Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 7 vulnerabilities #1573

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

aliscco
Copy link
Owner

@aliscco aliscco commented Nov 29, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/fixtures/qs-package/node_modules/bluebird/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASHBASEMERGE-450200
No Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-LODASHBASEMERGE-450201
No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:mime:20170907
No No Known Exploit
high severity 629/1000
Why? Has a fix available, CVSS 8.3
Improper minification of non-boolean comparisons
npm:uglify-js:20150824
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
npm:uglify-js:20151024
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: browserify The new version differs by 19 commits.
  • 26c58a9 forgot the "has" dep
  • 9a3864e more changelog info about browser field mappings
  • 42c2052 fix now works with the latest resolve
  • 29d917e failing browser field file test
  • ef257ed remove dnode test, was causing issues
  • 16611da some upgrades
  • ee3be4a more info on v9 fixes
  • e6438ea failing cases in pkg_event
  • 145ea52 failing pkg_event test
  • 97203b3 upgrades for 9.0.0
  • fbd6e2e Merge branch 'fix-expose' of https://github.com/jmm/node-browserify
  • dbe2c71 9.0.0
  • 53821dd Merge branch 'remove-unused-umd-dep' of https://github.com/zertosh/node-browserify
  • f6593fb Update browser-pack to ^4.0.0
  • 7ff5676 Merge branch 'remove-unused-umd-dep' of https://github.com/zertosh/node-browserify
  • ab4b4b8 Remove unused "umd" dep
  • d938408 failing relative dedupe case
  • c14da43 Eliminate path resolution and set row.expose.
  • bdf78c8 Pass this._expose to mdeps.

See the full diff

Package name: grunt-saucelabs The new version differs by 41 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants