[Snyk] Fix for 7 vulnerabilities #36

sapans30 · 2022-12-01T04:37:24Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	Yes	Proof of Concept
643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	No	Proof of Concept
643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	No	Proof of Concept
643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	No	Proof of Concept
643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	No	Proof of Concept
643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	No	Proof of Concept
643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSNYKHEXPLUGIN-3039680	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @snyk/snyk-cocoapods-plugin

The new version differs by 9 commits.

ad6d93a Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.9.14-slim #31 from snyk/fix/quote-args
c73e049 fix: quote args
eb1737c Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.9.13-slim #30 from snyk/chore/update-dependencies
94be128 chore: update dependencies
8df6ea6 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.11.0b5-slim #29 from snyk/chore/move-to-circleci
99f3b0d chore: move to CircleCI
92f6b11 Merge pull request [Snyk] Security upgrade python from 3.8-slim to 3.9-slim #27 from snyk/chore/update-co
82cd73f chore: fix lint
4182af2 chore: update co file

See the full diff

Package name: @snyk/snyk-hex-plugin

The new version differs by 15 commits.

95708c2 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.7-slim #25 from snyk/fix/quote-spawn-args
e8dd2a3 fix: quote spawn args
86090ee Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.10-slim #23 from snyk/chore/fix-release-node-image
7d6fcb0 chore: fix node image for release step
7e06ca8 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.8-slim #22 from snyk/chore/bump-node-to-16
205bdfc chore: bump node version to 16
404fd22 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.7-slim #21 from snyk/chore/fix-lint-and-windows-tests
cdc219a fix: use scoop instead of choco
882133e fix: change back to 2.4.0 windows orb
368a2ae fix: use windows 5.0.0 orb
43635cd chore: use elixir 1.13.3 in test
d17cbc5 chore: try remove allow downgrade
11d403e chore: fix lint
1f4db02 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.7-slim #19 from snyk/chore/add-contributing
ba911a8 chore: add CONTRIBUTING.md

See the full diff

Package name: snyk-docker-plugin

The new version differs by 120 commits.

434e588 Merge pull request feat: Add support for 'scratch' based docker images snyk/cli#463 from snyk/fix/quote-args
d730d76 fix: quote spawn args
2b999b8 Merge pull request feat: add git metadata to monitor payload snyk/cli#462 from snyk/fix/do-not-trim-go-versions
9043afb fix: use full version of go modules in dep-graph
9cd135f test: update snapshots for dep-graph schema 1.3.0
6af6f1a Merge pull request fix: improve gzip compression of the payloads to handle some larger ones snyk/cli#461 from snyk/fix/go-filepath-determination
ad14d23 fix: go binary file path determination
64ec975 Merge pull request #451 from snyk/fix/go-binary-project-names
7c1c91d test: add test for Go binary without PCLN table
c5f889d fix: handle Go binaries from the Go distributions
abd3f57 Merge pull request fix: handle PHP projects with interdependent packages snyk/cli#460 from snyk/fix/manifest-unknown-err
8165c0c Merge pull request #457 from snyk/feat/support-deleted-files
d6c1c53 fix: amending condition for 'manifest unknown' errors
b03fd7b Merge pull request feat: depGraph snyk-test for npm and yarn snyk/cli#459 from snyk/feat/MYC-41-return-content-sets-from-plugin
6232182 feat: return RedHat repositories with the scanResult
38e1c55 Merge pull request feat: updating nuget-plugin - add assets-project-name flag snyk/cli#458 from snyk/chore/windows-excutor-bump
7753f96 chore: bump windows executor
245a8b5 feat: support deleted files
e0bed79 Merge pull request feat: Release improved project naming for csproj behind a flag snyk/cli#456 from snyk/fix/annotate-error
7aee68c fix: skip CGo binaries without PCLNTable
7963ff2 Merge pull request feat: new debug logs around plugin's inspect snyk/cli#453 from snyk/fix/python-scan-performance-improvements
2a5d559 fix: handle cyclic dependencies in python apps
03391a9 fix: improve python app analysis performance
34cf66e Merge pull request fix: do not fail if csproj not found snyk/cli#452 from snyk/test/fix-recurring-test

See the full diff

Package name: snyk-gradle-plugin

The new version differs by 59 commits.

46fb3e3 Merge pull request fix: Add missing CLI help text for docker remediation snyk/cli#240 from snyk/fix/escape-child-process-arguments
bb1c1c7 fix: escape child process arguments
f115e10 fix: identify projects by path (feat: '--gradle-sub-project' option to handle multip-project gradle snyk/cli#234)
9398d14 Merge pull request feat: docker base image remediation advice snyk/cli#238 from snyk/fix/rest-packages-path
ce194cd fix: TS2304 cannot find name 'Blob'
6643455 chore: default to node 12 when performing lint
aa86b13 fix: rest package path
b3e2b00 test: add gradleProjectName (fix: update message for path with file name error snyk/cli#237)
84f728b Merge pull request chore: enable tslint no-default-export snyk/cli#236 from snyk/fix/remove-reachability
547d91b fix: remove reachability
9af47fc fix: don't fail if matching config doesn't exist (fix: bump snyk-python-plugin to 1.8.2 - to handle pip 18 snyk/cli#235)
90d2c57 Merge pull request Fix/alert if path with filename snyk/cli#232 from snyk/feat/use-best-practice-packages-route
edef32e feat: use /rest/packages best practice Snyk REST API endpoint
b855db9 fix: display more accurate error message (Fix/snyk resolve deps update snyk/cli#233)
9253f07 refactor: get target project (chore: js -> ts snyk/cli#231)
0ed9feb test: change name assertions to be exact (fix: move constants for test-unpublished to json and add it to packag… snyk/cli#230)
76ef3b0 Merge pull request Lockfile autodetection for test, wizard, protect and monitor snyk/cli#228 from snyk/fix/add-needle-types
b8869f0 fix: add @ types/needle
a4eb261 Merge pull request https://github.com/snyk/snyk/issues/225 snyk/cli#226 from snyk/feat/normalize-deps
cad5070 feat: implement gradle-normalize-deps hash searching
3ea5ec1 fix: subproject with same name as root (fix: bump needle to ^2.2.4 to fix bug with node 8.12.0 snyk/cli#222)
79a8a08 fix: matching configuration error on version-catalog (Add yarn lock support snyk/cli#221)
c1c2e41 feat: add debug logging for configs with failing resolvedConfiguration (feat: upgrade snyk-docker-plugin snyk/cli#218)
d8b0a60 test: run pipeline tests on master branch (Add typescript snyk/cli#216)

See the full diff

Package name: snyk-mvn-plugin

The new version differs by 56 commits.

2bfb3e2 Merge pull request #141 from snyk/fix/quote-args
02cda9b fix: escape child process arguments
13c6f33 Merge pull request #140 from snyk/chore/update-readme
38010e0 chore: update supported node versions
a52d276 Merge pull request #139 from snyk/chore/refactor-update-circleci-config
9325c10 chore: update circleci config to use matrix
b5d1b31 Merge pull request #138 from snyk/fix/remove-reachability
0b968bb fix: remove reachability
41d2614 Merge pull request Fix/adding json option in help snyk/cli#137 from snyk/fix/unmanaged-scan-unknown-archives
033e55d fix: unmanaged scan unknown archives
e3e6313 Merge pull request #136 from snyk/feat/maven-aggregate-project-option
c1b44f5 feat: maven aggregate project option
7c4108e Merge pull request #135 from snyk/refactor/build-dep-graph
2105f20 refactor: build dep-graph
8908d19 Merge pull request #134 from snyk/refactor/parse-stdout
f6aa59d refactor: parse stdout
e5ce697 Merge pull request #133 from snyk/refactor/parse-digraph
28ab493 refactor: parse digraph output
734ee3d Merge pull request Add CodeTriage badge to snyk/snyk snyk/cli#131 from snyk/refactor/parse-dependency
eccea58 refactor: parse dependency
1d66754 Merge pull request #132 from snyk/chore/upgrade-linter
533f137 chore: update nvmrc
0282044 chore: update linter
7afa8d5 Merge pull request #129 from snyk/feat/improve-sub-process-debug-logging

See the full diff

Package name: snyk-python-plugin

The new version differs by 19 commits.

6144e09 Merge pull request fix: adjust spacing on 'test' output snyk/cli#197 from snyk/fix/quote-spawn-args
8591abd fix: quote spawn args
43d4b85 Merge pull request chore: automate pkg assets publishing snyk/cli#192 from snyk/fix/support-pipenv-with-empty-packages
a199379 fix: support pipenv empty packages
7938b02 Merge pull request #191 from snyk/chore/fix-broken-tests-and-bump-node-to-16
9aa61ba chore: fix broken tests and bump node to 16
60e23db Merge pull request Feat/lockfile parser lib snyk/cli#188 from snyk/feat/support-files-with-bom
1943319 feat: support requirements.txt files with bom enconding
94f5668 Merge pull request Fix/bump deps snyk/cli#185 from snyk/chore/fix-broken-tests-and-remove-pip9-support
c5c9d66 chore: fix broken tests and remove support for pip 9.0.3
3cc5bad Merge pull request chore: upgrade semantic-release snyk/cli#181 from snyk/fix/key-not-found-in-packageToDepTreeMap
3bd2ade fix: fix key XXX not found in packageToDepTreeMap
fdc05b7 Merge pull request #180 from snyk/fix/requirements-line-with-more-than-one-space
6c8fa99 Merge branch 'master' into fix/requirements-line-with-more-than-one-space
9594b20 fix: when a line inside "requirements.txt" has more than one space
5871df7 Merge pull request #179 from snyk/feat/allow-empty-manifest-flag
7c711fa feat: allow empty manifest flag
155177f Merge pull request Add python3 docker snyk/cli#176 from snyk/fix/correct-ge-version-cmp-to-match-pep508
8f404e4 fix: use correct requirements filter regex for 'ge'

See the full diff

Package name: snyk-sbt-plugin

The new version differs by 20 commits.

3e02fa4 Merge pull request #120 from snyk/fix/quote-args
99c09eb fix: escape child process arguments
63e5c44 Merge pull request [dont-merge] test: update proxyquire to 1.8.0 snyk/cli#118 from snyk/fix/scopekey-error-in-plugin-inspect
179e8c2 fix: filter out configs where isPublic is false
3aff460 Merge pull request #117 from snyk/chore/remove-redundant-files
07b8dad chore: remove redundant files from fixtures
c1c8ba3 Merge pull request #115 from snyk/feat/relax-conditions-for-plugin-inspect
37e0114 feat: relax conditions for plugin inspect
e451665 Merge pull request #114 from snyk/test/add-tests-for-latest-sbt-versions
24c0bc7 test: add tests for sbt 1.7.0
331f46b Merge pull request fix: add proxy support snyk/cli#112 from snyk/chore/add-debug-logs
4358d57 chore: add debug logs
ef3f1f6 Merge pull request #111 from snyk/fix/reduce-sbt-output
735776e fix: reduce scala script output size
0c104cb Merge pull request #108 from snyk/test/sbt-1.7.0
05c1bc1 test: support for sbt v.1.7.0
c6a1177 Merge pull request #107 from snyk/feat/ignore-comments
4ff22d0 feat: ignore single-line and multi-line comments in plugin search
ebf261f Merge pull request #106 from snyk/feat/scalafix-and-project-layout-heuristics
2a307dd feat: fix for scalafix and multi-project fodler layout heuristics