New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 8 vulnerabilities #2

Merged

BiancaStoita merged 1 commit into master from snyk-fix-c092b2118a57cbeefea663b531e24c81

Jul 27, 2022

Owner

BiancaStoita commented Jul 27, 2022

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- goof/package.json
- goof/package-lock.json
- goof/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	/1000 Why?	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	/1000 Why?	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 53 commits.

b2659a7 1.18.2
6339bf7 perf: remove argument reassignment
d5f9a4a deps: debug@2.6.9
d041563 1.18.1
9efa9ab deps: content-type@~1.0.4
f1ef6cc deps: qs@6.5.1
e438db5 deps: raw-body@2.3.2
15c3585 deps: iconv-lite@0.4.19
adfa01c 1.18.0
0632e2f Include the "type" property on all generated errors
b8f97cd Include the "body" property on verify errors
c659e8a tests: add test for err.body on json parse error
4e15325 tests: reorganize json error tests
5bd7ed5 tests: reorganize json strict option tests
3cb380b tests: store server on mocha context instead of variable shadowing
29c8cd0 docs: document too many parameters error
7b9cb14 Use http-errors to set status code on errors
29a27f1 docs: fix typo in jsdoc comment
448dc57 Fix JSON strict violation error to match native parse error
87df7e6 tests: add leading whitespace strict json test
1841248 deps: raw-body@2.3.1
e666dbe deps: http-errors@~1.6.2
c2a110a deps: bytes@3.0.0
a1a2e31 build: Node.js@8.4

See the full diff

Package name: tap

The new version differs by 250 commits.

bc49fb7 15.0.0
4378608 remove publishConfig beta tag
2c2e75f provide mkdirRecursive polyfill for old node versions
8f4c855 correctly specify 10.0.x versions
5e61672 update deps
c44c418 Support 10.0 and test in CI
dc5c841 tcompare@5.0.4
385b6d2 Add .taprc.yml/yaml handling to change log
4f87466 just run regular test script as snap script
315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
564e96f Add detection for .yaml and .yml
75bae93 update cli doc
c1289bf 15.0.0-3
d6fe32f Do not CI on node 10
d2e0428 do not use equals() alias in self-test
3f787c4 tell npm to be colorful in CI
1512818 run tests with color on github actions
4626fa1 Docs: update documentation for tap v15
02d536b libtap@1.0.1
f7c7c58 update cli doc
2aa497c 15.0.0-2
8d7f62e Add support for overriding libtap's internal settings
29eed63 new snapshot folder layout
3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.


          fix: goof/package.json, goof/package-lock.json & goof/.snyk to reduce…

fe9f993

… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-MOMENT-2944238
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:mem:20180117
- https://snyk.io/vuln/npm:ms:20170412


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746

BiancaStoita merged commit 978ca43 into master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet