Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 114 vulnerabilities #338

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • deps/npm/node_modules/tweetnacl/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908
Yes No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-ECSTATIC-540354
Yes Proof of Concept
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1021884
Yes Mature
high severity Use After Free
SNYK-JS-ELECTRON-1041745
Yes Mature
high severity Improper Validation
SNYK-JS-ELECTRON-1047306
Yes Mature
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1048693
Yes No Known Exploit
high severity Improper Access Control
SNYK-JS-ELECTRON-1049321
Yes No Known Exploit
high severity Improper Input Validation
SNYK-JS-ELECTRON-1049323
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1049547
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1050424
Yes No Known Exploit
medium severity Information Exposure
SNYK-JS-ELECTRON-1050427
Yes No Known Exploit
high severity Insufficient Validation
SNYK-JS-ELECTRON-1050882
Yes Mature
critical severity Use After Free
SNYK-JS-ELECTRON-1050999
Yes No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-1051000
Yes No Known Exploit
medium severity Improper Input Validation
SNYK-JS-ELECTRON-1064555
Yes Proof of Concept
high severity Use After Free
SNYK-JS-ELECTRON-1064558
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1064561
Yes No Known Exploit
medium severity Information Exposure
SNYK-JS-ELECTRON-1065981
Yes No Known Exploit
critical severity Use After Free
SNYK-JS-ELECTRON-1070013
Yes No Known Exploit
high severity Insufficient Validation
SNYK-JS-ELECTRON-1070014
Yes No Known Exploit
medium severity Use After Free
SNYK-JS-ELECTRON-1070015
Yes No Known Exploit
high severity Heap Buffer Overflow
SNYK-JS-ELECTRON-1085647
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1085705
Yes Mature
high severity Use After Free
SNYK-JS-ELECTRON-1085994
Yes No Known Exploit
high severity Out-of-Bounds
SNYK-JS-ELECTRON-1085996
Yes No Known Exploit
medium severity Information Exposure
SNYK-JS-ELECTRON-1085998
Yes No Known Exploit
high severity Out-of-Bounds
SNYK-JS-ELECTRON-1086693
Yes No Known Exploit
medium severity Access Restriction Bypass
SNYK-JS-ELECTRON-1086694
Yes No Known Exploit
high severity Improper Input Validation
SNYK-JS-ELECTRON-1086695
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1087442
Yes No Known Exploit
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-1088600
Yes Mature
high severity Insecure Defaults
SNYK-JS-ELECTRON-1088602
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1252279
Yes Mature
high severity Use After Free
SNYK-JS-ELECTRON-1252280
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1253279
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1253281
Yes No Known Exploit
critical severity Out-of-bounds
SNYK-JS-ELECTRON-1257943
Yes Mature
high severity Use After Free
SNYK-JS-ELECTRON-1258207
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1259349
Yes No Known Exploit
high severity Integer Overflow or Wraparound
SNYK-JS-ELECTRON-1260586
Yes No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-1261111
Yes No Known Exploit
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1277203
Yes No Known Exploit
high severity Integer Overflow
SNYK-JS-ELECTRON-1277205
Yes No Known Exploit
medium severity Improper Input Validation
SNYK-JS-ELECTRON-1277526
Yes No Known Exploit
low severity Out Of Bounds Read
SNYK-JS-ELECTRON-1278596
Yes No Known Exploit
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1296553
Yes No Known Exploit
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1296555
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1296557
Yes No Known Exploit
high severity Type Confusion
SNYK-JS-ELECTRON-1296559
Yes Proof of Concept
high severity Use After Free
SNYK-JS-ELECTRON-1296561
Yes No Known Exploit
high severity Race Condition
SNYK-JS-ELECTRON-1296563
Yes No Known Exploit
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1296565
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1312313
Yes No Known Exploit
high severity Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-1312314
Yes Mature
high severity Use After Free
SNYK-JS-ELECTRON-1312315
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1313765
Yes Mature
medium severity Use After Free
SNYK-JS-ELECTRON-1313767
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1314896
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1315151
Yes No Known Exploit
critical severity Out-of-bounds Write
SNYK-JS-ELECTRON-1315668
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1533614
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1534881
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1534882
Yes No Known Exploit
high severity Type Confusion
SNYK-JS-ELECTRON-1534883
Yes Mature
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1534884
Yes No Known Exploit
medium severity Use After Free
SNYK-JS-ELECTRON-1536579
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1536581
Yes Proof of Concept
high severity Use After Free
SNYK-JS-ELECTRON-1536587
Yes No Known Exploit
medium severity Out-of-Bounds
SNYK-JS-ELECTRON-1585619
Yes Mature
high severity Type Confusion
SNYK-JS-ELECTRON-1586050
Yes No Known Exploit
high severity Buffer Overflow
SNYK-JS-ELECTRON-1656742
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-1656743
Yes Mature
high severity Out-of-Bounds
SNYK-JS-ELECTRON-1656745
Yes No Known Exploit
high severity Access Restriction Bypass
SNYK-JS-ELECTRON-1656746
Yes No Known Exploit
medium severity Improper Input Validation
SNYK-JS-ELECTRON-1727344
Yes Mature
medium severity Sandbox Bypass
SNYK-JS-ELECTRON-1731315
Yes Proof of Concept
high severity Use After Free
SNYK-JS-ELECTRON-174045
Yes Mature
high severity Use After Free
SNYK-JS-ELECTRON-1910985
Yes Mature
high severity Use After Free
SNYK-JS-ELECTRON-1910987
Yes No Known Exploit
medium severity Exposure of Resource to Wrong Sphere
SNYK-JS-ELECTRON-1910988
Yes No Known Exploit
medium severity Improper Access Control
SNYK-JS-ELECTRON-1910991
Yes No Known Exploit
critical severity Type Confusion
SNYK-JS-ELECTRON-1911949
Yes Proof of Concept
high severity Use After Free
SNYK-JS-ELECTRON-1912074
Yes No Known Exploit
high severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1912084
Yes No Known Exploit
medium severity Information Exposure
SNYK-JS-ELECTRON-1912085
Yes Mature
high severity Arbitrary Code Execution
SNYK-JS-ELECTRON-483050
Yes No Known Exploit
high severity Arbitrary Code Execution
SNYK-JS-ELECTRON-483056
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-564272
Yes No Known Exploit
high severity Heap Overflow
SNYK-JS-ELECTRON-565051
Yes No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-565052
Yes No Known Exploit
high severity Improper Access Control
SNYK-JS-ELECTRON-565362
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-565366
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-565368
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-565441
Yes No Known Exploit
medium severity Buffer Underflow
SNYK-JS-ELECTRON-565488
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-565490
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-565494
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-565571
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-565705
Yes No Known Exploit
medium severity Use After Free
SNYK-JS-ELECTRON-565709
Yes No Known Exploit
high severity Site Isolation Bypass
SNYK-JS-ELECTRON-565713
Yes No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-570624
Yes No Known Exploit
high severity Type Confusion
SNYK-JS-ELECTRON-570833
Yes Proof of Concept
medium severity Arbitrary File Read
SNYK-JS-ELECTRON-575393
Yes No Known Exploit
high severity Privilege Escalation
SNYK-JS-ELECTRON-575394
Yes No Known Exploit
high severity Privilege Escalation
SNYK-JS-ELECTRON-575395
Yes No Known Exploit
high severity Privilege Escalation
SNYK-JS-ELECTRON-575396
Yes No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
Yes Proof of Concept
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
Yes Proof of Concept
high severity Prototype Pollution
SNYK-JS-PLIST-2405644
Yes Proof of Concept
high severity Improper Privilege Management
SNYK-JS-SHELLJS-2332187
Yes Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
Yes No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:eslint:20180222
Yes Proof of Concept
Commit messages
Package name: eslint The new version differs by 250 commits.

See the full diff

Package name: tape-run The new version differs by 33 commits.

See the full diff

Package name: uglify-js The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Access Control
🦉 More lessons are available in Snyk Learn

…lities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ECSTATIC-540354
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1021884
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1041745
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1047306
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1048693
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1049321
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1049323
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1049547
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050424
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050427
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050882
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050999
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1051000
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1064555
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1064558
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1064561
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1065981
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1070013
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1070014
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1070015
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085647
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085705
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085994
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085996
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085998
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1086693
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1086694
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1086695
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1087442
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1088600
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1088602
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1252279
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1252280
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1253279
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1253281
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1257943
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1258207
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1259349
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1260586
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1261111
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1277203
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1277205
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1277526
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1278596
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296553
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296555
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296557
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296559
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296561
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296563
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296565
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1312313
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1312314
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1312315
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1313765
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1313767
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1314896
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1315151
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1315668
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1533614
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534881
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534882
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534883
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534884
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1536579
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1536581
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1536587
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1585619
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1586050
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656742
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656743
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656745
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656746
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1727344
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1731315
- https://snyk.io/vuln/SNYK-JS-ELECTRON-174045
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910985
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910987
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910988
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910991
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1911949
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912074
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912084
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912085
- https://snyk.io/vuln/SNYK-JS-ELECTRON-483050
- https://snyk.io/vuln/SNYK-JS-ELECTRON-483056
- https://snyk.io/vuln/SNYK-JS-ELECTRON-564272
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565051
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565052
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565362
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565366
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565368
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565441
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565488
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565490
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565494
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565571
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565705
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565709
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565713
- https://snyk.io/vuln/SNYK-JS-ELECTRON-570624
- https://snyk.io/vuln/SNYK-JS-ELECTRON-570833
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575393
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575394
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575395
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575396
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-PLIST-2405644
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/npm:eslint:20180222
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant