Skip to content

[Snyk] Fix for 2 vulnerabilities#100

Open
ludralph wants to merge 1 commit intodevelopfrom
snyk-fix-50ba044b6b03a30c7d7c3558f2dad9ab
Open

[Snyk] Fix for 2 vulnerabilities#100
ludralph wants to merge 1 commit intodevelopfrom
snyk-fix-50ba044b6b03a30c7d7c3558f2dad9ab

Conversation

@ludralph
Copy link
Owner

@ludralph ludralph commented Mar 22, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 Yes Proof of Concept
high severity 763/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4		 Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bcrypt The new version differs by 160 commits.
  • 2f124bd Fix artifact upload path
  • 10eacf5 Prepare v5.0.1
  • 6eacfe1 Merge pull request #856 from kelektiv/update-deps
  • feb477c Update node-pre-gyp to 1.0.0
  • 42c8b0c Merge pull request #852 from kelektiv/update-deps
  • bafefc3 Update packages
  • 7c5d8df Merge pull request #851 from recrsn/node-15-ci
  • 1ba55f9 Add Node 15 to CI
  • 19c06c1 Update Node version compatibility info
  • 09cb4fc Merge pull request #825 from dogon11/patch-1
  • 2821c03 Merge pull request #811 from techhead/use_buffers
  • 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
  • 984ef18 remove reference to $2y$ algo identifier
  • 630c897 fixes: #828
  • 0f93284 README.md typo fix
  • 4125ebc Update README.md
  • f503e57 Create SECURITY.md
  • f158e6e Allow optional use of Node Buffers.
  • 8866277 Deploy on any travis tag
  • 61139e6 v5.0.0
  • 1bde62c Update node-pre-gyp to 0.15.0
  • 40770d6 Add NodeJS 14 to appveyor CI
  • 5916a46 Merge pull request #807 from techhead/known_length
  • f28e916 Reword comment

See the full diff

Package name: node-sass The new version differs by 116 commits.
  • 7105b0a 5.0.0 (#3015)
  • 0648b5a chore: Add Node 15 support (#2983)
  • e2391c2 Add a deprecation message to the readme (#3011)
  • 6a33e53 chore: Don't upload artifacts on PRs
  • d763506 chore: Only run coverage on main repo
  • d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
  • 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
  • f877689 chore: Don't double build DependaBot PRs
  • b48fac4 chore: Add weekly DependaBot updates
  • 91c40a0 Remove deprecated process.sass API
  • 1f6df86 Replace lodash/assign in favor of the native Object.assign
  • 522828a Remove workarounds for old Node.js versions
  • 40e0f00 chore: Remove second NPM badge
  • ab91bf6 chore: Remove Slack badge
  • 6853a80 chore: Cleanup status badges
  • fb1109c chore: Bump minimum engine version to v10
  • d185440 chore: Add basic Node version support policy
  • db25736 chore: Bump node-gyp to 7.1.0
  • 2c5b110 chore: Bump cross-spawn to v7.0.3
  • 38b9633 chore: Update Istanbul to NYC
  • d63b5bf chore: Bump mocha to v8.1.3
  • d0d8865 chore: Skip constructor tests on v14.6+
  • ee3984d chore: Hoist test ESLint config
  • feee448 chore: Remove disabled and recommended rules

See the full diff

Package name: webpack-dev-middleware The new version differs by 250 commits.
  • 86071ea chore(release): 5.3.4
  • 189c4ac fix(security): do not allow to read files above (#1779)
  • f3c62b8 chore(release): 5.3.3
  • eeb8aa8 fix: types for `Request` and `Response` (#1271)
  • 1a45388 chore(release): 5.3.2
  • b8fb945 chore(deps): memfs force update (#1269)
  • f88067d chore: update deps and ci (#1260)
  • 7186318 chore(deps-dev): bump @ commitlint/cli
  • 57c50ef ci: update `checkout`, `setup-node`, and `codecov` actions (#1267)
  • 840146a chore(deps-dev): bump @ babel/preset-env
  • 10c12eb chore(deps-dev): bump del from 6.0.0 to 6.1.0 (#1264)
  • d35413f chore(deps-dev): bump standard-version
  • 990ee2f chore(deps-dev): bump @ types/node
  • d68ab36 fix: node types (#1195)
  • 85d38da chore(deps-dev): bump @ babel/cli
  • b4fb714 chore(deps-dev): bump eslint from 8.14.0 to 8.15.0 (#1258)
  • f0e8a64 chore(deps-dev): bump webpack from 5.72.0 to 5.72.1 (#1259)
  • 79a4d39 chore(deps-dev): bump express from 4.18.0 to 4.18.1 (#1254)
  • d817499 chore(deps-dev): bump @ babel/core
  • c6d573c chore(deps-dev): bump @ babel/preset-env
  • fa7a2fe chore(deps-dev): bump @ commitlint/cli
  • ff6037f chore(deps-dev): bump @ commitlint
  • b311726 chore(deps-dev): bump lint-staged from 12.4.0 to 12.4.1 (#1249)
  • a51135a chore(deps-dev): bump supertest from 6.2.2 to 6.2.3 (#1248)

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.
  • c9271b9 chore(release): 4.0.0
  • 18bf369 test: fix stability (#3676)
  • cdcabb2 fix: respect protocol from browser for manual setup (#3675)
  • 1768d6b fix: initial reloading for lazy compilation (#3662)
  • 4f5bab1 docs: improve examples (#3672)
  • f2d87fb fix: improve https CLI output (#3673)
  • 0277c5e chore: remove redundant console statements (#3671)
  • 16fcdbc docs: add `ipc` example (#3667)
  • 8915fb8 test: add e2e tests for built in routes (#3669)
  • 4d1cbe1 docs: ask `version` information in issue template (#3668)
  • b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
  • ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
  • f1fdaa7 chore(release): 4.0.0-rc.1
  • c4678bc fix: legacy API (#3660)
  • d8bdd03 test: fix stability (#3661)
  • 22b1414 refactor: remove `killable` (#3657)
  • 75bafbf test: add e2e tests for module federation (#3658)
  • 493ccbd chore(deps): update `ws` (#3652)
  • ae8c523 test: add e2e test for universal compiler (#3656)
  • f94b84f chore(deps): update (#3655)
  • 1923132 test: fix cli
  • 2adfd01 test: fix todo (#3653)
  • 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
  • c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')
🦉 Path Traversal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ludralph @snyk-bot