ndm
ndm copied to clipboard
720kb
[Snyk] Fix for 3 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: npm
The new version differs by 250 commits.- 3b4ba65 7.0.0
- bbfc75d chore: fix weird .gitignore thing that happened somehow
- 8a2d375 docs: changelog for v7.0.0
- 365f2e7 [email protected]
- fafb348 [email protected]
- 9306c68 [email protected]
- 569cd64 [email protected]
- ac9fde7 Integration code for @ npmcli/[email protected]
- 704b9cd @ npmcli/[email protected]
- 3955bb9 [email protected]
- da240ef fix: patch config.js to remove duplicate values
- 9ae45a8 [email protected]
- 41ab36d [email protected]
- c474a15 [email protected]
- efc6786 fix: make sure publishConfig is passed through
- 1e4e6e9 docs: v7 using npm config refresh
- 5c1c2da fix: init config aliases
- 5bc7eb2 docs: v7 npm-install refresh
- 1a35d87 7.0.0-rc.4
- 7a5a557 docs: changelog for v7.0.0-rc.4
- f0cf859 chore: dedupe deps
- 0273745 [email protected]
- 7bd47ca @ npmcli/[email protected]
- 9320b8e only escape arguments, not the command name
Package name: universal-analytics
The new version differs by 13 commits.- 4736a56 Version 0.5
- 6444683 Merge branch 'lekoaf-feat/inline-request'
- eef566e Merge branch 'feat/inline-request' of https://github.com/lekoaf/universal-analytics into lekoaf-feat/inline-request
- 286a398 Merge pull request #134 from adityapatadia/patch-1
- d086cea Merge pull request #138 from mantacode/master
- 1229f36 Merge pull request #154 from johndpope/patch-1
- f4ffe5c Merge pull request #165 from AhmadIbrahiim/patch-1
- 980a576 Update README.md
- 3f24484 Update README.md
- 8d14502 feat: Use own version of request library
- 216b205 Better naming and updated docs
- 4ae354e Add option to change the name of the visitor instance on request object from the default "req.visitor"
- 54acd95 added nodejs 10 and 12 in travis tests
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution
