Skip to content

[Snyk] Security upgrade ipfs-http-client from 29.1.0 to 51.0.0#44

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-028473fc8eda72218cf5800385628eed
Open

[Snyk] Security upgrade ipfs-http-client from 29.1.0 to 51.0.0#44
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-028473fc8eda72218cf5800385628eed

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 7, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ipfs-http-client The new version differs by 250 commits.
  • ef41f92 chore: publish
  • 1bed859 chore: update contributors
  • 166d341 docs: update api docs
  • 31bddd4 fix: export ipfs http client type and use option extension for client (#3763)
  • 55afc2f fix: flaky timeout test (#3767)
  • 62311f8 fix: root datastore extension (#3768)
  • 3d91be2 Upgrade to GitHub-native Dependabot (#3658)
  • 9852d14 docs: improve README of browser-create-react-app (#3737)
  • 8bcf56f fix: fix flaky pubsub test (#3761)
  • 6fd7776 fix: support @ web-std/file in normalize input (#3750)
  • 58fb802 fix: round bandwidth stats (#3735)
  • 4bad1c6 fix(ipfs-core-types): wrong extension (#3753)
  • 700765b feat: implement dag import/export (#3728)
  • 91a84e4 docs: update browser ipns publish example (#3596)
  • 399ce36 fix: make "ipfs resolve" cli command recursive by default (#3707)
  • d13d15f feat: upgrade to the new multiformats (#3556)
  • dc041aa docs: examples/browser-create-react-app (#3694)
  • cd548e6 chore: fix pkg.homepage for ipfs-core-types (#3733)
  • 54478b0 docs: fixed relative link to CONFIG.md (#3715)
  • 57c3413 chore: updated example dependencies
  • 81f9441 chore: publish
  • ade01d1 feat: support v2 ipns signatures (#3708)
  • 9e48da3 chore: simplify streaming http response code and use instances of pubsub tracker instead of a singleton (#3719)
  • b5470d4 fix: repo auto-migration regression (#3718)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
397fdca 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ASYNC-2441827
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot