[Snyk] Fix for 5 vulnerabilities #181

snyk-bot · 2023-04-26T02:19:14Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- node_modules/ava/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tap

The new version differs by 61 commits.

bc49fb7 15.0.0
4378608 remove publishConfig beta tag
2c2e75f provide mkdirRecursive polyfill for old node versions
8f4c855 correctly specify 10.0.x versions
5e61672 update deps
c44c418 Support 10.0 and test in CI
dc5c841 tcompare@5.0.4
385b6d2 Add .taprc.yml/yaml handling to change log
4f87466 just run regular test script as snap script
315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
564e96f Add detection for .yaml and .yml
75bae93 update cli doc
c1289bf 15.0.0-3
d6fe32f Do not CI on node 10
d2e0428 do not use equals() alias in self-test
3f787c4 tell npm to be colorful in CI
1512818 run tests with color on github actions
4626fa1 Docs: update documentation for tap v15
02d536b libtap@1.0.1
f7c7c58 update cli doc
2aa497c 15.0.0-2
8d7f62e Add support for overriding libtap's internal settings
29eed63 new snapshot folder layout
3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: tsd

The new version differs by 47 commits.

09f4b4f 0.17.0
3c3c755 Remove `update-notifier`
f94f918 Require Node.js 12
6ba71f2 Semi-pin TypeScript version
6480ca9 Implement `printType` helper to print the type of the passed expression as a warning ([Snyk] Fix for 4 vulnerabilities #115)
b749113 Fix processing of config files containing the `rootDir` option ([Snyk] Fix for 4 vulnerabilities #117)
6d0ce6c Process gitignore-style patterns in `files` property of `package.json` ([Snyk] Fix for 5 vulnerabilities #116)
009a185 Add tests for identicality checks of `any`/`never` type parameters to `expectType`/`expectNotType` ([Snyk] Fix for 4 vulnerabilities #113)
7fbb7a0 Use ava's diff comparison view to report assertion mismatches during tests ([Snyk] Security upgrade semantic-release from 17.4.7 to 20.0.1 #114)
f1a2057 Allow omitting `types` property for non-barrel main ([Snyk] Fix for 4 vulnerabilities #112)
3b61da7 Ignore errors from libs in `node_modules` folders ([Snyk] Security upgrade mocha from 3.5.3 to 10.1.0 #110)
fc871a1 Fix config file parsing to consider the `extends` option ([Snyk] Security upgrade tape from 2.14.1 to 4.0.0 #109)
f2cfca7 Upgrade to ts@4.3, allow `expectError` to detect `override` related errors ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #108)
0245f59 0.16.0
331101b Upgrade dependencies
8fe3924 Allow `expectError` directives to detect parameter count mismatches ([Snyk] Security upgrade mocha from 5.2.0 to 10.1.0 #102)
27ccc49 Allow `expectError` assertions to detect non-callable/non-constructable values/expressions ([Snyk] Fix for 4 vulnerabilities #104)
87f7109 Handle multiple diagnostic errors in a single `expectError` assertion ([Snyk] Fix for 3 vulnerabilities #103)
abf7082 Allow `expectError` assertions to detect `this` type mismatches on class methods ([Snyk] Fix for 3 vulnerabilities #105)
27c93af Detect "Type X has no properties in common with type Y" in `expectError` (TS2559) ([Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #97)
b39bd98 Fix missing ES types regression in 0.15 ([Snyk] Fix for 4 vulnerabilities #100)
05f9f3b Upgrade to TypeScript@4.2.4
5376484 Switch to @ tsd/typescript
2cc8e9c 0.15.1

See the full diff

Package name: xo

The new version differs by 94 commits.

ab16df2 0.42.0
de55a03 Upgrade dependencies
34800b7 Upgrade `globby` ([Snyk] Fix for 1 vulnerabilities #574)
f81e933 Re-enable `import/newline-after-import` rule
47af93e 0.41.0
af93e79 Upgrade dependencies
0733cc5 Fix code style ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #570)
ab17a3c Lint `.cjs` files in codebase ([Snyk] Fix for 1 vulnerabilities #569)
0a752c7 Update dependencies ([Snyk] Security upgrade eslint from 6.8.0 to 7.0.0 #568)
41c8f39 Convert project to module ([Snyk] Fix for 1 vulnerabilities #566)
b3c5e15 Fix typo ([Snyk] Fix for 1 vulnerabilities #567)
2ef9f22 Prevent the `useEslintrc` option from being used ([Snyk] Fix for 1 vulnerabilities #565)
41f0484 0.40.3
374dd73 Support `xo.config.cjs` and `.xo-config.cjs` ([Snyk] Fix for 1 vulnerabilities #561)
3e7b77c Remove some needless imports ([Snyk] Fix for 1 vulnerabilities #560)
6adf459 Remove `update-notifier`
b6389ef 0.40.2
7ace6e5 Fix handling of `parserOptions` for TypeScript ([Snyk] Fix for 1 vulnerabilities #557)
7629ce0 0.40.1
d2c5750 Properly resolve base config ([Snyk] Fix for 1 vulnerabilities #545)
e9c96a1 Properly handle `parserOptions` ([Snyk] Fix for 1 vulnerabilities #544)
8e1801c Avoid destructuring and just build the expected object once ([Snyk] Fix for 1 vulnerabilities #538)
4cfdc72 Fix CI
56be018 0.40.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-GOT-2932019 - https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088 - https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381

snyk-bot mentioned this pull request Apr 26, 2023

[Snyk] Fix for 5 vulnerabilities #199

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 5 vulnerabilities #181

[Snyk] Fix for 5 vulnerabilities #181

snyk-bot commented Apr 26, 2023

[Snyk] Fix for 5 vulnerabilities #181

Are you sure you want to change the base?

[Snyk] Fix for 5 vulnerabilities #181

Conversation

snyk-bot commented Apr 26, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: