Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade tap from 12.0.0 to 18.7.0 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade tap from 12.0.0 to 18.7.0 #3

wants to merge 1 commit into from

Conversation

WontonSam
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade tap from 12.0.0 to 18.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 233 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2024-01-25.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 No Known Exploit
Denial of Service (DoS)
npm:mem:20180117		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:braces:20180219		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962463		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 No Known Exploit
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: tap
  • 18.7.0 - 2024-01-25
  • 18.6.1 - 2023-11-16
  • 18.6.0 - 2023-11-16
  • 18.5.8 - 2023-11-13
  • 18.5.7 - 2023-11-04
  • 18.5.6 - 2023-11-03
  • 18.5.5 - 2023-11-03
  • 18.5.4 - 2023-10-31
  • 18.5.3 - 2023-10-28
  • 18.5.2 - 2023-10-16
  • 18.5.1 - 2023-10-15
  • 18.5.0 - 2023-10-11
  • 18.4.6 - 2023-10-10
  • 18.4.5 - 2023-10-09
  • 18.4.4 - 2023-10-08
  • 18.4.3 - 2023-10-05
  • 18.4.2 - 2023-10-02
  • 18.4.1 - 2023-10-01
  • 18.4.0 - 2023-09-29
  • 18.3.1 - 2023-09-29
  • 18.3.0 - 2023-09-28
  • 18.2.2 - 2023-09-28
  • 18.2.1 - 2023-09-28
  • 18.2.0 - 2023-09-27
  • 18.1.5 - 2023-09-26
  • 18.1.4 - 2023-09-24
  • 18.1.3 - 2023-09-24
  • 18.1.2 - 2023-09-24
  • 18.1.1 - 2023-09-23
  • 18.1.0 - 2023-09-23
  • 18.0.4 - 2023-09-18
  • 18.0.3 - 2023-09-17
  • 18.0.2 - 2023-09-17
  • 18.0.1 - 2023-09-15
  • 18.0.0 - 2023-09-15
  • 18.0.0-26 - 2023-09-13
  • 18.0.0-25 - 2023-09-10
  • 18.0.0-24 - 2023-09-05
  • 18.0.0-23 - 2023-09-03
  • 18.0.0-22 - 2023-09-01
  • 18.0.0-21 - 2023-08-29
  • 18.0.0-20 - 2023-08-27
  • 18.0.0-19 - 2023-08-21
  • 18.0.0-18 - 2023-08-20
  • 18.0.0-17 - 2023-08-18
  • 18.0.0-16 - 2023-08-17
  • 18.0.0-15 - 2023-08-15
  • 18.0.0-14 - 2023-08-12
  • 18.0.0-13 - 2023-08-09
  • 18.0.0-12 - 2023-08-07
  • 18.0.0-11 - 2023-08-07
  • 18.0.0-10 - 2023-08-07
  • 18.0.0-9 - 2023-08-07
  • 18.0.0-8 - 2023-08-07
  • 18.0.0-7 - 2023-08-07
  • 18.0.0-6 - 2023-08-06
  • 18.0.0-5 - 2023-08-06
  • 18.0.0-4 - 2023-08-04
  • 18.0.0-3 - 2023-08-04
  • 18.0.0-2 - 2023-08-04
  • 18.0.0-1 - 2023-08-04
  • 16.3.10 - 2023-12-15
  • 16.3.9 - 2023-09-27
  • 16.3.8 - 2023-07-30
  • 16.3.7 - 2023-06-22
  • 16.3.6 - 2023-06-04
  • 16.3.5 - 2023-06-04
  • 16.3.4 - 2023-01-16
  • 16.3.3 - 2023-01-09
  • 16.3.2 - 2022-11-16
  • 16.3.1 - 2022-11-13
  • 16.3.0 - 2022-06-17
  • 16.2.0 - 2022-05-04
  • 16.1.0 - 2022-04-25
  • 16.0.1 - 2022-03-22
  • 16.0.0 - 2022-03-05
  • 15.2.3 - 2022-03-05
  • 15.2.2 - 2022-03-05
  • 15.2.1 - 2022-03-05
  • 15.2.0 - 2022-03-05
  • 15.1.6 - 2022-01-04
  • 15.1.5 - 2021-11-26
  • 15.1.4 - 2021-11-26
  • 15.1.3 - 2021-11-26
  • 15.1.2 - 2021-11-18
  • 15.1.1 - 2021-11-17
  • 15.1.0 - 2021-11-16
  • 15.0.10 - 2021-09-21
  • 15.0.9 - 2021-05-07
  • 15.0.8 - 2021-05-07
  • 15.0.7 - 2021-05-06
  • 15.0.6 - 2021-04-29
  • 15.0.5 - 2021-04-24
  • 15.0.4 - 2021-04-20
  • 15.0.3 - 2021-04-20
  • 15.0.2 - 2021-04-05
  • 15.0.1 - 2021-04-01
  • 15.0.0 - 2021-03-31
  • 15.0.0-3 - 2021-03-26
  • 15.0.0-2 - 2021-02-23
  • 15.0.0-1 - 2021-02-18
  • 15.0.0-0 - 2021-02-17
  • 14.11.0 - 2020-11-16
  • 14.10.8 - 2020-07-21
  • 14.10.7 - 2020-03-20
  • 14.10.6 - 2020-01-14
  • 14.10.5 - 2019-12-18
  • 14.10.4 - 2019-12-16
  • 14.10.3 - 2019-12-16
  • 14.10.2 - 2019-11-25
  • 14.10.2-unbundled - 2019-11-26
  • 14.10.2-totally-bundled.1 - 2019-11-27
  • 14.10.2-totally-bundled - 2019-11-27
  • 14.10.1 - 2019-11-21
  • 14.10.0 - 2019-11-21
  • 14.9.2 - 2019-11-06
  • 14.9.1 - 2019-10-30
  • 14.9.0 - 2019-10-30
  • 14.8.3 - 2019-10-30
  • 14.8.2 - 2019-10-22
  • 14.8.1 - 2019-10-22
  • 14.8.0 - 2019-10-21
  • 14.7.3 - 2019-10-20
  • 14.7.2 - 2019-10-18
  • 14.7.1 - 2019-10-16
  • 14.7.0 - 2019-10-14
  • 14.6.9 - 2019-09-30
  • 14.6.8 - 2019-09-30
  • 14.6.7 - 2019-09-29
  • 14.6.6 - 2019-09-29
  • 14.6.5 - 2019-09-23
  • 14.6.4 - 2019-09-15
  • 14.6.3 - 2019-09-15
  • 14.6.2 - 2019-09-10
  • 14.6.1 - 2019-08-04
  • 14.6.0 - 2019-08-04
  • 14.5.0 - 2019-07-28
  • 14.4.3 - 2019-07-22
  • 14.4.2 - 2019-07-17
  • 14.4.1 - 2019-07-03
  • 14.4.0 - 2019-07-02
  • 14.3.1 - 2019-06-25
  • 14.3.0 - 2019-06-25
  • 14.2.5 - 2019-06-22
  • 14.2.4 - 2019-06-19
  • 14.2.3 - 2019-06-14
  • 14.2.2 - 2019-06-05
  • 14.2.1 - 2019-06-04
  • 14.2.0 - 2019-05-28
  • 14.1.11 - 2019-05-24
  • 14.1.10 - 2019-05-23
  • 14.1.9 - 2019-05-23
  • 14.1.8 - 2019-05-23
  • 14.1.7 - 2019-05-22
  • 14.1.6 - 2019-05-22
  • 14.1.5 - 2019-05-22
  • 14.1.4 - 2019-05-22
  • 14.1.3 - 2019-05-21
  • 14.1.2 - 2019-05-21
  • 14.1.1 - 2019-05-20
  • 14.1.0 - 2019-05-20
  • 14.0.0 - 2019-05-18
  • 13.1.11 - 2019-05-17
  • 13.1.10 - 2019-05-17
  • 13.1.9 - 2019-05-14
  • 13.1.8 - 2019-05-11
  • 13.1.7 - 2019-05-10
  • 13.1.6 - 2019-05-09
  • 13.1.5 - 2019-05-08
  • 13.1.4 - 2019-05-08
  • 13.1.3 - 2019-05-08
  • 13.1.2 - 2019-05-01
  • 13.1.1 - 2019-04-29
  • 13.1.0 - 2019-04-28
  • 13.0.4 - 2019-04-27
  • 13.0.3 - 2019-04-26
  • 13.0.1 - 2019-04-26
  • 13.0.0 - 2019-04-26
  • 13.0.0-rc.30 - 2019-04-24
  • 13.0.0-rc.29 - 2019-04-24
  • 13.0.0-rc.28 - 2019-04-24
  • 13.0.0-rc.27 - 2019-04-24
  • 13.0.0-rc.26 - 2019-04-24
  • 13.0.0-rc.25 - 2019-04-20
  • 13.0.0-rc.24 - 2019-04-17
  • 13.0.0-rc.23 - 2019-04-06
  • 13.0.0-rc.22 - 2019-04-06
  • 13.0.0-rc.21 - 2019-04-06
  • 13.0.0-rc.20 - 2019-03-31
  • 13.0.0-rc.19 - 2019-03-29
  • 13.0.0-rc.18 - 2019-03-26
  • 13.0.0-rc.17 - 2019-03-26
  • 13.0.0-rc.16 - 2019-03-25
  • 13.0.0-rc.15 - 2019-03-25
  • 13.0.0-rc.14 - 2019-03-22
  • 13.0.0-rc.13 - 2019-03-22
  • 13.0.0-rc.12 - 2019-03-21
  • 13.0.0-rc.11 - 2019-03-20
  • 13.0.0-rc.10 - 2019-03-18
  • 13.0.0-rc.9 - 2019-03-18
  • 13.0.0-rc.8 - 2019-03-18
  • 13.0.0-rc.7 - 2019-03-17
  • 13.0.0-rc.6 - 2019-03-17
  • 13.0.0-rc.5 - 2019-03-16
  • 13.0.0-rc.4 - 2019-03-16
  • 13.0.0-rc.3 - 2019-03-13
  • 13.0.0-rc.2 - 2019-03-13
  • 13.0.0-rc.1 - 2019-03-11
  • 13.0.0-rc.0 - 2019-03-11
  • 12.7.0 - 2019-04-28
  • 12.6.6 - 2019-04-26
  • 12.6.5 - 2019-04-24
  • 12.6.4 - 2019-04-24
  • 12.6.3 - 2019-04-22
  • 12.6.2 - 2019-04-17
  • 12.6.1 - 2019-03-22
  • 12.6.0 - 2019-03-07
  • 12.5.3 - 2019-02-15
  • 12.5.2 - 2019-02-08
  • 12.5.1 - 2019-02-01
  • 12.5.0 - 2019-01-30
  • 12.4.1 - 2019-01-30
  • 12.4.0 - 2019-01-23
  • 12.3.0 - 2019-01-23
  • 12.2.1 - 2019-01-23
  • 12.2.0 - 2019-01-23
  • 12.1.4 - 2019-01-22
  • 12.1.3 - 2019-01-22
  • 12.1.2 - 2019-01-21
  • 12.1.1 - 2018-12-12
  • 12.1.0 - 2018-11-13
  • 12.0.2 - 2018-11-12
  • 12.0.1 - 2018-05-17
  • 12.0.0 - 2018-05-17
from tap GitHub release notes
Commit messages
Package name: tap
  • 5187113 update versions
  • 5bb7ca8 remove shell:true from publish script
  • 2f9abd3 changelog 18.7
  • f105701 late-bind t.context, so it can be set in before()
  • ae2deb7 always initialize `t.context`
  • e906d21 tcompare: update test to strip out node version specific cruft
  • dc8dadd ci: node 20 and 21 only
  • 0768324 remove windows from CI
  • 5063b46 chore: use --loader in bootstrap
  • 51e8a31 bootstrap: run nx in --verbose mode
  • 4b33e42 ci: test on windows and macos
  • 81dd0ad add shell:true to npm spawns for windows benefit
  • 5e28526 core: inherit diagnostic option in subtests
  • eb060c7 formatting, and use consistent t.mockImport type hinting
  • 410f1ac tapjs/mock: work around ESM hook deadlock
  • 7b79b31 use type param for mockImport, mockRequire
  • 511019b update versions
  • 099545a update versions
  • 3188248 changelog for 18.6
  • 145bfc3 remove two extraneous files from src/tsx
  • f4da093 avoid EBUSY when deleting fixture dir on windows
  • 7505ccd handle valueOf in tcompare::same
  • dd4f233 add @ tapjs/tsx plugin
  • 639f3f2 Fully resolve module references for pnpm benefit

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WontonSam @snyk-bot