[Snyk] Fix for 7 vulnerabilities

[irinazheltisheva]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	521/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: go-ipfs-dep

The new version differs by 10 commits.

• 93a5e24 0.7.0
• 20bcda7 0.7.0-rc2
• cc6813c 0.7.0-rc1
• 8decf90 docs: add deprecation warning to top of readme (Name bikeshedding ipfs/ipfs-desktop#46)
• 1d00358 chore: docs say lowercase
• e1572fa chore: change how value is interpreted
• d423d2a chore: restore cron
• 06d855e chore: neutral exit code has been removed in later gh actions
• 1ac361a chore: remove extra space
• 480cee5 chore: bring back cron

See the full diff

Package name: ipfs-http-client

The new version differs by 250 commits.

• bf1bc8b chore: release master (#4364)
• 7b79c1b fix: add deprecation notice to readmes (#4362)
• 410725b chore: disable dependabot.yml (#4363)
• b64d4af docs: update README.md (#4307)
• 3bcabe3 chore: fix link to ci results (#4299)
• ab02e8f docs: update readmes to fix ci badges (#4296)
• c5e76b7 update-ipfs-http-client (#4293)
• 6eeb1be deps(dev): update interop, ipfsd-ctl and kubo-rpc-client (#4294)
• 6e94067 chore: release master (#4252)
• d1c3abb deps: update libp2p to 0.42.x (#4288)
• 0cfcaf6 fix: allow reading rawLeaves in MFS (#4282)
• fa578ba fix: disallow publishing pubsub messages to zero peers (#4286)
• 789ee58 deps: update dag-jose to 4.0.0 (#4289)
• 4b4c124 deps: update ipfs-utils for node 18 compatibility (#4287)
• 5f73eca chore: do not double-build interface tests
• 1916ca8 chore: interface tests should run after build
• 115a405 fix: fix publish step
• 6d90cbf fix: use aegir to publish RCs (#4284)
• 2a6fede fix: update lerna config for rc publishing (#4283)
• e85e5b6 deps: update @ chainsafe/libp2p-gossipsub to 6.0.0 (#4280)
• 563806f fix: restore lerna for preleases (#4281)
• 521c84a fix!: update multiformats to v11.x.x and related depenendcies (#4277)
• 6be5906 fix: mfs blob import for files larger than 262144b (#4251)
• b722041 docs: DisableNatPortMap should be true to disable port mapping (#4244)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution