Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @truffle/contract from 4.3.15 to 4.3.20 #70

Closed
wants to merge 1 commit into from
Closed

[Snyk] Security upgrade @truffle/contract from 4.3.15 to 4.3.20 #70

wants to merge 1 commit into from

Conversation

plamarque
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 No No Known Exploit
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 No No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 No Proof of Concept
high severity 761/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.8		 Information Exposure
SNYK-JS-SIMPLEGET-2361683		 No Proof of Concept
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 No No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 No No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 No No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579147		 No No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579152		 No No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579155		 No No Known Exploit
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5		 Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @truffle/contract The new version differs by 175 commits.
  • c7b6e02 Publish
  • e4c0177 Merge pull request #4106 from trufflesuite/add-optimism-source-fetcher
  • 2269401 add optimistic kovan
  • 9f15c0c Merge branch 'develop' of https://github.com/trufflesuite/truffle into add-optimism-source-fetcher
  • 3723072 Merge pull request #4087 from trufflesuite/double-break
  • 30e9926 Merge pull request #4092 from trufflesuite/fix/listener-removal
  • c92b121 Borrow suggested removeListener implementation
  • 771b2f0 Rewrite warning message
  • 9ad3a8a Remove extra intermediary variables
  • a1dc117 Merge pull request #4089 from trufflesuite/revert-4075-revert-4037-update-ens-dep
  • c61ad64 Merge pull request #4101 from trufflesuite/dockster
  • 91ee241 Merge pull request #4100 from trufflesuite/binary-null
  • 0575ba5 Wrap usage in try/finally blocks
  • 7dd0d38 Merge pull request #4098 from trufflesuite/research/spurned-promises
  • fff07a4 Fix use of Docker with --fetch-external
  • 54ae489 Prevent crash from cbor null
  • b946461 Readability refactor
  • a9ef283 Merge pull request #4094 from trufflesuite/autoversion
  • d4a930f Merge branch 'develop' into autoversion
  • 15e07aa Merge pull request #4095 from trufflesuite/error-crash
  • a30668f Reorganize version extraction code
  • 0354f0d Fix two debugger crashes
  • b478c61 Detect solc version from CBOR if absent in artifact
  • d4d3467 research: unhandledRejection tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

@boubaker boubaker closed this Aug 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@plamarque @boubaker @snyk-bot