[Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #57
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAWK-2808852
![jit-ci[bot]](https://avatars.githubusercontent.com/in/142441?s=60&v=4){kind=small}
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Arbitrary Code Execution In Handlebars
Description: tap>nyc>istanbul-reports>handlebars@4.0.11
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Arbitrary Code Execution In Handlebars
Description: tap>nyc>istanbul-reports>handlebars@4.0.11
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Prototype Pollution In Minimist
Description: _Paths from library to vulnerable dependencies:
- tap>nyc>mkdirp>minimist@0.0.8
- tap>nyc>caching-transform>mkdirp>minimist@0.0.8
- tap>nyc>istanbul-reports>handlebars>optimist>minimist@0.0.8_
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Remote Code Execution In Handlebars When Compiling Templates
Description: tap>nyc>istanbul-reports>handlebars@4.0.11
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Denial Of Service In Handlebars
Description: tap>nyc>istanbul-reports>handlebars@4.0.11
Severity: MEDIUM
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Regular Expression Denial Of Service (Redos) In Lodash
Description: _Paths from library to vulnerable dependencies:
- tap>nyc>istanbul-lib-instrument>babel-types>lodash@4.17.10
- tap>nyc>istanbul-lib-instrument>babel-generator>babel-types>lodash@4.17.10
- tap>nyc>istanbul-lib-instrument>babel-template>babel-traverse>babel-types>lodash@4.17.10_
Severity: MEDIUM
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Prototype Pollution In Handlebars
Description: tap>nyc>istanbul-reports>handlebars@4.0.11
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Regular Expression Denial Of Service In Handlebars
Description: tap>nyc>istanbul-reports>handlebars@4.0.11
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Prototype Pollution In Handlebars
Description: tap>nyc>istanbul-reports>handlebars@4.0.11
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
| @@ -10,6 +10,6 @@ | |||
| "dependencies": { | |||
| "node-uuid": "1.4.0", | |||
| "qs": "0.0.6", | |||
| "tap": "^5.8.0" | |||
| "tap": "^11.1.3" | |||
There was a problem hiding this comment.
Security control: Software Component Analysis Js
Type: Regular Expression Denial Of Service In Path-Parse
Description: tap>nyc>istanbul-lib-report>path-parse@1.0.5
Severity: MEDIUM
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 7.4
SNYK-JS-HAWK-2808852
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: tap
The new version differs by 250 commits.See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.