually be resilient against multiple instances
2c135b0 Add `t.mockAll` method
d7e7e4f clean process.cwd() out of snapshots by default
4c0dc72 use the released version of tshy
c858f37 need to check in .tshy configs for typedoc to work
82f48cd update versions
0f27f73 TypeScript 5.2, use tshy for hybrid builds
de09096 remove my home directory from parser snapshots
46e2bbb repl: mkdirp the .tap dir if missing
acfae01 link typedocs to main website
2ece1da core spawn test even less flaky
a7a12d2 update typedoc to latest, ts-node to temporary fork
a5c0e0c some changelog updates
caf8d81 document repl
a5dc854 Store t.testdir() fixtures in .tap/fixtures
6914d23 remove docs from source control
1dcc6a7 exclude test files themselves from coverage
aff25fc update versions
c5972e7 core: make spawn timeout test less flaky
1c11b37 stack: properly parse ErrnoException errors
1280a55 parser: remove node v12 skip check

See the full diff

Package name: tsd

The new version differs by 5 commits.

a01388b 0.12.0
1b40723 Drop support for Node.js 6
56b90ab Add support for globbing patterns in files property - fixes [Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #69 ([Snyk] Fix for 3 vulnerabilities #70)
9666433 Update all deps, some devDeps ([Snyk] Security upgrade mocha from 3.5.3 to 10.1.0 #72)
861db08 Add expectNotType assertion - fixes Bump http-cache-semantics from 4.1.0 to 4.1.1 #56

See the full diff

Package name: xo

The new version differs by 94 commits.

ab16df2 0.42.0
de55a03 Upgrade dependencies
34800b7 Upgrade `globby` ([Snyk] Fix for 1 vulnerabilities #574)
f81e933 Re-enable `import/newline-after-import` rule
47af93e 0.41.0
af93e79 Upgrade dependencies
0733cc5 Fix code style ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #570)
ab17a3c Lint `.cjs` files in codebase ([Snyk] Fix for 1 vulnerabilities #569)
0a752c7 Update dependencies ([Snyk] Security upgrade eslint from 6.8.0 to 7.0.0 #568)
41c8f39 Convert project to module ([Snyk] Fix for 1 vulnerabilities #566)
b3c5e15 Fix typo ([Snyk] Fix for 1 vulnerabilities #567)
2ef9f22 Prevent the `useEslintrc` option from being used ([Snyk] Fix for 1 vulnerabilities #565)
41f0484 0.40.3
374dd73 Support `xo.config.cjs` and `.xo-config.cjs` ([Snyk] Fix for 1 vulnerabilities #561)
3e7b77c Remove some needless imports ([Snyk] Fix for 1 vulnerabilities #560)
6adf459 Remove `update-notifier`
b6389ef 0.40.2
7ace6e5 Fix handling of `parserOptions` for TypeScript ([Snyk] Fix for 1 vulnerabilities #557)
7629ce0 0.40.1
d2c5750 Properly resolve base config ([Snyk] Fix for 1 vulnerabilities #545)
e9c96a1 Properly handle `parserOptions` ([Snyk] Fix for 1 vulnerabilities #544)
8e1801c Avoid destructuring and just build the expected object once ([Snyk] Fix for 1 vulnerabilities #538)
4cfdc72 Fix CI
56be018 0.40.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution


          fix: node_modules/ava/package.json to reduce vulnerabilities

03afb75

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment