tockler
tockler copied to clipboard
Published
20 hours ago •
MayGo
MayGo
[Snyk] Fix for 8 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- electron/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
589/1000 Why? Has a fix available, CVSS 7.5 |
Directory Traversal SNYK-JS-MOMENT-2440688 |
No | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-OBJECTION-1582910 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-SQLITE3-2388645 |
No | Proof of Concept |
 |
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4 |
Access Restriction Bypass SNYK-JS-URLPARSE-2401205 |
No | Proof of Concept |
|
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4 |
Authorization Bypass SNYK-JS-URLPARSE-2407759 |
No | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Improper Input Validation SNYK-JS-URLPARSE-2407770 |
No | Proof of Concept |
|
631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2 |
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: objection
The new version differs by 47 commits.- f5ad7b9 v3.0.0
- 8d018f4 add 3.0 migration guide
- 2dda083 update examples to use objection 3
- 4c80295 make new test work with mysql
- 139c594 make eslint support esnext typescript target
- 5de9e2a Support esnext typescript target on latest typescript versions
- a06f9e6 Update find-methods.md
- 9a66f21 Fix a bug with typescript 4 and allowGraph
- 0ececc7 rename stuff from eager to withGraph in tests
- cef73c4 cleanup
- d8ca98a closes #2024
- 5ddccc4 add typing tests to the main test command
- f626133 rename test commands
- 4933649 support latest knex
- 8f44dd5 update deps
- 7116382 fix tests
- 90350f4 fixes #1997
- e51974d closes #1905
- eedbad0 closes #1936
- 707e561 run prettier
- aef27c1 add package lock
- 23ce2af remove deprecated methods
- 7c8a282 remove unused stuff
- 8f9a148 v3.0.0-alpha.6
Package name: sqlite3
The new version differs by 44 commits.- 573784b v5.0.3
- e5a24fd Deleted `examples/` folder
- b05f459 Added note about GitHub Releases to CHANGELOG.md
- 33d0656 Modernised Usage example in README
- 9d05c55 Fixed up more README nits
- 08d6319 Fixed link to API docs
- 0e2235a Altered wording in README
- 76b6c56 Altered README header
- e3df365 Updated README
- 426930f Enabled CI to run when pushing tags
- a21d41f Fixed uploading binaries to commit artifacts
- bc978c7 Fixed CI step wording
- 7f744a1 Added prebuilt binaries via GitHub Releases
- b4b3c3a Deleted `scripts/` directory
- 71bbdea Pinned dev dependencies (#1558)
- a597383 Updated badges in README
- 0eb4a0f Deleted Travis and Appveyor configs
- b58d341 Downgraded `mocha` and `eslint`
- f39b10d Added missing Node versions to CI
- 8db96d4 Replaced Python extraction script with JS (#1570)
- 11c988c Fixed Windows build architecture in CI
- 8e63848 Updated Windows CI runner to `windows-latest`
- d9e7d8b Fixed building on MacOS Monterey 12.3
- 859b95b Updated `node-gyp` to v8.x
Package name: url-parse
The new version differs by 19 commits.- ad23357 1.5.9
- 0e3fb54 [fix] Strip all control characters from the beginning of the URL
- 61864a8 [security] Add credits for CVE-2022-0686
- bb0104d 1.5.8
- d5c6479 [fix] Handle the case where the port is specified but empty
- 4f2ae67 [security] Add credits for CVE-2022-0639
- 8b3f5f2 1.5.7
- ef45a13 [fix] Readd the empty userinfo to `url.href` (#226)
- 88df234 [doc] Add soft deprecation notice
- 78e9f2f [security] Fix nits
- e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
- 4c9fa23 1.5.6
- 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
- e4a5807 1.5.5
- 193b44b [minor] Simplify whitespace regex
- 319851b [fix] Remove CR, HT, and LF
- 4e53a8c [doc] Document that the returned hostname might be invalid
- 9be7ee8 [fix] Correctly handle userinfo containing the at sign
- f7774f6 [security] Fix typos in SECURITY.md
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Denial of Service (DoS) 🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn
