[Snyk] Fix for 4 vulnerabilities #17

snyk-bot · 2021-05-12T05:19:40Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	No Known Exploit
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	No Known Exploit
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	No Known Exploit
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: json-schema-ref-parser

The new version differs by 25 commits.

51b4ed8 release v4.0.2
5fe3a56 Removed the half-implemented validator plugin
4ac0d7b Added JSDoc comments for the `path` parameter of each method
b6c6dd6 Changed a devDependency (from `npm-check-updates` to `npm-check`)
b4ba766 release v4.0.1
d8aa8d2 updated dependencies
281e86e Moved the `normalizeArgs()` function to a separate file
34570c9 Removed Sinon dependency, since it's no longer used
2872115 Use Mocha 3.x, since 4.x no longer includes a browser-compatible script
78ea3c3 release v4.0.0
2742121 Updated test dependencies (Mocha, Chai, Sinon)
edfbd44 test in IE 11 instead of IE 9 because the Promise and TypedArray polyfills cause erroneous test failures due to incorrect prototype chains
809e193 Use https instead of http in tests that call httpbin.org, since it does an automatic https redirect
3ab377f Removed Promise and TypedArray polyfills, since they're now supported in all modern runtimes
cb44fa6 Use a TypedArray polyfill when testing in IE 9
df31201 Start running browser tests first, since they take the longest
cb68371 Updated the "debug" dependency to protect against a DoS vulnerability
7e7854d Moved the banner text to banner.txt
58686e9 ESLint auto fixes
13b38af removed an old Yeoman file that's not needed
6469912 Added ESLint Config Modular
b68088b removed JSCS, since it's outdated
1b00a94 Updated dependencies
377a5d9 Merge pull request #53 from supertong/path-not-change

Package name: z-schema

The new version differs by 99 commits.

1fa0109 v5.0.1 - update validator to 13.6.0
c703faf Merge pull request #265 from atlassian-forks/nvenegas/validator-redos-fix
be046ff fix: Bump validator 12.2.0 → 13.6.0 to get ReDOS vulnerability fixes
1fee1f1 Merge pull request #262 from antialias/patch-2
7714739 Update ZSchema.js
a4c1c63 fix: engines.node
ff7039c v5.0.0
2428afd Merge branch 'antialias-breakOnFirstError-false' into master
bb17020 build: add node 14 to travis
c940971 feat: default breakOnFirstError=false
018c53f defaulting break on first error to false
23a3707 v4.2.3: passing null instead of undefined when no error present (#254)
5b6a6e3 Merge pull request #254 from antialias/patch-1
b3de844 Merge pull request #257 from antialias/readme-typo-fix
50204be fixup! add support for 'pedanticCheck' option
5a1058f passing null instead of undefined when no error present
088d338 Merge pull request #249 from zaggino/greenkeeper/validator-12.0.0
127b0c0 v4.2.2: fix floating point precision
e2bdda0 Merge branch 'i250'
7075c0b Merge branch 'patch-1' of https://github.com/HanOterLin/z-schema into i250
a8a8711 test: add a test for PR #250
809a25b Update JsonValidation.js
5dc5a6b chore(package): update lockfile package-lock.json
a1ed797 fix(package): update validator to version 12.0.0