Skip to content

[Snyk] Fix for 24 vulnerabilities#17

Open
JackovAlltrades wants to merge 1 commit intodevelopfrom
snyk-fix-fce040600a1de7a988a4e1bc5309be14
Open

[Snyk] Fix for 24 vulnerabilities#17
JackovAlltrades wants to merge 1 commit intodevelopfrom
snyk-fix-fce040600a1de7a988a4e1bc5309be14

Conversation

@JackovAlltrades
Copy link
Owner

@JackovAlltrades JackovAlltrades commented Dec 20, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
medium severity 554/1000
Why? Has a fix available, CVSS 6.8		 Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Timing Attack
SNYK-JS-ELLIPTIC-511941		 No No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 No Proof of Concept
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 No No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-INI-1048974		 No Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2		 Prototype Pollution
SNYK-JS-LODASH-567746		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 No Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 No Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 XML External Entity (XXE) Injection
SNYK-JS-XMLDOM-1084960		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Improper Input Validation
SNYK-JS-XMLDOM-1534562		 No No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Prototype Pollution
SNYK-JS-XMLDOM-3042242		 No No Known Exploit
critical severity 811/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.8		 Improper Input Validation
SNYK-JS-XMLDOM-3092935		 No Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @solid/query-ldflex The new version differs by 41 commits.
  • bfd9f3a Release version 2.10.0 of the npm package.
  • a508634 Explain rdflib.js usage.
  • fca6f1b Use new @ ldflex/comunica package.
  • a12ec64 Generate rdflib build.
  • bf1bc4c Add rdflib-specific export.
  • bfb263f Add Comunica-specific export as default.
  • 8fe2fc3 Separate root path and export.
  • 19293bd Make SubjectPathResolver independent of Comunica.
  • 220576e Make update engine independent of Comunica.
  • eeddee8 Move handlers and resolvers into folders.
  • f8b619a Upgrade dependencies.
  • 5cdcb70 Don't use environment variables.
  • 594bf89 Correct string quotes.
  • f08ec40 Release version 2.9.0 of the npm package.
  • ac195c6 Upgrade dependencies.
  • 079b521 Build demo minified.
  • b1fbe4a Release version 2.8.1 of the npm package.
  • 9cbd831 Report webpack progress.
  • 6f13e8d Upgrade dependencies.
  • b7054b1 Build with locked dependencies.
  • 4d757b6 link to new website
  • d9aa14f Release version 2.8.0 of the npm package.
  • a3c795c Export webpack configurations.
  • 4867ec1 Do not shim the Streams API.

See the full diff

Package name: jsonld The new version differs by 46 commits.
  • aff94e1 Release 5.0.0.
  • 85687f7 Update changelog.
  • 727739f Avoid header param mutation.
  • 29df460 Add note about user-agent note.
  • 1046c29 Avoid extra JSON.stringify().
  • 799d22c Update dependencies.
  • ce32d7d Cleanup.
  • 28ab800 Remove unused dependency.
  • 04d9aae Node.js document loader updates.
  • d12b4e3 Ignore nyc output.
  • 2c41fb4 Support Node.js >= 12.
  • 5e44c20 Remove unneeded await.
  • b56999b Distribute ES Module bundle.
  • aa8f0cc Switch to Babel 'usage' mode.
  • b119cf8 Formatting.
  • 22c8023 Remove unused plugins option.
  • 6981a04 Update dependencies.
  • 0649324 Remove unused commander dependency.
  • 1779e3f Test in faster development mode.
  • a9c086f Update CHANGELOG to reflect latest changes.
  • 9fc8074 Include .js extension in browser alias for node documentLoader.
  • 34f00af Do not include node documentLoader in browser build.
  • ddce29c Use an httpsAgent with StrictSSL & user headers getters for other headers.
  • d99c855 Use headers.set not =.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Cryptographic Issues
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
32a0a78 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960
- https://snyk.io/vuln/SNYK-JS-XMLDOM-1534562
- https://snyk.io/vuln/SNYK-JS-XMLDOM-3042242
- https://snyk.io/vuln/SNYK-JS-XMLDOM-3092935
- https://snyk.io/vuln/npm:debug:20170905
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JackovAlltrades @snyk-bot