Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade uglify-js from 2.6.0 to 2.8.29 #7

Merged
merged 1 commit into from
Dec 6, 2020

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Nov 8, 2020

Snyk has created this PR to upgrade uglify-js from 2.6.0 to 2.8.29.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 40 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2017-06-14.
Release notes
Package name: uglify-js
  • 2.8.29 - 2017-06-14

     

  • 2.8.28 - 2017-06-03

     

  • 2.8.27 - 2017-05-19
  • 2.8.26 - 2017-05-16
  • 2.8.25 - 2017-05-15
  • 2.8.24 - 2017-05-13
  • 2.8.23 - 2017-05-06
  • 2.8.22 - 2017-04-09
  • 2.8.21 - 2017-04-02
  • 2.8.20 - 2017-03-31
  • 2.8.19 - 2017-03-31
  • 2.8.18 - 2017-03-28
  • 2.8.17 - 2017-03-28
  • 2.8.16 - 2017-03-24
  • 2.8.15 - 2017-03-23
  • 2.8.14 - 2017-03-19
  • 2.8.13 - 2017-03-16
  • 2.8.12 - 2017-03-10
  • 2.8.11 - 2017-03-10
  • 2.8.10 - 2017-03-08
  • 2.8.9 - 2017-03-08
  • 2.8.8 - 2017-03-07
  • 2.8.7 - 2017-03-05
  • 2.8.6 - 2017-03-05
  • 2.8.5 - 2017-03-02
  • 2.8.4 - 2017-03-01
  • 2.8.3 - 2017-03-01
  • 2.8.2 - 2017-03-01
  • 2.8.1 - 2017-02-28
  • 2.8.0 - 2017-02-28
  • 2.7.5 - 2016-11-29
  • 2.7.4 - 2016-10-23
  • 2.7.3 - 2016-08-17
  • 2.7.2 - 2016-08-17
  • 2.7.1 - 2016-08-14
  • 2.7.0 - 2016-07-03
  • 2.6.4 - 2016-06-22
  • 2.6.3 - 2016-06-19
  • 2.6.2 - 2016-02-22
  • 2.6.1 - 2015-11-16
  • 2.6.0 - 2015-11-12
from uglify-js GitHub release notes
Commit messages
Package name: uglify-js
  • 23876a8 v2.8.28
  • 092d027 Merge pull request #2048 from alexlamsl/v2.8.28
  • 06296be add tests for `AST_SymbolAccessor` (#2049)
  • 3818a9e fix non-identifier getter/setter name (#2041)
  • 75e2748 v2.8.27
  • a7c987a Merge pull request #1971 from alexlamsl/v2.8.27
  • 957c54b introduce `unsafe_regexp` (#1970)
  • 4cbf5a7 v2.8.26
  • 93d4224 Merge pull request #1947 from alexlamsl/v2.8.26
  • 6cd580d fix parsing of property access after new line (#1944)
  • ecb63ad improve keyword-related parser errors (#1941)
  • 1ca43bc v2.8.25
  • 3ee1464 Merge pull request #1938 from alexlamsl/v2.8.25
  • 24967b8 fix & improve coverage of `estree` (#1935)
  • a8c67ea fix bugs with getter/setter (#1926)
  • d0b0aec document 3 max passes (#1928)
  • 9f5a602 clarify wording (#1931)
  • 4027a0c fix parser bugs & CLI reporting (#1827)
  • 87f8a48 v2.8.24
  • c736834 Merge pull request #1921 from alexlamsl/v2.8.24
  • 9a98513 add documentation for `side_effects` & `[#@]__PURE__` (#1925)
  • f631d64 avoid `arguments` and `eval` in `reduce_vars` (#1924)
  • aa7e878 fix invalid transform on `const` (#1919)
  • 13e5e33 document known issues with `const` (#1916)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@guardrails
Copy link

guardrails bot commented Nov 8, 2020

⚠️ We detected security issues in this pull request:
Mode: paranoid | Total findings: 222 | Considered vulnerability: 17

Hard-Coded Secrets (100)

"commit": "4dec426aa2a6cbabb1b064319ba7c272d594a688"

"commit": "e43a42160817270ff45d4ac3a75ff93658fae700"

"email_hash": "a4aec9f48b0281995da5b2223b3ac213"

"email_hash": "25601fc3740f83926598cc89dc604e5f"

"email_hash": "2a06a2827b2baa70da6c7ac35acfcb5e"

"email_hash": "28f14a601696f114e84c5be712032c73"

"email_hash": "4590affff8ab7bda7cbc2a3d766f02bd"

"email_hash": "b2bd81c28bcafeea19ac72e554859ec0"

"email_hash": "d5c948086776fc91b4c7abff56bb7672"

"email_hash": "1ce4f00aae1dbed39c2899dbd85e4169"

"email_hash": "dcc375d4184c9ce18bedc0db1391cb2f"

"email_hash": "bc2da610ac397822eeb3405b7718a9d9"

"email_hash": "15116221263b5450dd8abff3cc7a8ea9"

"email_hash": "90d33a04aa3d2ba5230831650d449714"

"email_hash": "5698d4707354e0b9e4ba6f22a0be84d8"

"email_hash": "acd22ce8d834f8548c4200bec5fe6c40"

"email_hash": "45e2bb34105769aaae7dbf841b37da84"

"email_hash": "7c269209b6935ebf04de6171e6da80a5"

"email_hash": "86e6ff8f75f9daef42d53b7f8002fd95"

"email_hash": "b12346cb9e2e217ae6741e6af3ee6852"

"email_hash": "586ed1e5c3543cf7c304861c1240efdf"

"email_hash": "5f8a354d18429fa4d502de0b18ddaa5b"

"email_hash": "3e412d974a909f07ac9382b2d46cdf80"

"email_hash": "5de923d527dc4cd4cacbafb74d4c5d18"

"email_hash": "e30b781f0306f0b46f32b17733b8398d"

"email_hash": "a2fe3b7599ef15af835ce803d5244f8e"

"email_hash": "23a8b77e957cf10622f9039e4f3a954d"

"email_hash": "2b8b22a4feb9a73e64bd1a51287ef20f"

"email_hash": "1d1af4fce4b64ececdfc88b33881bbc9"

"email_hash": "9e16629a5e67bf6bed7b1b519bceafa1"

"email_hash": "9d0f36cf7c4c77a62626ef9df43b79a7"

"email_hash": "fdbc495cc9b5f7a789650b3ae4592bc4"

"email_hash": "cba0529762ef11ebc58637b537a42acd"

"email_hash": "e6f67177880fb558b629820b882b159b"

"email_hash": "26415c14e002ed031a23225efdebc7c7"

"email_hash": "5422e34c270c77415bbcc6ed93544b3d"

"email_hash": "4e774187456a5953a4cf97f60344ec26"

"email_hash": "29de018a3ee44a96503802c7516d7660"

"email_hash": "be5ae20541e29f445166885a87a81d35"

"email_hash": "818df74dc3bb3fd1d8a1848e238b53d6"

"email_hash": "9409cb9468f20f7b03a6515bdf5ff81c"

"email_hash": "031c656239e481086f37717b07b17522"

"email_hash": "e58f134cbdd998fd90d6951043fbf274"

"email_hash": "3e365666b8b4473179ab1cdc05c0ec36"

"email_hash": "228384247e084ecfab05558229195aba"

"email_hash": "18018fe3a71122bc0648943d6892ffb3"

"email_hash": "a26652004f1b6ed7f5764189ce722823"

"email_hash": "7fb8e97ca4d0322cdad566c81437e38a"

"email_hash": "9209ea2a036a546d315da5600f0025b9"

"email_hash": "80fe3a01e22a86fa6c652ee7d75d5b31"

"email_hash": "288e49ea9ee1aa8516598465d9473033"

"email_hash": "67ebeef7b7b8d5533f5caf77074c62b8"

"email_hash": "02c4213274d414cb8da4f34108f355db"

"email_hash": "90611479ceffc2da2d62d5f6134a5565"

"email_hash": "e7334b63d88530e1cdcb1eac6fced20f"

"email_hash": "8d618d6102a868921c256b2d798aae45"

"email_hash": "c4b17df9c9b2f33a96eb84f92054f708"

"email_hash": "1cf6e58dae064fc449e6840ffdb90306"

"email_hash": "50ff6dd1fd1fb4c7fd0a2cee3be9ff0a"

"email_hash": "5faba9a6598ed24d2f1ff4eaaac0cfe8"

"email_hash": "a9db2cbc6d4e589aec2d25f67771b85e"

"email_hash": "1f396684d672cf556c9e1532c1e0af0a"

"email_hash": "1a033f15f829f9d5b590a40dccc66559"

"email_hash": "e4a1f83ad5fb19e0cfef8d818c4a02c6"

"email_hash": "7cc5677dd2e2f4d1cc7b86c52d053ae8"

"email_hash": "31cbea1bc9ec690e95a60826eb6328a5"

"email_hash": "07647a7ad89294eb2527e03afb5e450a"

"email_hash": "61848af6a10034cf09426b843e01efc3"

"email_hash": "04361eba6e039eecdd3458e2545f03e6"

"email_hash": "3939a271af7fae22f6400b61c0d14c73"

"email_hash": "72bfcaf32b3480f5cecb438684cabb92"

"email_hash": "be926689bf46ab9f3b0331cc985c469b"

"email_hash": "cb35faaf6bb76341164d7568101e394c"

"email_hash": "8d7165905cf94796ea496370004f8520"

"email_hash": "cd867e89325fe74445707fb6b4364be8"

"email_hash": "31975d063f893b2551f6f7d5ed6bfa8e"

"email_hash": "e4a035242c5843420c0c1bf20daddb97"

"email_hash": "76706ad194800ea2645a109190baa5a4"

"email_hash": "d4f2c42b9bf234c7c5e5c6af0fb373a3"

"email_hash": "56ad21e0912e6810378c035c51dcc46e"

"email_hash": "3dadeb26ed5bb578fc0385a8def93699"

"email_hash": "9239a13c2e8049a26f32fe3d4367b58c"

"email_hash": "aeca5f30afc60a8429e24b9b42f8c9df"

"email_hash": "cdee7bd13ac26fdbb617a4b74170c53c"

"email_hash": "2596022781bb27a84583b7454954ee96"

"email_hash": "db83131e229b650a3a474923cb163211"

"email_hash": "59ee510a7de8f4c199ff6c44c02274bb"

"email_hash": "67db701d6a4e067c6aeeca5dec7a82ef"

"email_hash": "88c6371f6a47841abde4c60dd8a2f964"

"email_hash": "00c4b6dae0d342a11e70e4982440f9e6"

"email_hash": "2d4efce7fbf59cedc35242a018b4bb59"

"email_hash": "9d848d8392fc5291a0c77f4064b7e67a"

"email_hash": "925ead45ca60d8569512e6c4ff34c841"

"email_hash": "c7720840fc9817ef936cf82e8cdb848d"

"email_hash": "d91f8193ab33d05022a8ac02b86c833d"

"email_hash": "9e4f23b0072f4f7d3e2649e3e1a2816b"

"commit": "c68b434eb438394d1b069e38ba9d582c8d1fd28f"

"commit": "15b128d80c226874339f9873916cd05f2df639ae"

@octicons-version: "b01a7f596657e53ed8582fa87efeaef4e51709c2";

$octicons-version: "b01a7f596657e53ed8582fa87efeaef4e51709c2";

More info on how to fix Hard-Coded Secrets in General.


Insecure Use of Regular Expressions (68)

rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),

rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),

rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ),

rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ),

rpseudo = new RegExp( pseudos ),

ridentifier = new RegExp( "^" + identifier + "$" ),

"ID": new RegExp( "^#(" + characterEncoding + ")" ),

"CLASS": new RegExp( "^\\.(" + characterEncoding + ")" ),

"TAG": new RegExp( "^(" + characterEncoding.replace( "w", "w*" ) + ")" ),

"ATTR": new RegExp( "^" + attributes ),

"PSEUDO": new RegExp( "^" + pseudos ),

"CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace +

"bool": new RegExp( "^(?:" + booleans + ")$", "i" ),

"needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" +

runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ),

rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") );

rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") );

(pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) &&

tmp = tmp[2] && new RegExp( "(^|\\.)" + namespaces.join("\\.(?:.*\\.|)") + "(\\.|$)" );

new RegExp( "(^|\\.)" + namespaces.join("\\.(?:.*\\.|)") + "(\\.|$)" ) :

var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" );

rnumsplit = new RegExp( "^(" + pnum + ")(.*)$", "i" ),

rrelNum = new RegExp( "^([+-])=(" + pnum + ")", "i" ),

rfxnum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ),

rnumsplit = new RegExp( "^(" + pnum + ")(.*)$", "i" ),

rrelNum = new RegExp( "^([+-])=(" + pnum + ")", "i" ),

return new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" );

rfxnum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ),

tmp = tmp[2] && new RegExp( "(^|\\.)" + namespaces.join("\\.(?:.*\\.|)") + "(\\.|$)" );

new RegExp( "(^|\\.)" + namespaces.join("\\.(?:.*\\.|)") + "(\\.|$)" ) :

rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),

rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),

rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ),

rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ),


ridentifier = new RegExp( "^" + identifier + "$" ),

"ID": new RegExp( "^#(" + characterEncoding + ")" ),

"CLASS": new RegExp( "^\\.(" + characterEncoding + ")" ),

"TAG": new RegExp( "^(" + characterEncoding.replace( "w", "w*" ) + ")" ),

"ATTR": new RegExp( "^" + attributes ),

"PSEUDO": new RegExp( "^" + pseudos ),

"CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace +

"bool": new RegExp( "^(?:" + booleans + ")$", "i" ),

"needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" +

runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ),

rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") );

rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") );

(pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) &&

new RegExp(escapeRegExp(tags[0]) + "\\s*"),

new RegExp("\\s*" + escapeRegExp(tags[1]))

value = scanner.scanUntil(new RegExp('\\s*' + escapeRegExp('}' + tags[1])));

xdRegExp: /^((\w+)\:)?\/\/([^\/\\]+)/,

var re_mgr0 = new RegExp(mgr0);

var re_mgr1 = new RegExp(mgr1);

var re_meq1 = new RegExp(meq1);

var re_s_v = new RegExp(s_v);

var re4_1b_2 = new RegExp("^" + C + v + "[^aeiouwxy]$");

var re3_5 = new RegExp("^" + C + v + "[^aeiouwxy]$");

var re_mgr0 = new RegExp(mgr0);

var re_mgr1 = new RegExp(mgr1);

var re_meq1 = new RegExp(meq1);

var re_s_v = new RegExp(s_v);

var re4_1b_2 = new RegExp("^" + C + v + "[^aeiouwxy]$");

var re3_5 = new RegExp("^" + C + v + "[^aeiouwxy]$");

fileName = (sourceFromStacktrace( 0 ) || "" ).replace(/(:\d+)+\)?/, "").replace(/.+\//, ""),

new RegExp(escapeRegExp(tags[0]) + "\\s*"),

new RegExp("\\s*" + escapeRegExp(tags[1]))

value = scanner.scanUntil(new RegExp('\\s*' + escapeRegExp('}' + tags[1])));

More info on how to fix Insecure Use of Regular Expressions in Javascript.


Insecure File Management (11)

xhr.open( options.type, options.url, options.async, options.username, options.password );

xhr.open( options.type, options.url, options.async, options.username, options.password );

var file = fs.readFileSync(url, 'utf8');

page.open(url, function(status) {

if (!fs.existsSync(destDir)) fs.mkdirSync(destDir);

fs.readdirSync(srcDir).forEach((file) => {

if (!fs.existsSync(versionDestDir)) fs.mkdirSync(versionDestDir);

const docs = JSON.parse(fs.readFileSync(srcPath));

fs.writeFileSync(destPath, docsForClass);

gulp.watch([

gulp.watch([

More info on how to fix Insecure File Management in Javascript.


Insecure Use of Dangerous Function (4)


const { spawn } = require('child_process');

system "git update-ref refs/heads/gh-pages #{commit}"

open(relative_name, 'w') do |f|

More info on how to fix Insecure Use of Dangerous Function in Javascript and Ruby.


Insecure Use of Crypto (6)



if (token !== void 0) out.push(token)

if (token === void 0) break

if (token !== void 0) out.push(token)

More info on how to fix Insecure Use of Crypto in Javascript.


Vulnerable Libraries (33)

More info on how to fix Vulnerable Libraries in Javascript and Ruby.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@kadirselcuk kadirselcuk merged commit 7571647 into master Dec 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant