Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: , jssha, locutus, openpgp, papaparse, webextension-polyfill, passbolt-styleguide, validator #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: , jssha, locutus, openpgp, papaparse, webextension-polyfill, passbolt-styleguide, validator #12

wants to merge 1 commit into from

Conversation

TheJ-Erk400
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@xmldom/xmldom
from 0.7.9 to 0.8.10 | 15 versions ahead of your current version | a year ago
on 2023-07-19
jssha
from 3.2.0 to 3.3.1 | 2 versions ahead of your current version | a year ago
on 2023-08-04
locutus
from 2.0.16 to 2.0.32 | 4 versions ahead of your current version | 5 months ago
on 2024-04-06
openpgp
from 5.2.1 to 5.11.2 | 14 versions ahead of your current version | 3 months ago
on 2024-06-19
papaparse
from 5.3.2 to 5.4.1 | 2 versions ahead of your current version | a year ago
on 2023-03-23
webextension-polyfill
from 0.9.0 to 0.12.0 | 3 versions ahead of your current version | 4 months ago
on 2024-05-14
passbolt-styleguide
from 3.12.1 to 3.12.3 | 2 versions ahead of your current version | a year ago
on 2023-03-28
validator
from 13.7.0 to 13.12.0 | 3 versions ahead of your current version | 4 months ago
on 2024-05-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Improper Verification of Cryptographic Signature
SNYK-JS-OPENPGP-5871276		 429 No Known Exploit
Release notes
Package name: @xmldom/xmldom
  • 0.8.10 - 2023-07-19

    Commits

    Fixed

    • dom: prevent iteration over deleted items #514/ #499

    Thank you, @ qtow, for your contributions

  • 0.8.9 - 2023-07-13

    Commits

    Fixed

    • Set nodeName property in ProcessingInstruction #509 / #505

    Thank you, @ cjbarth, for your contributions

  • 0.8.8 - 2023-05-30
  • 0.8.7 - 2023-03-31
  • 0.8.6 - 2022-11-05
  • 0.8.5 - 2022-10-31
  • 0.8.4 - 2022-10-29
  • 0.8.3 - 2022-10-11
  • 0.8.2 - 2022-04-05
  • 0.8.1 - 2022-02-14
  • 0.8.0 - 2021-12-22
  • 0.7.13 - 2023-07-19

    Commits

    Fixed

    • dom: prevent iteration over deleted items #514/ #499

    Thank you, @ qtow, for your contributions

  • 0.7.12 - 2023-07-13

    Commits

    Fixed

    • Set nodeName property in ProcessingInstruction #509 / #505

    Thank you, @ cjbarth, for your contributions

  • 0.7.11 - 2023-05-30
  • 0.7.10 - 2023-03-31
  • 0.7.9 - 2022-11-05
from @xmldom/xmldom GitHub release notes
Package name: jssha
  • 3.3.1 - 2023-08-04
    • Support latest method of defining type imports (#103, thanks @ faljse!).
  • 3.3.0 - 2022-10-10
    • .update() method now returns a reference to the jsSHA object to allow for method chaining (#100, thanks @ ADTC!).
    • Correct bad URL in README (#99, thanks @ jbjulia!).
  • 3.2.0 - 2020-12-07

    Changelog for this release:

    • Added ESM versions of all variants (thanks wKovacs64!).
from jssha GitHub release notes
Package name: locutus from locutus GitHub release notes
Package name: openpgp
  • 5.11.2 - 2024-06-19

    What's Changed

    • openpgp.verify: fix bug preventing verification of detached signatures over streamed data (#1762)

    Full Changelog: v5.11.1...v5.11.2

  • 5.11.1 - 2024-02-19

    What's Changed

    • Patch for Node v18.19.1+, 20.11.1+ and 21.6.2+: use JS fallback code for RSA decryption on Node when PKCS#1 is not supported (see #1728).

    Full Changelog: v5.11.0...v5.11.1

  • 5.11.0 - 2023-10-25

    What's Changed

    Full Changelog: v5.10.2...v5.11.0

  • 5.10.2 - 2023-09-18

    What's Changed

    • Fix CFB decryption performance in JS fallback for ciphers other than AES (#1679)
    • Minor: fix packet validity check for new curve25519 keys without key flags

    Full Changelog: v5.10.1...v5.10.2

  • 5.10.1 - 2023-08-29

    Reject cleartext messages with extraneous data preceeding hash, addressing: GHSA-ch3c-v47x-4pgp.

  • 5.10.0 - 2023-08-29
    • crypto-refresh: add support for new Ed25519/X25519 keys, signatures and messages (#1620)
    • Support parsing encrypted key with unknown s2k types or cipher algos (#1658)
    • Fix forward compatibility of keys, SKESKs, and detached/cleartext signatures and ECDH (#1656)

    This release does not include any breaking changes.

    Full Changelog: v5.9.0...v5.10.0

  • 5.9.0 - 2023-05-15
  • 5.8.0 - 2023-04-18
  • 5.7.0 - 2023-02-21
  • 5.6.0 - 2023-02-16
  • 5.5.0 - 2022-08-31
  • 5.4.0 - 2022-08-08
  • 5.3.1 - 2022-06-29
  • 5.3.0 - 2022-06-08
  • 5.2.1 - 2022-03-15
from openpgp GitHub release notes
Package name: papaparse from papaparse GitHub release notes
Package name: webextension-polyfill from webextension-polyfill GitHub release notes
Package name: passbolt-styleguide from passbolt-styleguide GitHub release notes
Package name: validator

@snyk-bot
fix: upgrade multiple dependencies with Snyk
7591d82 
Snyk has created this PR to upgrade:
  - @xmldom/xmldom from 0.7.9 to 0.8.10.
    See this package in npm: https://www.npmjs.com/package/@xmldom/xmldom
  - jssha from 3.2.0 to 3.3.1.
    See this package in npm: https://www.npmjs.com/package/jssha
  - locutus from 2.0.16 to 2.0.32.
    See this package in npm: https://www.npmjs.com/package/locutus
  - openpgp from 5.2.1 to 5.11.2.
    See this package in npm: https://www.npmjs.com/package/openpgp
  - papaparse from 5.3.2 to 5.4.1.
    See this package in npm: https://www.npmjs.com/package/papaparse
  - webextension-polyfill from 0.9.0 to 0.12.0.
    See this package in npm: https://www.npmjs.com/package/webextension-polyfill
  - passbolt-styleguide from 3.12.1 to 3.12.3.
    See this package in npm: https://www.npmjs.com/package/passbolt-styleguide
  - validator from 13.7.0 to 13.12.0.
    See this package in npm: https://www.npmjs.com/package/validator

See this project in Snyk:
https://app.snyk.io/org/snowcittysecuritysolutions/project/e73061f2-8cbc-4f0b-b8f0-7e8763b77a13?utm_source=github&utm_medium=referral&page=upgrade-pr
@stackblitz StackBlitz
Copy link

stackblitz bot commented Sep 7, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@xmldom/xmldom@0.8.10 None 0 182 kB karfau

🚮 Removed packages: npm/@xmldom/xmldom@0.7.9)

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TheJ-Erk400 @snyk-bot