pythonVSCode
pythonVSCode copied to clipboard
DonJayamanne
[Snyk] Fix for 10 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
619/1000 Why? Has a fix available, CVSS 8.1 |
Prototype Pollution SNYK-JS-AJV-584908 |
No | No Known Exploit |
|
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
No | No Known Exploit |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
No | Proof of Concept |
 |
596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5 |
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: azure-storage
The new version differs by 52 commits.- 30a84ff Merge pull request #711 from EmmaZhu/readme
- 9c91937 Remove details about of the readme to only redirect to latest storage JS SDKs and indicate that the package is deprecated.
- 1f29b33 Merge pull request #708 from EmmaZhu/migrationguide
- dc4a53b Add migration guide link into readme.
- a1d23d4 Merge pull request #707 from ramya-rao-a/patch-4
- f40c22d Indicate that azure-storage is legacy package
- 2571d0f Merge pull request #705 from EmmaZhu/dependencies
- 3eaa32a Update dependency mark to make it use more recent version automatically.
- 34aabd8 Merge pull request #706 from ramya-rao-a/patch-2
- 2e530df Bring more attention to the note on newer packages
- ad8472f Merge pull request #702 from EmmaZhu/master
- ddc7e8b Upgrade json-schema to 0.4.0. fixed an issue where customized retry interval doesn't take effact.
- 7a42c7b Merge pull request #699 from Azure/dependabot/npm_and_yarn/validator-13.7.0
- 5c5f836 Bump validator from 13.6.0 to 13.7.0
- c422631 Merge pull request #695 from EmmaZhu/validator
- cf37807 Update package version to 2.10.5
- 35676b4 Upgrade validator 13.6.0.
- c2656be Merge pull request #684 from Azure/dependabot/npm_and_yarn/lodash-4.17.21
- d813bde Merge pull request #690 from Azure/dependabot/npm_and_yarn/postcss-7.0.36
- 58c92d1 Bump lodash from 4.17.19 to 4.17.21
- b120cd5 Merge pull request #692 from Azure/dependabot/npm_and_yarn/path-parse-1.0.7
- 0036af3 Merge pull request #682 from Azure/dependabot/npm_and_yarn/handlebars-4.7.7
- 92dac84 Merge pull request #681 from Azure/dependabot/npm_and_yarn/grunt-1.3.0
- 9efb7bc Merge pull request #674 from Azure/dependabot/npm_and_yarn/elliptic-6.5.4
Package name: vscode-extension-telemetry
The new version differs by 83 commits.- 21d7c13 Missed a place bumping the version
- 41bc647 Update version for release
- c561107 Lower target to support more legacy codebases
- 4911887 Fix #88
- 1551186 Update build to node LTS
- 081c624 Remove whitespace expansion due to perf reasons
- 188ee72 Merge pull request #73 from radeksimko/f-collect-arch
- ddeafdb common.arch -> common.nodeArch
- 4d7a45b common: Collect architecture as a common property
- bdbab89 Remove first party explicitness from readme
- 068ddd9 Fix compilation
- 1ca205c Update level enum
- e0f1cca Bump version to prepare for a release
- 389b8b2 Fix #76
- 0e1a889 Switch to npm 6
- 1099714 Update package.json with new esbuild
- 7174c44 Merge pull request #75 from radeksimko/f-raw-telemetry-event
- 92d1291 rename: TelemetryRawEventProperties -> RawTelemetryEventProperties
- c3ea7fc simplify object notation
- c4d17f1 Add codespaces as a remote authority
- 91e1e18 fix typo Telemtry -> Telemetry
- 7d2d3e4 Introduce 'sendRawTelemetryEvent'
- bb8286d Run on macos latest
- 7bf72ee Update ansi regex
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Arbitrary Code Injection
