New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @wasmer/wasmfs from 0.10.2 to 0.12.0 #6

Open

snyk-bot wants to merge 1 commit into master from snyk-upgrade-b7e5d7885981cbeefe114e823e06a195

snyk-bot commented Jul 13, 2021

Snyk has created this PR to upgrade @wasmer/wasmfs from 0.10.2 to 0.12.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released 10 months ago, on 2020-09-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @wasmer/wasmfs

0.12.0 - 2020-09-16
v0.12.0
0.11.2 - 2020-05-14
v0.11.2
0.11.1 - 2020-05-14
v0.11.1
0.11.0 - 2020-05-13
v0.11.0
0.10.2 - 2020-03-18
v0.10.2

from @wasmer/wasmfs GitHub release notes

Commit messages

Package name: @wasmer/wasmfs

539782b v0.12.0
94d5a7a Merge pull request Bump version to 0.10.0, update CHANGELOG.md swiftwasm/carton#244 from wasmerio/dependabot/npm_and_yarn/packages/wasmfs/yargs-parser-13.1.2
a9d191c Merge pull request Fix Ubuntu deps, clarify Linux support in README swiftwasm/carton#242 from wasmerio/dependabot/npm_and_yarn/packages/wasmfs/bl-3.0.1
06b5917 Merge pull request Avoid building in release mode when testing swiftwasm/carton#240 from wasmerio/dependabot/npm_and_yarn/examples/wasm-shell/elliptic-6.5.3
0feb756 Merge pull request Request: Support an environment variable to move the location of ~/.carton swiftwasm/carton#235 from wasmerio/dependabot/npm_and_yarn/packages/wasmfs/lodash-4.17.19
913ec50 Merge pull request Document how to create the ~/.carton/static directory when using unreleased versions. swiftwasm/carton#234 from wasmerio/dependabot/npm_and_yarn/packages/cli/lodash-4.17.19
9d39fb1 Merge pull request Carton cannot find swiftenv installation with custom SWIFTENV_ROOT swiftwasm/carton#233 from wasmerio/dependabot/npm_and_yarn/e2e-tests/lodash-4.17.19
9975400 Merge pull request Update dependencies swiftwasm/carton#232 from wasmerio/dependabot/npm_and_yarn/examples/wasm-shell/lodash-4.17.19
3baa0ff Merge pull request Update dependencies swiftwasm/carton#245 from hlolli/fix/o-write
24f5508 catch throwable stat call to memfs
17ba962 Merge pull request Fix carton dev crashing with SO sanitizer swiftwasm/carton#239 from wasmerio/v0.11.1+trace-syscalls
423f671 A flag to enable syscall trace for debugging purposes.
8cb6348 Bump yargs-parser from 13.1.1 to 13.1.2 in /packages/wasmfs
02051e8 Merge pull request Update JSKit and Tokamak versions in templates swiftwasm/carton#243 from wasmerio/0.11+bugfix-open-create
951725c In `path-open`: Only `stat` the file if opened read-only,
1314148 Bump bl from 3.0.0 to 3.0.1 in /packages/wasmfs
37c1029 Bump elliptic from 6.5.2 to 6.5.3 in /examples/wasm-shell
c5a3ea6 Bump lodash from 4.17.15 to 4.17.19 in /packages/wasmfs
05fb5c3 Bump lodash from 4.17.15 to 4.17.19 in /packages/cli
c2ec32b Bump lodash from 4.17.15 to 4.17.19 in /e2e-tests
bd1af99 Bump lodash from 4.17.15 to 4.17.19 in /examples/wasm-shell
9bb803e Merge pull request Update JS dependencies in package-lock.json swiftwasm/carton#231 from MaxDesiatov/patch-1
ac7a4f7 Convert BigInt to Number in the DataView polyfill
35e7c60 Merge pull request Console output told me to open this issue. Used Tokamak swiftwasm/carton#227 from vedantroy/patch-1

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade @wasmer/wasmfs from 0.10.2 to 0.12.0

299c801

Snyk has created this PR to upgrade @wasmer/wasmfs from 0.10.2 to 0.12.0.

See this package in npm:
https://www.npmjs.com/package/@wasmer/wasmfs

See this project in Snyk:
https://app.snyk.io/org/hafixo/project/59edcc60-14d8-4f1b-ae7b-e64fd5ff358e?utm_source=github&utm_medium=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet