[Snyk] Fix for 6 vulnerabilities #1

gnbm · 2024-01-16T17:53:32Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- hooks/ios/package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept
424/1000 Why? Has a fix available, CVSS 4.2	Insecure Randomness npm:node-uuid:20160328	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: plist

The new version differs by 72 commits.

5e0d06e 3.0.4
fa8e184 inline xmldom@0.6.0 to avoid false positive security message. Fixes Armv7s support EddyVerbruggen/cordova-plugin-googleplus#110, No longer getting extended profile details on login EddyVerbruggen/cordova-plugin-googleplus#111
a0bd0d0 3.0.3
dfb43f4 Merge pull request GooglePlus blocked and My app crash EddyVerbruggen/cordova-plugin-googleplus#109 from minhnguyen0712/master
5af9758 ⬆️ Bump xmldom
5877ec7 remove flaky saucelabs testing status badge
276c657 3.0.2
9b6af11 revert mocha because newer versions don't run on node versions this old
e828f84 update deps
e7b0394 removing safari because I can't get it to run in sauce with zuul
c33edbe try an older version of safari
1f13bd7 revert sauce connect
6fa1022 specify specific tunnel id for sauce
ee3c545 revert zuul dependency to see if that fixes saucelabs build
e538eb4 reduce travis testing matrix size
eb28b45 adding sauceconnect to see if that solves the local tunnel problem
3a8004a update saucelabs credentials in travis file
56c5a74 travis: revert config
eaf1ca7 move saucelabs credentials to travis env variables
eaf1af8 update minor deps
3821f55 update travis config to fix all warnings
9ec848e update sauce labs integration using my account
af45b08 give credit to sauce labs for providing free open source testing resources
1628c6e 3.0.1

Package name: xcode

The new version differs by 127 commits.

9592ed1 bumping version to 0.9.2
078625f Merge branch 'freiserg-master'
31b6d49 Merge branch 'master' of https://github.com/freiserg/node-xcode into freiserg-master
b735df9 Bumping to 0.9.1
f51dca9 Merge branch 'AbnerZheng-master'
43c0d59 Merge branch 'master' of https://github.com/AbnerZheng/node-xcode into AbnerZheng-master
ffb938b Update a uuid module
1568955 Merge branch 'innovative1-master'
96660f2 Tests for knownRegions
92b4acd Adding and removing knownRegions to/from PBXProject section
59506f1 Merge branch 'kelvinhokk-master'
1d30663 Merge branch 'master' of https://github.com/kelvinhokk/node-xcode into kelvinhokk-master
7f26cc0 Merge branch 'superserg8-master'
fb628c6 pbxProject removeTargetAttribute
c78d781 pbxProject addTargetAttribute
f40466f change tail recursive -> iterate
e842a9e added PBXVariantGroup for localization and nodeunit test cases
4cca2f6 Merge branch 'sundbry-shell-step'
cab0d0d Test case for PBXShellScriptBuildPhase
f7a77f1 Upgrade to 0.9.0
e8b9f7a RM debug logs
4687604 Add support for PBXShellScriptBuildPhase
b441568 Merge pull request access_token fix for iOS EddyVerbruggen/cordova-plugin-googleplus#103 from shazron/license-key-fix
e854e0a Added license key to package.json (Apache-2.0)