Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: async, resolve, chai, color, electron-notarize, electron-osx-sign, focus-trap, fs-admin, vscode-ripgrep, git-utils, temp, less-cache, mocha-junit-reporter, normalize-package-data, postcss, postcss-selector-parser, prebuild-install, semver, sinon, winreg, yargs #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

AKJUS
Copy link
Owner

@AKJUS AKJUS commented Sep 12, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

async
from 3.2.0 to 3.2.6 | 6 versions ahead of your current version | 24 days ago
on 2024-08-19
resolve
from 1.18.1 to 1.22.8 | 13 versions ahead of your current version | a year ago
on 2023-10-10
chai
from 4.3.4 to 4.5.0 | 9 versions ahead of your current version | 2 months ago
on 2024-07-25
color
from 3.1.3 to 3.2.1 | 3 versions ahead of your current version | 3 years ago
on 2021-07-18
electron-notarize
from 1.0.0 to 1.2.2 | 5 versions ahead of your current version | 2 years ago
on 2022-10-20
electron-osx-sign
from 0.5.0 to 0.6.0 | 1 version ahead of your current version | 3 years ago
on 2021-10-28
focus-trap
from 6.3.0 to 6.9.4 | 19 versions ahead of your current version | 2 years ago
on 2022-06-09
fs-admin
from 0.15.0 to 0.20.0 | 5 versions ahead of your current version | 3 years ago
on 2022-02-10
vscode-ripgrep
from 1.9.0 to 1.13.2 | 10 versions ahead of your current version | 3 years ago
on 2021-12-29
git-utils
from 5.7.1 to 5.7.3 | 2 versions ahead of your current version | 3 years ago
on 2021-07-08
temp
from 0.9.2 to 0.9.4 | 1 version ahead of your current version | 4 years ago
on 2020-11-10
less-cache
from 1.1.0 to 1.1.1 | 1 version ahead of your current version | 4 years ago
on 2020-12-11
mocha-junit-reporter
from 2.0.0 to 2.2.1 | 5 versions ahead of your current version | a year ago
on 2023-07-12
normalize-package-data
from 3.0.2 to 3.0.3 | 1 version ahead of your current version | 3 years ago
on 2021-08-18
postcss
from 8.2.10 to 8.4.41 | 59 versions ahead of your current version | a month ago
on 2024-08-05
postcss-selector-parser
from 6.0.4 to 6.1.2 | 15 versions ahead of your current version | a month ago
on 2024-08-12
prebuild-install
from 6.0.0 to 6.1.4 | 6 versions ahead of your current version | 3 years ago
on 2021-08-11
semver
from 7.3.2 to 7.6.3 | 16 versions ahead of your current version | 2 months ago
on 2024-07-16
sinon
from 9.2.1 to 9.2.4 | 3 versions ahead of your current version | 4 years ago
on 2021-01-23
winreg
from 1.2.4 to 1.2.5 | 1 version ahead of your current version | a year ago
on 2023-10-20
yargs
from 16.1.0 to 16.2.0 | 2 versions ahead of your current version | 4 years ago
on 2020-12-05

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908
586 No Known Exploit
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827
586 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GETFUNCNAME-5923417
586 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852
586 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
586 Proof of Concept
medium severity Prototype Pollution
npm:hoek:20180212
586 Proof of Concept
critical severity Authentication Bypass
SNYK-JS-HAWK-6969142
586 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692
586 No Known Exploit
Release notes
Package name: async from async GitHub release notes
Package name: resolve
  • 1.22.8 - 2023-10-10
    • [Tests] rename innocent test project to avoid flawed security scanners
    • [Tests] skip some tests for a broken require.resolve in node v8.9, v9.0-v9.2
  • 1.22.7 - 2023-10-10
    • [Tests] avoid publishing "malformed package.json" test to avoid flawed security scanners
  • 1.22.6 - 2023-09-15
    • [Fix] allow npx resolve to work (#316)
    • [actions] use reusable rebase action
  • 1.22.5 - 2023-09-14
    • [Fix] fix npx resolve by handling symlinks (#315)
    • [Dev Deps] update array.prototype.map
  • 1.22.4 - 2023-08-04
    • Revert "[Refactor] deprecated lib/core.js now uses data from is-core-module also"
    • [Deps] update is-core-module
    • [Dev Deps] update @ ljharb/eslint-config, aud, semver, tape
    • [meta] commit published core.json data
  • 1.22.3 - 2023-04-14
    • [Refactor] deprecated lib/core.js now uses data from is-core-module also
    • [Deps] update is-core-module
  • 1.22.2 - 2023-04-05
    • [Refactor] deprecated lib/core.js now uses is-core-module
    • [meta] cp core.json on prepack instead of prepublishOnly
    • [Deps] update is-core-module
    • [Dev Deps] update @ ljharb/eslint-config, aud, tape, array.prototype.map
  • 1.22.1 - 2022-06-17
    • [Fix] support windows virtual drive paths (#284)
    • [Deps] update is-core-module
    • [meta] use npmignore to autogenerate an npmignore file
    • [meta] do not publish appveyor.yml
    • [Dev Deps] update eslint, @ ljharb/eslint-config, tape
    • [Test] add tests for "main": false
    • [Tests] fix tests on node v12.0-12.2
    • [Test] add some sync coverage
    • [Test] fix incorrect require.resolve paths logic; enable these tests
    • [Tests] avoid tests breaking on node 11.11 - 11.13
  • 1.22.0 - 2022-01-22
    • [New] add default support for paths to include $HOME/.node_{modules,libraries} (#273)
    • [Deps] update is-core-module
  • 1.21.1 - 2022-01-21
  • 1.21.0 - 2022-01-03
  • 1.20.0 - 2021-02-11
  • 1.19.0 - 2020-11-10
  • 1.18.1 - 2020-10-19
from resolve GitHub release notes
Package name: chai from chai GitHub release notes
Package name: color
  • 3.2.1 - 2021-07-18

    Patch Release 3.2.1

    • Revert color-convert back down to <2 since v2 introduced ES6 syntax.

    If you need color-convert@>=2 then you'll need to have ES6 support. It's 2021, embrace it. 🙂

  • 3.2.0 - 2021-07-17

    Minor Release 3.2.0

    NOTE: This is the final release of color that uses ES5 syntax. For those following along, 4.0.0 was just released that switches to ES6 (const/let) syntax, which will (at some point) be followed by another major release that further switches to ES Modules entirely. This will be a sweeping change across the color package suite (color, color-string, color-convert). Keep a look out if these issues have been bothering you.

    • Bumps color convert to latest (fixes some issues with HCG)
    • Bumps mocha to latest
  • 3.1.4 - 2021-07-17
  • 3.1.3 - 2020-10-09
from color GitHub release notes
Package name: electron-notarize
  • 1.2.2 - 2022-10-20
  • 1.2.1 - 2022-03-24
  • 1.1.1 - 2021-09-02
  • 1.1.0 - 2021-08-06
  • 1.0.1 - 2021-07-31
  • 1.0.0 - 2020-06-09
from electron-notarize GitHub release notes
Package name: electron-osx-sign from electron-osx-sign GitHub release notes
Package name: focus-trap
  • 6.9.4 - 2022-06-09

    Patch Changes

    • f68882e: Fix docs and typings to clarify that initialFocus, fallbackFocus, and setReturnFocus options can be functions that also return selector strings.
  • 6.9.3 - 2022-05-25

    Patch Changes

    • 8a8b1f1: Bump tabbable to v5.3.3 to pick up a small bug fix to web component (shadow DOM) support.
  • 6.9.2 - 2022-05-10

    Patch Changes

    • ef0ce48: Handle unexpected param (true) passed as the value for the initialFocus, fallbackFocus, and setReturnFocus options: Ignore and perform default behavior.
  • 6.9.1 - 2022-05-06

    Patch Changes

    • 83262a7: Bumps tabbable to v5.3.2 to pick-up a fix to displayCheck=full (default) option behavior that caused issues with detached nodes.
  • 6.9.0 - 2022-04-28

    Minor Changes

    • 2a57e4b: Add new trap.active and trap.paused readonly state properties on the trap so that the trap's active/paused state can be queried.

    Patch Changes

    • 8fd49df: Fixed bug where clickOutsideDeactivate handler would get called on the 'click' event even if the node clicked was in the trap. As with 'mousedown' and 'touchstart' events where this option is also used, the handler should only get called if the target node is outside the trap.
    • c32c60a: Fixed: onDeactivate, onPostDeactivate, and checkCanReturnFocus options originally given to createFocusTrap() were not being used by default when calling trap.deactivate({...}) with an option set even if that option set didn't specify any overrides of these options.
  • 6.8.1 - 2022-04-22

    Patch Changes

    • 7c86111:
      • Bump tabbable to ^5.3.1 (fixing previous update which was incorrectly set to 5.3.0).
      • Fix tabbableOptions not being used in all internal uses of tabbable APIs.
      • Expose displayCheck option in tabbableOptions typings and pass it through to tabbable APIs.
      • Add info to README about testing traps in JSDom (which is not officially supported).
  • 6.8.0 - 2022-04-20

    Minor Changes

    • 21458c9: Bumps tabbable to v5.3.0 and includes all changes from the past v6.8.0 beta releases. The big new feature is opt-in Shadow DOM support in tabbable, and a new getShadowRoot tabbable option exposed in a new tabbableOptions focus-trap config option.
  • 6.8.0-beta.2 - 2022-03-12
  • 6.8.0-beta.1 - 2022-02-12

    6.8.0-beta.1

  • 6.8.0-beta.0 - 2022-01-28

    6.8.0-beta.0

  • 6.7.3 - 2022-02-09

    Patch Changes

    • ab20d3d: Fix issue with focusing negative tabindex node and then tabbing away when this node is not the last node in the trap's container ((#611)[https://github.com//issues/611])
  • 6.7.2 - 2022-01-12
  • 6.7.1 - 2021-09-27
  • 6.7.0 - 2021-09-24
  • 6.6.1 - 2021-08-14
  • 6.6.0 - 2021-07-01
  • 6.5.1 - 2021-06-18
  • 6.5.0 - 2021-06-07
  • 6.4.0 - 2021-04-20
  • 6.3.0 - 2021-01-16
from focus-trap GitHub release notes
Package name: fs-admin
  • 0.20.0 - 2022-02-10
    No content.
  • 0.19.0 - 2021-04-27

    Infrastructure

    • Ported native module to N-API - #105
    • Switch to N-API prebuilds - #106

    dependencies updates

    • Bump prebuild-install from 6.0.1 to 6.1.1

    devDependencies updates

    • Bump node-gyp from 7.1.2 to 8.0.0
  • 0.18.0 - 2021-03-25

    Infrastructure

    • Drop prebuilds for unsupported versions of Node and Electron - #102
  • 0.17.0 - 2021-03-25

    Infrastructure

    • Electron 12 prebuilds are now available - #100

    dependencies updates

    • Bump prebuild-install from 6.0.0 to 6.0.1

    devDependencies updates

    • Bump ini from 1.3.5 to 1.3.7
    • Bump mocha from 8.2.1 to 8.3.2
    • Bump node-abi from 2.19.3 to 2.21.0
  • 0.16.0 - 2020-12-06

    Infrastructure:

    • Added prebuild support for latest Electron and Node versions - #91, thanks @ dennisameling!
    • Fix for CodeQL workflow failures - #92

    dependencies updates:

    • Bump node-abi from 2.18.0 to 2.19.3
    • Bump nan from 2.14.1 to 2.14.2

    devDependencies updates:

    • Bump mocha from 8.0.1 to 8.2.1
    • Bump node-gyp from 7.0.0 to 7.1.2
    • Bump standard from 14.3.4 to 16.0.3
    • Bump prebuild from 10.0.0 to 10.0.1
    • Bump temp from 0.9.1 to 0.9.4
  • 0.15.0 - 2020-07-19

    Infrastructure:

    • Added prebuild support for Electron 9 - #61

    dependencies updates:

    • Bump node-abi from 2.15.0 to 2.18.0
    • Bump prebuild-install from 5.3.3 to 5.3.5

    devDependencies updates:

    • Bump mocha from 7.0.1 to 8.0.1
    • Bump node-gyp from 6.1.0 to 7.0.0
    • Bump standard from 14.3.1 to 14.3.3

    Note: version 0.14.0 was skipped due to a mistake made while publishing

from fs-admin GitHub release notes
Package name: vscode-ripgrep
  • 1.13.2 - 2021-12-29
  • 1.13.1 - 2021-12-28
  • 1.13.0 - 2021-12-28
  • 1.12.1 - 2021-09-30
  • 1.12.0 - 2021-06-16
  • 1.11.3 - 2021-04-12
  • 1.11.2 - 2021-02-23
  • 1.11.1 - 2020-11-17
  • 1.11.0 - 2020-11-06
  • 1.10.0 - 2020-10-30
  • 1.9.0 - 2020-09-08
from vscode-ripgrep GitHub release notes
Package name: git-utils
  • 5.7.3 - 2021-07-08
  • 5.7.2 - 2021-06-21
  • 5.7.1 - 2021-01-14
from git-utils GitHub release notes
Package name: temp from temp GitHub release notes
Package name: less-cache from less-cache GitHub release notes
Package name: mocha-junit-reporter from mocha-junit-reporter GitHub release notes
Package name: normalize-package-data from normalize-package-data GitHub release notes
Package name: postcss
  • 8.4.41 - 2024-08-05
  • 8.4.40 - 2024-07-24
    • Moved to getter/setter in nodes types to help Sass team (by @ nex3).
  • 8.4.39 - 2024-06-29
  • 8.4.38 - 2024-03-20
  • 8.4.37 - 2024-03-19
    • Fixed original.column are not numbers error in another case.
  • 8.4.36 - 2024-03-17
    • Fixed original.column are not numbers error on broken previous source map.
  • 8.4.35 - 2024-02-07
  • 8.4.34 - 2024-02-05
  • 8.4.33 - 2024-01-04
  • 8.4.32 - 2023-12-02
  • 8.4.31 - 2023-09-28
  • 8.4.30 - 2023-09-18
  • 8.4.29 - 2023-08-29
  • 8.4.28 - 2023-08-15
  • 8.4.27 - 2023-07-21
  • 8.4.26 - 2023-07-13
  • 8.4.25 - 2023-07-06
  • 8.4.24 - 2023-05-28
  • 8.4.23 - 2023-04-19
  • 8.4.22 - 2023-04-16
  • 8.4.21 - 2023-01-06
  • 8.4.20 - 2022-12-11
  • 8.4.19 - 2022-11-10
  • 8.4.18 - 2022-10-12
  • 8.4.17 - 2022-09-30
  • 8.4.16 - 2022-08-06
  • 8.4.15 - 2022-08-06
  • 8.4.14 - 2022-05-18
  • 8.4.13 - 2022-04-30
  • 8.4.12 - 2022-03-16
  • 8.4.11 - 2022-03-15
  • 8.4.10 - 2022-03-15
  • 8.4.9 - 2022-03-15
  • 8.4.8 - 2022-03-07
  • 8.4.7 - 2022-02-24
  • 8.4.6 - 2022-02-01
  • 8.4.5 - 2021-12-13
  • 8.4.4 - 2021-11-27
  • 8.4.3 - 2021-11-26
  • 8.4.2 - 2021-11-26
  • 8.4.1 - 2021-11-24
  • 8.4.0 - 2021-11-24
  • 8.3.11 - 2021-10-21
  • 8.3.10 - 2021-10-20
  • 8.3.9 - 2021-10-04
  • 8.3.8 - 2021-09-25
  • 8.3.7 - 2021-09-22
  • 8.3.6 - 2021-07-21
  • 8.3.5 - 2021-06-17
  • 8.3.4 - 2021-06-14
  • 8.3.3 - 2021-06-14
  • 8.3.2 - 2021-06-11
  • 8.3.1 - 2021-06-09
  • 8.3.0 - 2021-05-21
  • 8.2.15 - 2021-05-10
  • 8.2.14 - 2021-05-05
  • 8.2.13 - 2021-04-26
  • 8.2.12 - 2021-04-22
  • 8.2.11 - 2021-04-22
  • 8.2.10 - 2021-04-11
from postcss GitHub release notes
Package name: postcss-selector-parser
  • 6.1.2 - 2024-08-12

    6.1.2

    • Fixed: erroneous trailing combinators in pseudos
  • 6.1.1 - 2024-07-11

    6.1.1

    • Fixed: improve typings of constructor helpers (#292)
  • 6.1.0 - 2024-05-22

    6.1.0

    • Feature: add sourceIndex to Selector nodes (#290)
  • 6.0.16 - 2024-03-13

    6.0.16

    • Fixed: add missing index argument to each/walk callback types (#289)
  • 6.0.15 - 2023-12-29

    6.0.15

    • Fixed: Node#prev and Node#next type for the first/last node
  • 6.0.14 - 2023-12-25

    6.0.14

    • Fixed: type definitions
  • 6.0.13 - 2023-05-15

    6.0.13

    • Fixed: throw on unexpected pipe symbols
  • 6.0.12 - 2023-04-29

    6.0.12

    • Fixed: clone arguments should be optional
  • 6.0.11 - 2022-11-20

    6.0.11

    • Fixed: parse attribute case insensitivity flag
  • 6.0.10 - 2022-03-30

    6.0.10

    • Fixed: isPseudoElement() supports :first-letter

Snyk has created this PR to upgrade:
  - async from 3.2.0 to 3.2.6.
    See this package in npm: https://www.npmjs.com/package/async
  - resolve from 1.18.1 to 1.22.8.
    See this package in npm: https://www.npmjs.com/package/resolve
  - chai from 4.3.4 to 4.5.0.
    See this package in npm: https://www.npmjs.com/package/chai
  - color from 3.1.3 to 3.2.1.
    See this package in npm: https://www.npmjs.com/package/color
  - electron-notarize from 1.0.0 to 1.2.2.
    See this package in npm: https://www.npmjs.com/package/electron-notarize
  - electron-osx-sign from 0.5.0 to 0.6.0.
    See this package in npm: https://www.npmjs.com/package/electron-osx-sign
  - focus-trap from 6.3.0 to 6.9.4.
    See this package in npm: https://www.npmjs.com/package/focus-trap
  - fs-admin from 0.15.0 to 0.20.0.
    See this package in npm: https://www.npmjs.com/package/fs-admin
  - vscode-ripgrep from 1.9.0 to 1.13.2.
    See this package in npm: https://www.npmjs.com/package/vscode-ripgrep
  - git-utils from 5.7.1 to 5.7.3.
    See this package in npm: https://www.npmjs.com/package/git-utils
  - temp from 0.9.2 to 0.9.4.
    See this package in npm: https://www.npmjs.com/package/temp
  - less-cache from 1.1.0 to 1.1.1.
    See this package in npm: https://www.npmjs.com/package/less-cache
  - mocha-junit-reporter from 2.0.0 to 2.2.1.
    See this package in npm: https://www.npmjs.com/package/mocha-junit-reporter
  - normalize-package-data from 3.0.2 to 3.0.3.
    See this package in npm: https://www.npmjs.com/package/normalize-package-data
  - postcss from 8.2.10 to 8.4.41.
    See this package in npm: https://www.npmjs.com/package/postcss
  - postcss-selector-parser from 6.0.4 to 6.1.2.
    See this package in npm: https://www.npmjs.com/package/postcss-selector-parser
  - prebuild-install from 6.0.0 to 6.1.4.
    See this package in npm: https://www.npmjs.com/package/prebuild-install
  - semver from 7.3.2 to 7.6.3.
    See this package in npm: https://www.npmjs.com/package/semver
  - sinon from 9.2.1 to 9.2.4.
    See this package in npm: https://www.npmjs.com/package/sinon
  - winreg from 1.2.4 to 1.2.5.
    See this package in npm: https://www.npmjs.com/package/winreg
  - yargs from 16.1.0 to 16.2.0.
    See this package in npm: https://www.npmjs.com/package/yargs

See this project in Snyk:
https://app.snyk.io/org/akjus/project/43fd5737-b2f6-4f9b-aa40-0dfc797cce2a?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants