[Snyk] Upgrade: , , , async, chai, minimatch, eslint, google-auth-library, mocha, ms-rest-azure, nodemon, nyc #145

ekmixon · 2024-09-13T20:36:14Z

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

@octokit/app
from 3.0.2 to 15.1.0 | 78 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-06
@octokit/request
from 3.0.3 to 9.1.3 | 83 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-14
@octokit/rest
from 16.43.2 to 21.0.2 | 116 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-16
async
from 2.6.4 to 3.2.6 | 12 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 25 days ago
on 2024-08-19
chai
from 4.5.0 to 5.1.1 | 9 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-09
minimatch
from 3.1.2 to 10.0.1 | 62 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
eslint
from 6.8.0 to 9.9.1 | 125 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 21 days ago
on 2024-08-23
google-auth-library
from 8.9.0 to 9.14.0 | 20 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 25 days ago
on 2024-08-20
mocha
from 6.2.3 to 10.7.3 | 44 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-09
ms-rest-azure
from 2.6.2 to 3.0.2 | 3 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
on 2022-04-28
nodemon
from 1.19.4 to 3.1.4 | 45 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-20
nyc
from 14.1.1 to 17.0.0 | 9 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-09

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Prototype Pollution SNYK-JS-LODASHSET-1320032	686	Proof of Concept
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	686	No Known Exploit
Uncontrolled resource consumption SNYK-JS-BRACES-6838727	686	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	686	No Known Exploit
Prototype Pollution SNYK-JS-UNSETVALUE-2400660	686	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	686	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	686	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	686	No Known Exploit
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	686	No Known Exploit
Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	686	No Known Exploit
Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	686	No Known Exploit
Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	686	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	686	Proof of Concept

Release notes

Package name: @octokit/app

15.1.0 - 2024-06-06
15.1.0 (2024-06-06)

Features
- add getInstallationUrl method (#542) (691ccfb)
15.0.1 - 2024-04-30
15.0.1 (2024-04-30)

Bug Fixes
- types: export minimal types required for the App class (#536) (318e6fd)
15.0.0 - 2024-04-30
15.0.0 (2024-04-30)

Features
- package is now ESM (#512) (ea347ff)
BREAKING CHANGES
- package is now ESM
15.0.0-beta.5 - 2024-04-30
15.0.0-beta.5 (2024-04-30)

Bug Fixes
- deps: bump @ octokit/auth-app (70a3fca)
15.0.0-beta.4 - 2024-04-16
15.0.0-beta.4 (2024-04-16)

Features
- security: Add provenance (#528) (6860c97)
15.0.0-beta.3 - 2024-04-16
15.0.0-beta.3 (2024-04-16)

Bug Fixes
- bump Octokit deps (65cc6e9)
15.0.0-beta.2 - 2024-02-27
15.0.0-beta.2 (2024-02-27)

Bug Fixes
- bump deps (a2f35e9)
- pkg: add main entry point (09e0241), closes octokit/core.js#662
15.0.0-beta.1 - 2024-02-25
15.0.0-beta.1 (2024-02-25)

Bug Fixes
- bump deps (8ce821d)
Features
- package is now ESM (f970e0d)
BREAKING CHANGES
- package is now ESM
14.1.0 - 2024-04-03
14.1.0 (2024-04-03)

Features
- security: Add provenance (#528) (6860c97)
14.0.2 - 2023-11-15
14.0.2 (2023-11-15)

Bug Fixes
- update for the handling of an error being thrown by the verify method in webhooks.js (#482) (b59444d)
14.0.1 - 2023-09-23
14.0.0 - 2023-07-10
14.0.0-beta.9 - 2023-07-10
14.0.0-beta.8 - 2023-07-10
14.0.0-beta.7 - 2023-07-10
14.0.0-beta.6 - 2023-07-10
14.0.0-beta.5 - 2023-06-14
14.0.0-beta.4 - 2023-05-21
14.0.0-beta.3 - 2023-05-21
14.0.0-beta.2 - 2023-04-13
14.0.0-beta.1 - 2022-09-15
13.1.8 - 2023-06-16
13.1.7 - 2023-06-16
13.1.6 - 2023-06-16
13.1.5 - 2023-05-27
13.1.4 - 2023-05-18
13.1.3 - 2023-04-28
13.1.2 - 2023-01-20
13.1.1 - 2023-01-06
13.1.0 - 2022-12-01
13.0.11 - 2022-10-13
13.0.10 - 2022-10-13
13.0.9 - 2022-09-30
13.0.8 - 2022-08-29
13.0.7 - 2022-08-15
13.0.6 - 2022-08-15
13.0.5 - 2022-07-08
13.0.4 - 2022-07-08
13.0.3 - 2022-07-08
13.0.2 - 2022-07-08
13.0.1 - 2022-07-08
13.0.0 - 2022-06-27
12.0.7 - 2022-06-27
12.0.6 - 2022-06-26
12.0.5 - 2021-09-13
12.0.4 - 2021-08-17
12.0.3 - 2021-06-05
12.0.2 - 2021-04-17
12.0.1 - 2021-04-17
12.0.0 - 2021-04-14
12.0.0-beta.2 - 2021-04-14
12.0.0-beta.1 - 2021-04-11
11.4.2 - 2021-04-09
11.4.1 - 2021-04-08
11.4.0 - 2021-04-08
11.3.1 - 2021-04-05
11.3.0 - 2021-03-31
11.2.0 - 2021-03-30
11.1.0 - 2021-03-26
11.0.0 - 2021-03-24
10.3.0 - 2021-03-24
10.2.2 - 2021-02-19
10.2.1 - 2021-02-19
10.2.0 - 2021-02-19
10.1.2 - 2021-02-17
10.1.1 - 2021-02-15
10.1.0 - 2021-01-25
10.0.3 - 2021-01-25
10.0.2 - 2020-12-03
10.0.1 - 2020-12-03
10.0.0 - 2020-11-06
10.0.0-beta.1 - 2020-11-05
4.3.0 - 2020-10-29
4.2.1 - 2020-07-14
4.2.0 - 2020-02-13
4.1.1 - 2019-12-19
4.1.0 - 2019-07-27
14.1.0 (2024-04-03)

Features
- security: Add provenance (#528) (6860c97)
4.0.0 - 2019-07-12
3.0.2 - 2019-07-09

from @octokit/app GitHub release notes

Package name: @octokit/request

9.1.3 - 2024-07-14
9.1.3 (2024-07-14)

Bug Fixes
- improve toErrorMessage (#714) (fcc5b25)
9.1.2 - 2024-07-13
9.1.2 (2024-07-13)

Bug Fixes
- refactor: async await instead of Promise chain (#711) (611b275)
9.1.1 - 2024-04-15
9.1.1 (2024-04-15)

Bug Fixes
- pkg: add default fallback to exports (#688) (9866c41)
9.1.0 - 2024-04-09
9.1.0 (2024-04-09)

Bug Fixes
- deps: update dependency @ octokit/types to v13 (#684) (4d466a6)
Features
- re-add redirect request option (#636) (23200c0), closes #599
- security: Add provenance (#685) (465bc7c)
9.0.1 - 2024-02-27
9.0.1 (2024-02-27)

Bug Fixes
- pkg: add main export (#681) (1d834ae)
9.0.0 - 2024-02-24
9.0.0 (2024-02-24)

Features
- switch to ESM output (#678) (517fd98)
BREAKING CHANGES
- Output a single ESM bundle
9.0.0-beta.1 - 2024-02-23
9.0.0-beta.1 (2024-02-23)

Bug Fixes
- improve spec compliance (ca9eb20)
Features
- switch to ESM output (8df344f)
BREAKING CHANGES
- Output a single ESM bundle
8.4.0 - 2024-04-09
8.4.0 (2024-04-09)

Features
- re-add redirect request option (#636) (abc4955), closes #599
8.3.1 - 2024-04-05
8.3.1 (2024-04-05)

Bug Fixes
- upgrade @ octokit/endpoint (4e7127c)
8.3.0 - 2024-04-05
8.3.0 (2024-04-05)

Bug Fixes
- upgrade @ octokit/types (6822e8b)
Features
- security: Add provenance (#685) (2e67925)
8.2.0 - 2024-02-09
8.1.6 - 2023-11-22
8.1.5 - 2023-11-09
8.1.4 - 2023-10-09
8.1.3 - 2023-10-06
8.1.2 - 2023-09-23
8.1.1 - 2023-07-19
8.1.0 - 2023-07-11
8.0.4 - 2023-07-09
8.0.3 - 2023-07-09
8.0.2 - 2023-07-07
8.0.1 - 2023-07-07
8.0.0 - 2023-07-07
7.0.1 - 2023-06-20
7.0.0 - 2023-06-16
7.0.0-beta.7 - 2023-06-16
7.0.0-beta.6 - 2023-06-14
7.0.0-beta.5 - 2023-06-13
7.0.0-beta.4 - 2023-06-13
7.0.0-beta.3 - 2023-06-13
7.0.0-beta.2 - 2023-05-21
7.0.0-beta.1 - 2023-05-20
6.2.8 - 2023-06-16
6.2.7 - 2023-06-16
6.2.6 - 2023-06-13
6.2.5 - 2023-05-18
6.2.4 - 2023-05-16
6.2.3 - 2023-01-21
6.2.2 - 2022-10-13
6.2.1 - 2022-08-15
6.2.0 - 2022-07-13
6.1.0 - 2022-07-11
6.0.2 - 2022-07-08
6.0.1 - 2022-07-07
6.0.0 - 2022-07-07
5.6.3 - 2022-01-22
5.6.2 - 2021-10-03
5.6.1 - 2021-08-11
5.6.0 - 2021-06-12
5.5.0 - 2021-06-04
5.4.15 - 2021-04-09
5.4.14 - 2021-02-01
5.4.13 - 2021-01-25
5.4.12 - 2020-12-03
5.4.11 - 2020-12-01
5.4.10 - 2020-11-01
5.4.9 - 2020-09-13
5.4.8 - 2020-09-10
5.4.7 - 2020-07-21
5.4.6 - 2020-07-17
5.4.5 - 2020-06-10
5.4.4 - 2020-05-25
5.4.3 - 2020-05-21
5.4.2 - 2020-04-19
5.4.1 - 2020-04-19
5.4.0 - 2020-04-12
5.3.4 - 2020-03-24
5.3.3 - 2020-03-24
5.3.2 - 2020-02-21
5.3.1 - 2019-11-03
5.3.0 - 2019-10-24
5.2.1 - 2019-10-13
5.2.0 - 2019-10-11
5.1.0 - 2019-09-04
5.0.3 - 2019-09-03
5.0.2 - 2019-07-25
5.0.1 - 2019-07-12
5.0.0 - 2019-07-09
4.1.1 - 2019-06-14
4.1.0 - 2019-05-17
4.0.2 - 2019-05-17
4.0.1 - 2019-05-16
4.0.0 - 2019-05-15
3.0.3 - 2019-05-12

from @octokit/request GitHub release notes

Package name: @octokit/rest

21.0.2 - 2024-08-16
21.0.2 (2024-08-16)

Bug Fixes
- docs: update to react 18 and latest gatsby deps (#462) (9a80f06), closes #216 #230 #460
21.0.1 - 2024-07-17
21.0.1 (2024-07-17)

Bug Fixes
- update deps (#456) (93d5afb)
21.0.0 - 2024-06-20
21.0.0 (2024-06-20)

Features
- v21 (#413) (12b6c65)
BREAKING CHANGES
- package is now ESM
21.0.0-beta.4 - 2024-06-19
21.0.0-beta.4 (2024-06-19)

Bug Fixes
- update REST endpoints (#428) (7058346)
21.0.0-beta.3 - 2024-04-30
21.0.0-beta.3 (2024-04-30)

Features
- security: Add provenance (#420) (9adf1a4)
21.0.0-beta.2 - 2024-04-16
21.0.0-beta.2 (2024-04-16)

Bug Fixes
- deps: bump Octokit deps (5d8da12)
- pkg: add a default fallback export (1b6e582)
21.0.0-beta.1 - 2024-03-05
21.0.0-beta.1 (2024-03-05)

Bug Fixes
- add explicit type anotation (3ddd79e)
- build: adapt for ESM (aad55f4)
- bump deps (21f1aaa)
- deps: bump deps (f179b0b)
- deps: update octokit monorepo (aed67c2)
- docs: update for ESM (42be65a)
- Empty commit to trigger release (828467b)
BREAKING CHANGES
- package is now ESM
20.1.1 - 2024-05-03
20.1.1 (2024-05-03)

Bug Fixes
- update REST endpoints (#428) (7058346)
20.1.0 - 2024-04-03
20.1.0 (2024-04-03)

Features
- security: Add provenance (#420) (9adf1a4)
20.0.2 - 2023-09-25
20.0.2 (2023-09-25)

Bug Fixes
- deps: update octokit monorepo (major) (#363) (258bf80)
20.0.1 - 2023-07-11
20.0.0 - 2023-07-11
20.0.0-beta.5 - 2023-07-10
20.0.0-beta.4 - 2023-07-10
20.0.0-beta.3 - 2023-06-27
20.0.0-beta.2 - 2023-06-03
20.0.0-beta.1 - 2023-06-03
19.0.13 - 2023-06-16
19.0.12 - 2023-06-16
19.0.11 - 2023-05-20
19.0.10 - 2023-05-20
19.0.9 - 2023-05-20
19.0.8 - 2023-05-14
19.0.7 - 2023-01-21
19.0.6 - 2023-01-21
19.0.5 - 2022-10-13
19.0.4 - 2022-08-15
19.0.3 - 2022-07-08
19.0.2 - 2022-07-08
19.0.1 - 2022-07-07
19.0.0 - 2022-07-07
18.12.0 - 2021-10-07
18.11.4 - 2021-09-30
18.11.3 - 2021-09-30
18.11.2 - 2021-09-27
18.11.1 - 2021-09-24
18.11.0 - 2021-09-22
18.10.0 - 2021-08-31
18.9.1 - 2021-08-16
18.9.0 - 2021-08-03
18.8.0 - 2021-08-02
18.7.2 - 2021-07-30
18.7.1 - 2021-07-23
18.7.0 - 2021-07-21
18.6.8 - 2021-07-20
18.6.7 - 2021-07-04
18.6.6 - 2021-06-30
18.6.5 - 2021-06-30
18.6.4 - 2021-06-29
18.6.3 - 2021-06-26
18.6.2 - 2021-06-24
18.6.1 - 2021-06-23
18.6.0 - 2021-06-12
18.5.6 - 2021-06-01
18.5.6-beta.1 - 2021-06-01
18.5.5 - 2021-05-28
18.5.4 - 2021-05-27
18.5.3 - 2021-04-21
18.5.2 - 2021-03-27
18.5.1 - 2021-03-26
18.5.0 - 2021-03-26
18.4.0 - 2021-03-24
18.3.5 - 2021-03-08
18.3.4 - 2021-03-05
18.3.3 - 2021-03-05
18.3.2 - 2021-03-03
18.3.1 - 2021-03-01
18.3.0 - 2021-02-26
18.2.1 - 2021-02-24
18.2.0 - 2021-02-18
18.1.1 - 2021-02-13
18.1.0 - 2021-02-03
18.0.15 - 2021-01-25
18.0.14 - 2021-01-22
18.0.13 - 2021-01-22
18.0.12 - 2020-12-04
18.0.11 - 2020-12-03
18.0.10 - 2020-12-02
18.0.9 - 2020-11-02
18.0.8 - 2020-11-01
18.0.7 - 2020-10-30
18.0.6 - 2020-09-14
18.0.5 - 2020-09-04
18.0.4 - 2020-08-26
18.0.3 - 2020-07-24
18.0.2 - 2020-07-23
18.0.1 - 2020-07-16
18.0.0 - 2020-06-11
17.11.2 - 2020-06-11
17.11.1 - 2020-06-11
17.11.0 - 2020-06-07
17.10.0 - 2020-06-04
17.9.3 - 2020-06-03
17.9.2 - 2020-05-18
17.9.1 - 2020-05-17
17.9.0 - 2020-05-11
17.8.0 - 2020-05-06
17.7.0 - 2020-05-05
17.6.0 - 2020-04-24
17.5.2 - 2020-04-22
17.5.1 - 2020-04-20
17.5.0 - 2020-04-20
17.4.0 - 2020-04-19
17.3.0 - 2020-04-15
17.2.1 - 2020-04-12
17.2.0 - 2020-04-08
17.1.4 - 2020-03-26
17.1.3 - 2020-03-25
17.1.2 - 2020-03-24
17.1.1 - 2020-03-20
17.1.0 - 2020-03-11
17.0.1 - 2020-03-10
17.0.0 - 2020-02-19
17.0.0-beta.3 - 2020-02-07
17.0.0-beta.2 - 2020-02-04
17.0.0-beta.1 - 2020-02-03
16.43.2 - 2020-06-24

from @octokit/rest GitHub release notes

Package name: async

from async GitHub release notes

Package name: chai

5.1.1 - 2024-05-09
What's Changed
- Set up ESLint for JSDoc comments by @ koddsson in #1605
- build(deps-dev): bump ip from 1.1.8 to 1.1.9 by @ dependabot in #1608
- Correct Mocha import instructions by @ MattiSG in #1611
- fix: support some virtual contexts in toThrow by @ 43081j in #1609
New Contributors
- @ MattiSG made their first contribution in #1611
Full Changelog: v5.1.0...v5.1.1
5.1.0 - 2024-02-12
What's Changed
- Remove useless guards and add parentheses to constuctors by @ koddsson in #1593
- Cleanup jsdoc comments by @ koddsson in #1596
- Convert comments in "legal comments" format to jsdoc or normal comments by @ koddsson in #1598
- Implement iterable assertion by @ koddsson in #1592
- Assert interface fix by @ developer-bandi in #1601
- Set support in same members by @ koddsson in #1583
- Fix publish script by @ koddsson in #1602
New Contributors
- @ developer-bandi made their first contribution in #1601
Full Changelog: v5.0.3...v5.1.0
5.0.3 - 2024-01-25
Fix bad v5.0.2 publish.

Full Changelog: v5.0.2...v5.0.3
5.0.2 - 2024-01-25
What's Changed
- build(deps): bump nanoid and mocha by @ dependabot in #1558
- remove bump-cli by @ koddsson in #1559
- Update developer dependencies by @ koddsson in #1560
- fix: removes ?? for node compat (5.x) by @ 43081j in #1576
- Update loupe to latest version by @ koddsson in #1579
- Re-enable some webkit tests by @ koddsson in #1580
- Remove a bunch of if statements in test/should.js by @ koddsson in #1581
- Remove a bunch of unused files by @ koddsson in #1582
- Fix 1564 by @ koddsson in #1566
Full Changelog: v5.0.1...v5.0.2
5.0.0 - 2023-12-28
BREAKING CHANGES
- Chai now only supports EcmaScript Modules (ESM). This means your tests will need to either have import {...} from 'chai' or import('chai'). require('chai') will cause failures in nodejs. If you're using ESM and seeing failures, it may be due to a bundler or transpiler which is incorrectly converting import statements into require calls.
- Dropped support for Internet Explorer.
- Dropped support for NodeJS < 18.
- Minimum supported browsers are now Firefox 100, Safari 14.1, Chrome 100, Edge 100. Support for browsers prior to these versions is "best effort" (bug reports on older browsers will be assessed individually and may be marked as wontfix).
What's Changed
- feat: use chaijs/loupe for inspection by @ pcorpet in #1401
- docs: fix URL in README by @ Izzur in #1413
- Remove get-func-name dependency by @ koddsson in #1416
- Convert Makefile script to npm scripts by @ koddsson in #1424
- Clean up README badges by @ koddsson in #1422
- fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
- fix: deep-eql bump package to support symbols by @ snewcomer in #1458
- ES module conversion PoC by @ 43081j in

Snyk has created this PR to upgrade: - @octokit/app from 3.0.2 to 15.1.0. See this package in npm: https://www.npmjs.com/package/@octokit/app - @octokit/request from 3.0.3 to 9.1.3. See this package in npm: https://www.npmjs.com/package/@octokit/request - @octokit/rest from 16.43.2 to 21.0.2. See this package in npm: https://www.npmjs.com/package/@octokit/rest - async from 2.6.4 to 3.2.6. See this package in npm: https://www.npmjs.com/package/async - chai from 4.5.0 to 5.1.1. See this package in npm: https://www.npmjs.com/package/chai - minimatch from 3.1.2 to 10.0.1. See this package in npm: https://www.npmjs.com/package/minimatch - eslint from 6.8.0 to 9.9.1. See this package in npm: https://www.npmjs.com/package/eslint - google-auth-library from 8.9.0 to 9.14.0. See this package in npm: https://www.npmjs.com/package/google-auth-library - mocha from 6.2.3 to 10.7.3. See this package in npm: https://www.npmjs.com/package/mocha - ms-rest-azure from 2.6.2 to 3.0.2. See this package in npm: https://www.npmjs.com/package/ms-rest-azure - nodemon from 1.19.4 to 3.1.4. See this package in npm: https://www.npmjs.com/package/nodemon - nyc from 14.1.1 to 17.0.0. See this package in npm: https://www.npmjs.com/package/nyc See this project in Snyk: https://app.snyk.io/org/ekmixon/project/a50a9592-0b85-48c9-9301-0888580e6c10?utm_source=github&utm_medium=referral&page=upgrade-pr

secure-code-warrior-for-github · 2024-09-13T20:36:21Z

Micro-Learning Topic: Insecure authentication (Detected by phrase)

Matched on "Improper Authentication"

What is this? (2min video)

Improper authentication happens when mechanisms intended to identify the user are flawed (easily tamperable or insufficient). This would allow an attacker to bypass access controls or to easily impersonate a user.

Try a challenge in Secure Code Warrior

Helpful references

OWASP Improper Authentication prevention cheat sheet - This article is focused on providing clear, simple, actionable guidance for preventing improper authentication flaws in your applications.

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Inefficient regular expression (Detected by phrase)

Matched on "Inefficient Regular Expression"

What is this? (2min video)

A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Open redirect (Detected by phrase)

Matched on "Open Redirect"

What is this? (2min video)

This vulnerability refers to the ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system. It arises due to insufficient validation or sanitisation of inputs used to perform a redirect or forward and may result in privilege escalation (in the case of a forward) or may be used to launch phishing attacks against users (in the case of redirects).

Try a challenge in Secure Code Warrior

Helpful references

OWASP Unvalidated Redirects and Forwards Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing redirection and forwarding flaws in your applications.
Preventing Open Redirection Attacks (C#) - A detailed Microsoft article on how to prevent open redirection vulnerabilities in ASP.NET MVC.

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Use of a broken or risky cryptographic algorithm (Detected by phrase)

Matched on "Use of a Broken or Risky Cryptographic Algorithm"

What is this? (2min video)

Using broken or weak cryptographic algorithms can allow an attacker to compromise security.

Try a challenge in Secure Code Warrior

Helpful references

OWASP Using a broken or risky cryptographic algorithm article - OWASP community page with comprehensive information about using broken or risky cryptographic algorithms, and links to various OWASP resources to help detect or prevent it.
OWASP Password Storage Cheat Sheet - This cheat sheet provides guidance on the recommended algorithms related to storing passwords.
OWASP Transport Layer Protection Cheat Sheet - This cheat sheet provides guidance on how to implement transport layer protection for an application using Transport Layer Security (TLS), including recommendations on cipher and key exchange algorithms.
OWASP Cryptographic Storage Cheat Sheet - This article provides a simple model to follow when implementing solutions to protect data at rest, including recommended cryptographic algorithms.

sourcery-ai

We have skipped reviewing this pull request. Here's why:

It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
We don't review packaging changes - Let us know if you'd like us to change this.

sourcery-ai bot reviewed Sep 13, 2024

View reviewed changes

[Snyk] Upgrade: , , , async, chai, minimatch, eslint, google-auth-library, mocha, ms-rest-azure, nodemon, nyc #145

Are you sure you want to change the base?

[Snyk] Upgrade: , , , async, chai, minimatch, eslint, google-auth-library, mocha, ms-rest-azure, nodemon, nyc #145

Conversation

ekmixon commented Sep 13, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade:

15.1.0 (2024-06-06)

Features

15.0.1 (2024-04-30)

Bug Fixes

15.0.0 (2024-04-30)

Features

BREAKING CHANGES

15.0.0-beta.5 (2024-04-30)

Bug Fixes

15.0.0-beta.4 (2024-04-16)

Features

15.0.0-beta.3 (2024-04-16)

Bug Fixes

15.0.0-beta.2 (2024-02-27)

Bug Fixes

15.0.0-beta.1 (2024-02-25)

Bug Fixes

Features

BREAKING CHANGES

14.1.0 (2024-04-03)

Features

14.0.2 (2023-11-15)

Bug Fixes

14.1.0 (2024-04-03)

Features

9.1.3 (2024-07-14)

Bug Fixes

9.1.2 (2024-07-13)

Bug Fixes

9.1.1 (2024-04-15)

Bug Fixes

9.1.0 (2024-04-09)

Bug Fixes

Features

9.0.1 (2024-02-27)

Bug Fixes

9.0.0 (2024-02-24)

Features

BREAKING CHANGES

9.0.0-beta.1 (2024-02-23)

Bug Fixes

Features

BREAKING CHANGES

8.4.0 (2024-04-09)

Features

8.3.1 (2024-04-05)

Bug Fixes

8.3.0 (2024-04-05)

Bug Fixes

Features

21.0.2 (2024-08-16)

Bug Fixes

21.0.1 (2024-07-17)

Bug Fixes

21.0.0 (2024-06-20)

Features

BREAKING CHANGES

21.0.0-beta.4 (2024-06-19)

Bug Fixes

21.0.0-beta.3 (2024-04-30)

Features

21.0.0-beta.2 (2024-04-16)

Bug Fixes

21.0.0-beta.1 (2024-03-05)

Bug Fixes

BREAKING CHANGES

20.1.1 (2024-05-03)

Bug Fixes

20.1.0 (2024-04-03)

Features

20.0.2 (2023-09-25)

Bug Fixes

What's Changed