Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @ledgerhq/hw-transport-node-hid from 4.61.1 to 6.0.0 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @ledgerhq/hw-transport-node-hid from 4.61.1 to 6.0.0 #7

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @ledgerhq/hw-transport-node-hid The new version differs by 250 commits.
  • 15e2319 v6.0.0
  • 008bba7 v6.0.0-rc.0
  • c86538d erc20 update
  • 8230dfa LL-3928 TypeScript migration (#619)
  • 7184a62 Expose a way to get Model from targetId (#621)
  • 6a34afa Merge pull request #605 from hayyaun/master
  • 046c0c2 Merge pull request #617 from MortalKastor/update-explorer-urls
  • c7a45ad LL-5656 Update Algorand explorer
  • 09f0d41 LL-5745 Update DASH explorer
  • 3577b9f v5.53.1
  • 49607a7 Revert "Removes call to reset after call to open (#609)"
  • e1122a9 v5.53.0
  • f0598d8 Bump ws from 6.2.1 to 7.4.6 (#608)
  • 3d2e728 Removes call to reset after call to open (#609)
  • 2502bfe update ERC20 list (generated)
  • e6d6f2a v5.52.1
  • 5e97c26 update ethers.js dep
  • 6d1da30 Fix chunksize bug in case of long VRS value (#606)
  • 9f2a618 Bump browserslist from 4.16.0 to 4.16.6 (#604)
  • d94f4aa add nanolooker as nano explorer
  • 6c842b6 v5.52.0
  • 1e6190f merging Ethereum plugins work (#602)
  • 420b012 remove --production (#601)
  • b9dcff0 migrate to github actions (#600)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot