New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 7 vulnerabilities #190

Open

aliscco wants to merge 1 commit into main from snyk-fix-494c53b3b3e3576f775cadb0e2237143

Owner

aliscco commented Apr 26, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- node_modules/concordance/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @novemberborn/as-i-preach

The new version differs by 24 commits.

a88e367 11.0.0
c4a4898 Bump dependencies
3768b6d Bump babel-eslint
6d9d181 Add TypeScript support
6f2b8b5 Dedupe again
4a01929 Add eslint-plugin-security
15d5d1e Update unicorn rules
517610e Install eslint-plugin-unicorn directly from GitHub
5bf9427 Add more react rules
962af60 Disallow spacing in object curlies or brackets
0214325 Update promise rules
e3f62ca Dedupe dependencies
89518f7 Bump eslint-plugin-unicorn
2b45822 Bump eslint-plugin-react
19e2c81 Bump eslint-plugin-promise
2048559 Bump eslint-plugin-node
b65117d Bump eslint-plugin-import
3922253 Bump eslint-plugin-ava
4fd54e9 Bump babel-eslint
9708a41 Bump eslint
c503ba0 Bump resolve-from
c30e202 Bump standard-engine
10afa76 Update dev dependencies
2ec0a35 Churn package-lock

See the full diff

Package name: ava

The new version differs by 250 commits.

9bc615e 4.0.0
f09742f Clean up documentation in preparation for AVA 4
0187779 Dependency updates
29024af Test compatibility with TypeScript 4.5
8df118b Use AVA 4 for the self-hosted tests
bedd1d0 Remove dependency on `equal-length`
d4ec097 Improve wording in TypeScript recipe
b3a1b72 Mention experimental specifier resolution in TypeScript recipe
77623a5 Handle path sources
5cdeb9d 4.0.0-rc.1
88e7680 Final ESM tweaks
60b7cf8 Align shared worker protocol identifier with provider protocols
ad521af Graduate shared workers to be non-experimental
0edfd00 Skip flaky tests in CI
c4f6723 Use thread IDs
af30e73 Remove dead code and obsolete TODOs
6ed3ad1 Reduce XO exceptions
5a48893 Update XO and fix problems
a7737cd Update dependencies
dc405ef Fix Mongoose recipe
c214512 Find ava.config.* files outside of project directory
44aebd9 Exclude more files from code coverage
def2885 Improve handling of temporary file changes in watch mode
1a62f15 Switch to .xo-config.cjs

See the full diff

Package name: nyc

The new version differs by 127 commits.

bebf4d6 chore(release): 15.0.0
2931730 chore: Update to final releases of dependencies ([Snyk] Security upgrade tap from 2.3.4 to 5.4.3 #1245)
d44ff19 chore: Update node-preload and use process-on-spawn ([Snyk] Fix for 1 vulnerabilities #1243)
5258e9f feat: Filenames relative to project cwd in coverage reports ([Snyk] Security upgrade eslint from 3.19.0 to 6.0.0 #1212)
6039f29 chore: Unpin test-exclude, update to latest pre-releases ([Snyk] Security upgrade nyc from 14.1.1 to 15.0.0 #1240)
f3c9e6c chore: Temporarily pin test-exclude ([Snyk] Fix for 1 vulnerabilities #1239)
28ed746 chore: Lazy load modules that are rarely/never needed in test processes. ([Snyk] Fix for 4 vulnerabilities #1232)
7307626 chore: Remove cp-file module ([Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #1230)
dfd629d fix: Better error handling for main execution, reporting ([Snyk] Security upgrade aud from 1.1.5 to 2.0.0 #1229)
549c953 chore: Update dependencies, pin find-cache-dir ([Snyk] Fix for 1 vulnerabilities #1228)
a1dee03 chore: Update yargs ([Snyk] Fix for 1 vulnerabilities #1224)
8078a79 chore: Fix 404 in README.md. ([Snyk] Fix for 1 vulnerabilities #1220)
7a02cb7 chore: Add enterprise language ([Snyk] Fix for 2 vulnerabilities #1217)
ea94c7f chore: Remove unused functions ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #1218)
53c66b9 docs: `npm home nyc` goes to github master branch README ([Snyk] Fix for 1 vulnerabilities #1201)
cf5e5d3 chore: Update dependencies
8411a26 fix: Correct handling of source-maps for pre-instrumented files ([Snyk] Fix for 1 vulnerabilities #1216)
f890360 docs: Fix URL to default excludes in README.md ([Snyk] Security upgrade tsd from 0.7.4 to 0.12.0 #1214)
3726bbb chore: Update to async version of istanbul-lib-source-maps ([Snyk] Fix for 1 vulnerabilities #1199)
0efc6d1 chore: Tweak arguments for async coverage data readers ([Snyk] Fix for 1 vulnerabilities #1198)
cc77e13 chore: Add `use strict` to all except fixtures ([Snyk] Fix for 1 vulnerabilities #1197)
bcbe1df chore: Update dependencies ([Snyk] Security upgrade xo from 0.11.2 to 0.42.0 #1196)
2735ee2 chore: 100% coverage ([Snyk] Fix for 1 vulnerabilities #1195)
fd40d49 feat: Use @ istanbuljs/schema for yargs setup ([Snyk] Fix for 1 vulnerabilities #1194)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect


          fix: node_modules/concordance/package.json to reduce vulnerabilities

867d247

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381

snyk-bot mentioned this pull request

[Snyk] Fix for 11 vulnerabilities #245

Open

aliscco mentioned this pull request

[Snyk] Security upgrade gulp-mocha from 4.3.1 to 9.0.0 #822

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment