Server icon indicating copy to clipboard operation
Server copied to clipboard

Published 20 hours ago verified publisher icon MediaButler

[Snyk] Fix for 7 vulnerabilities

Open vertig0ne opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 No Proof of Concept
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 No No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios-cache-adapter The new version differs by 102 commits.
  • b49888c chore(package): Bump to 2.5.0
  • fa294ee chore(package): Remove es6.object.to-string built-in exclusion and re-build
  • 9046168 List Axios as a peer dependency so it is not bundled twice by co… (#114)
  • 93e2d83 Replace expensive lodash calls with native functions (cont. #115) (#132)
  • 7d5efd9 chore(package): bump version to 2.4.1
  • 2a462d8 chore(typings): Add simple TypeDefinition for RedisStore (#111)
  • 0b6f7bb chore(readme): Update info about browser vs node
  • 5fe855a chore(package): Bump version to 2.4.0
  • 390d968 chore(dist): Rebuild
  • e62e3aa fix(package): Lock axios version to 0.18.1 (#109)
  • 56a871e Implement RedisStore (#98)
  • 22e7ba0 move `cache-control-esm` to `dependencies` (#108)
  • e0c6ed7 fix(travis): Fix Ubuntu 16 builds by adding libgconf-2-4 to addons
  • 6d176fd Update README.md (#106)
  • 64ac601 chore(bower): Update version (#102)
  • 547ffa2 chore(package): Update version (#101)
  • 62498a3 Update axios-cache-adapter.d.ts (#100)
  • 70fc386 chore(package): Update version to 2.3.2
  • 0a14086 chore(typings): add .d.ts file in the npm package (#93)
  • 9addeac chore(package): Update version to 2.3.1 and rebuild dist
  • 4d16b7f fix(build): Use forked version of cache-control and change webpack config (#91)
  • 923dccf Add Typescript Support (#87)
  • af9808c Add class transform to babel config (#80)
  • a3c0953 fix config.expires setup in case maxAge equal 0 (#83)

See the full diff

Package name: npm The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Open Redirect 🦉 Server-side Request Forgery (SSRF) 🦉 More lessons are available in Snyk Learn

vertig0ne avatar Nov 28 '23 14:11 vertig0ne