[Snyk] Upgrade adm-zip from 0.4.11 to 0.5.15 #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade adm-zip from 0.4.11 to 0.5.15. See this package in npm: adm-zip See this project in Snyk: https://app.snyk.io/org/duncan.slade/project/003ef374-3f80-4aa2-a8ff-b345fbfde4d0?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade adm-zip from 0.4.11 to 0.5.15.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 19 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-MIXINDEEP-450212
SNYK-JS-MOMENT-2440688
SNYK-JS-Y18N-1021887
SNYK-JS-Y18N-1021887
SNYK-JS-LODASH-608086
SNYK-JS-LODASH-6139239
SNYK-JS-LODASH-73638
npm:marked:20150520
npm:marked:20170112
npm:marked:20170815
npm:marked:20170907
npm:marked:20180225
SNYK-JS-HANDLEBARS-1056767
SNYK-JS-HANDLEBARS-469063
SNYK-JS-HANDLEBARS-480388
SNYK-JS-HANDLEBARS-534478
SNYK-JS-HANDLEBARS-173692
SNYK-JS-INI-1048974
SNYK-JS-INI-1048974
SNYK-JS-EJS-2803307
npm:ejs:20161128
SNYK-JS-EJS-2803307
npm:ejs:20161128
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-KERBEROS-568900
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-450202
SNYK-JS-LODASH-567746
SNYK-JS-ADMZIP-1065796
SNYK-JS-AJV-584908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-450202
SNYK-JS-LODASH-567746
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ASYNC-2441827
SNYK-JS-BL-608877
SNYK-JS-BODYPARSER-7926860
SNYK-JS-BRACES-6838727
SNYK-JS-DECODEURICOMPONENT-3149970
SNYK-JS-DICER-2311764
SNYK-JS-DUSTJSLINKEDIN-1089257
npm:dustjs-linkedin:20160819
SNYK-JS-HANDLEBARS-1056767
SNYK-JS-EXPRESSFILEUPLOAD-473997
SNYK-JS-EXPRESSFILEUPLOAD-595969
SNYK-JS-HANDLEBARS-174183
SNYK-JS-HANDLEBARS-469063
SNYK-JS-HANDLEBARS-480388
SNYK-JS-HANDLEBARS-534478
SNYK-JS-MONGODB-473855
SNYK-JS-MONGOOSE-2961688
SNYK-JS-QS-3153490
npm:qs:20170213
npm:ejs:20161130-1
npm:ejs:20161130
npm:semver:20150403
npm:moment:20161019
SNYK-JS-YARGSPARSER-560381
SNYK-JS-YARGSPARSER-560381
npm:marked:20170815-1
SNYK-JS-HANDLEBARS-1279029
SNYK-JS-HIGHLIGHTJS-1048676
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-INFLIGHT-6095116
SNYK-JS-ISTANBULREPORTS-2328088
SNYK-JS-JQUERY-174006
SNYK-JS-JQUERY-565129
SNYK-JS-JQUERY-567880
SNYK-JS-EJS-1049328
SNYK-JS-EJS-6689533
npm:ejs:20161130
npm:ejs:20161130-1
SNYK-JS-EJS-1049328
SNYK-JS-EJS-6689533
npm:jquery:20150627
SNYK-JS-LODASH-1018905
SNYK-JS-LODASH-73639
npm:lodash:20180130
SNYK-JS-LODASH-1018905
SNYK-JS-HANDLEBARS-567742
SNYK-JS-EXPRESS-6474509
SNYK-JS-EXPRESS-7926867
SNYK-JS-EXPRESSFILEUPLOAD-2635697
SNYK-JS-EXPRESSFILEUPLOAD-2635946
SNYK-JS-HANDLEBARS-534988
SNYK-JS-QS-3153490
npm:qs:20170213
SNYK-JS-QS-3153490
SNYK-JS-SEMVER-3247795
SNYK-JS-LODASH-608086
SNYK-JS-LODASH-6139239
SNYK-JS-LODASH-73638
SNYK-JS-SETVALUE-1540541
SNYK-JS-SETVALUE-450213
SNYK-JS-MICROMATCH-6838728
SNYK-JS-UNSETVALUE-2400660
npm:fresh:20170908
SNYK-JS-SETVALUE-1540541
SNYK-JS-SETVALUE-450213
SNYK-JS-TYPEORM-590152
npm:negotiator:20160616
npm:negotiator:20160616
npm:negotiator:20160616
npm:npmconf:20180512
SNYK-JS-MONGOOSE-5777721
SNYK-JS-MQUERY-1050858
SNYK-JS-MQUERY-1089718
SNYK-JS-HANDLEBARS-567742
SNYK-JS-HIGHLIGHTJS-1045326
SNYK-JS-MONGOOSE-472486
SNYK-JS-MINIMIST-559764
SNYK-JS-MINIMIST-559764
SNYK-JS-MINIMIST-559764
SNYK-JS-MONGOOSE-1086688
SNYK-JS-PATHTOREGEXP-7925106
SNYK-JS-REQUEST-3361831
SNYK-JS-LODASH-73639
SNYK-JS-MARKED-174116
SNYK-JS-MARKED-2342073
SNYK-JS-MARKED-2342082
SNYK-JS-MARKED-451540
SNYK-JS-MARKED-584281
SNYK-JS-MINIMATCH-3050818
SNYK-JS-VALIDATOR-1090599
SNYK-JS-VALIDATOR-1090600
SNYK-JS-VALIDATOR-1090601
SNYK-JS-VALIDATOR-1090602
SNYK-JS-XML2JS-5414874
SNYK-JS-TOUGHCOOKIE-5672873
SNYK-JS-UGLIFYJS-1727251
SNYK-JS-UGLIFYJS-1727251
SNYK-JS-UNDERSCORE-1080984
npm:mem:20180117
npm:ms:20151024
npm:st:20140206
npm:st:20171013
npm:mongoose:20160116
SNYK-JS-MPATH-1577289
SNYK-JS-PATHPARSE-1077067
SNYK-JS-KINDOF-537849
npm:adm-zip:20180415
SNYK-JS-BABELTRAVERSE-5962463
SNYK-JS-HANDLEBARS-534988
SNYK-JS-HANDLEBARS-1279029
npm:moment:20170905
SNYK-JS-HBS-1566555
SNYK-JS-MINIMIST-2429795
SNYK-JS-MINIMIST-2429795
SNYK-JS-MINIMIST-2429795
SNYK-JS-MINIMIST-2429795
SNYK-JS-SEND-7926862
SNYK-JS-SERVESTATIC-7926865
npm:debug:20170905
npm:debug:20170905
npm:ms:20170412
npm:mime:20170907
npm:mime:20170907
npm:ms:20170412
npm:ms:20170412
Release notes
Package name: adm-zip
-
0.5.15 - 2024-08-05
- Fix utils canonical to valid posix by @ skoniks in #499
- addFile backslash test by @ 5saviahv in #500
- added addLocalFolderAsync2 by @ 5saviahv in #501
- fixed windows paths by @ roosipuu in #503
- Add Windows build by @ 5saviahv in #504
- inital "decoder" functionality by @ 5saviahv in #505
- Bump braces from 3.0.2 to 3.0.3 by @ dependabot in #506
- Write out Electron original-fs auto loading by @ 5saviahv in #502
- using writeZip() twice throws "Invalid LOC header (bad signature)" error by @ 5saviahv in #507
- Descriptor check & Main Header locating by @ 5saviahv in #508
- House keeping by @ 5saviahv in #509
- typo by @ 5saviahv in #510
- Allow interoperability files with non-UTF-8 (bit 11 = 0) name by @ yfdyh000 in #450
- package lock update by @ 5saviahv in #511
- small updates by @ 5saviahv in #513
- CodeQL check by @ 5saviahv in #514
- Keep local extra data by @ 5saviahv in #515
- Update old test by @ 5saviahv in #516
- make all errors a function by @ 5saviahv in #517
- Update date time functions by @ 5saviahv in #518
- Add a length check when extra field parsed by @ code-sunbo in #520
- deleteFile is too eager by @ 5saviahv in #525
- @ skoniks made their first contribution in #499
- @ roosipuu made their first contribution in #503
- @ code-sunbo made their first contribution in #520
-
0.5.14 - 2024-06-04
-
0.5.13 - 2024-06-01
- Fixed extractAllToAsync callback @ 5saviahv
- Fixed issue with "toAsyncBuffer" where after that command all entries are gone @ 5saviahv
- Minor fixes (tests, typos etc) @ 5saviahv
- Added a an option to specificy the maximum expectedLength of the file to protect against zip bombs or limit memory usage @ undefined-moe
- Add check for invalid large disk entries @ criyle
-
0.5.12 - 2024-03-14
-
0.5.11 - 2024-03-13
- Add support for Info-Zip password check spec for ZipCrypto @ lukemalcolm
- Extraction of password protected zip entries @ Santa77
- Fixed unnecessary scanning a local file headers (except in the case of corrupted archives) @ likev
- Added GitHub actions @ kibertoad
- Fixed cases when extra data was lost @ yfdyh000
- Fixed throw empty error in extractAllToAsync on operation done @ Autokaka
-
0.5.10 - 2022-12-20
-
0.5.9 - 2021-10-07
-
0.5.8 - 2021-10-07
-
0.5.7 - 2021-10-01
-
0.5.6 - 2021-09-12
-
0.5.5 - 2021-03-31
-
0.5.4 - 2021-03-08
-
0.5.3 - 2021-02-18
-
0.5.2 - 2021-01-27
-
0.5.1 - 2020-11-27
-
0.5.0 - 2020-11-19
-
0.4.16 - 2020-06-23
-
0.4.14 - 2020-02-06
-
0.4.13 - 2018-11-13
-
0.4.11 - 2018-05-12
from adm-zip GitHub release notesWhat's Changed
New Contributors
Full Changelog: v0.5.14...v0.5.15
Fixed an issue introduced on version 0.5.13 requiring a new mandatory parameter on the inflater on nodejs version >= 15
Fixed extraction error
v0.5.9
v0.5.8
v0.5.7
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"adm-zip","from":"0.4.11","to":"0.5.15"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,...