Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 21 vulnerabilities #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 21 vulnerabilities #4

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Aug 5, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-GETOBJECT-1054932		 Yes No Known Exploit
high severity 569/1000
Why? Has a fix available, CVSS 7.1		 Arbitrary Code Execution
SNYK-JS-GRUNT-597546		 Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service (DoS)
SNYK-JS-JSYAML-173999		 Yes No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Arbitrary Code Execution
SNYK-JS-JSYAML-174129		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-LODASH-567746		 Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-LODASH-590103		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-73638		 Yes No Known Exploit
medium severity 434/1000
Why? Has a fix available, CVSS 4.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388		 Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:braces:20180219		 Yes Proof of Concept
low severity 354/1000
Why? Has a fix available, CVSS 2.8		 Insecure use of /tmp folder
npm:cli:20160615		 No No Known Exploit
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Prototype Pollution
npm:hoek:20180212		 Yes No Known Exploit
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620		 Yes No Known Exploit
medium severity 576/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.1		 Uninitialized Memory Exposure
npm:tunnel-agent:20170305		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: dateformat The new version differs by 9 commits.

See the full diff

Package name: grunt-contrib-jshint The new version differs by 9 commits.

See the full diff

Package name: isparta The new version differs by 79 commits.
  • 749862a chore(release): v4.0.0
  • 331d559 refacto(cli): isolate and test ArgParser
  • bb98754 test(bin): add bin tests
  • 7878746 style: format some files
  • 3ca8200 doc(README): update README
  • 98b8512 Merge pull request #92 from douglasduteil/chore-travis-test-on-more-node-versions
  • f9caf58 chore(travis): test on more node versions
  • 1e3c696 Merge pull request #91 from douglasduteil/feat-dep-babel-6-compatibility
  • ee4cb75 test: update coverate comments
  • c31a687 chore(test): use babel-polyfill
  • b809b1c feat(babel): support babel 6.x.x
  • 1890d45 feat: babel 6 compatibility
  • bb51079 chore(release): v3.5.3
  • c774997 chore(release): v3.5.2
  • 7561a6c Merge pull request #84 from srapp/master
  • 9a39c93 Update README.md
  • 3a104b4 chore(release): v3.5.1
  • de6ae7c Merge pull request #83 from douglasduteil/fix-cli-typo-trailing-s-
  • 1a210ac fix(cli): typo trailing "s"
  • db1872d Reverting config parsing changes to preserve .istanbul.yml functionality
  • 8cd2944 chore(release): v3.5.0
  • 553cec5 Merge branch 'mattlewis92-mattlewis92-patch-1'
  • 7cf5366 Merge branch 'mattlewis92-patch-1' of https://github.com/mattlewis92/isparta into mattlewis92-mattlewis92-patch-1
  • ed0f0f7 chore(release): v3.4.0

See the full diff

Package name: rimraf The new version differs by 15 commits.
  • 4359e9d v2.4.2
  • e99339d You can specify more than one paths
  • de8708b add .gitignore, ignore npm-debug.log & node_modules/
  • f2137fd add david-dm npm dependencies status badge
  • a0f6d91 add travis-ci build status badge of master branch
  • 1b4d43d update rap and glob deps
  • 100522c Make tests pass on v0.8
  • 9b97ac6 v2.4.1
  • ece14b6 Use async function for bin
  • 2128f0b v2.4.0
  • db49365 Support disableGlob in rimraf.sync
  • 729a176 tests of glob and disabled glob
  • 9c99354 option to disable glob
  • 267dd6c don't use bash for tests
  • ba82cdc travis.yml

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
976bc19 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GETOBJECT-1054932
- https://snyk.io/vuln/SNYK-JS-GRUNT-597546
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:cli:20160615
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:tunnel-agent:20170305
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot