New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 8 vulnerabilities #86

Open

pjmolina wants to merge 1 commit into master from snyk-fix-8951501ef24f8dd26df1f6e33a50b77c

Owner

pjmolina commented Dec 1, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	741/1000 Why? Mature exploit, Has a fix available, CVSS 7.1	Uninitialized Memory Exposure npm:base64url:20180511	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 81 commits.

0afeb5c 1.6.0
2805dc3 Merge pull request #1750 from gruntjs/dep-update-jan28
3f1e423 README updates
8fd096d Bump to 16
42c5f95 Update more deps
1d88050 Bump eslint and node version
82d79b8 1.5.3
572d79b Merge pull request #1745 from gruntjs/fix-copy-op
58016ff Patch up race condition in symlink copying.
0749e1d Merge pull request #1746 from JamieSlome/patch-1
69b7c50 Create SECURITY.md
ac667b2 1.5.2
7f15fd5 Update Changelog
b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
433f91b Clean up link handling
d5969ec 1.5.1
ad22608 Merge pull request #1742 from gruntjs/update-symlink-test
0652305 Fix symlink test
a7ab0a8 1.5.0
b2b2c2b Updated changelog
3eda6ae Merge pull request #1740 from gruntjs/update-deps-22-10
47d32de Update testing matrix
2e9161c More updates
04b960e Remove console log

See the full diff

Package name: grunt-cli

The new version differs by 5 commits.

2293dc5 1.4.0
bbc4400 Update changelog
3fa5bf6 Ignore package-lock
c271173 Update deps, switch to actions (#141)
84ebcb8 Bump deps, required node version and ci (#137)

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 27 commits.

a3f3f34 5.2.1
3c8d904 Update Readme
0850dcd update dependencies (#568)
c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
98b4c5f Fix documentation in relation to issue #565 (#566)
7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
e410511 Update deps, v5.1.0 (#564)
2cb31be Update uglify-js to v3.15.2 (#562)
12ca0f2 Fix wording in README.md (#560)
1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
0e4b1a0 Update uglify-js (#557)
9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
4e83e45 Update UglifyJS to 3.13.3 (#554)
8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
14b71da v5.0.0
9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
b7bcde4 Delete .travis.yml
cba2631 Delete appveyor.yml
3dc53f0 ini github workflow
f65dbb9 v4.0.1. (#535)
b33a071 upgrade devDependencies (#536)
1e40037 upgrade to uglify-js 3.5.0 (#534)
33724cd update links to uglifyJS documentation (#530)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution


          fix: package.json & package-lock.json to reduce vulnerabilities

57faf65

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-HAWK-2808852
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/npm:base64url:20180511

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet