polymath-core icon indicating copy to clipboard operation
polymath-core copied to clipboard

Published 20 hours ago verified publisher icon PolymathNetwork

[Snyk] Fix for 1 vulnerabilities

Open knanjukutty-polymath opened this issue 10 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 170/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: solidity-coverage The new version differs by 122 commits.
  • fe113b6 0.7.0
  • 4980e2a Update README for 0.7.0 Release (#463)
  • 67a3a78 Add solc 0.6.x integration mocks (#461)
  • d6b86fa Merge pull request #460 from sc-forks/beta
  • fd0735a Merge branch 'master' into beta
  • ce77d3b Fix saving on Windows OS (#459)
  • 4567465 Add buidler readme (#456)
  • 1b47ecf Use consistent naming in examples
  • 1ea44ea Fix broken import test using Truffle 5.1.2 (#454)
  • 212c88f Merge pull request #421 from sc-forks/buidler-plugin
  • 28ab3d2 More API docs cleanup
  • c1d9ea1 Improve API docs overview (#452)
  • f7603ac Use recursive-readdir to resolve test files (#451)
  • 40c7ce3 Add imports only test, fix instrumenter (#450)
  • e25728a Allow Truffle V4 style solc config (#449)
  • d9af5ac Gracefully overwrite eth-gas-reporter (#448)
  • f2cdb63 Add API documentation (#447)
  • 25fd077 Update script seds for oz framework (#446)
  • 3612a81 Make api require-able, expose plugin utils (#445)
  • f87c274 Rename the dist folder 'plugins' (#444)
  • 653fc51 Stop camel-casing testfiles flag (#443)
  • 97de9c6 Add builder-ethers test to CI (#441)
  • 4f73e15 Add buidler config and run info (#440)
  • 33b33f9 Moloch E2E (#439)

See the full diff

Package name: web3-provider-engine The new version differs by 107 commits.
  • 059471b Release 16.0.7 (#462)
  • 55ddea0 fix(etherscan,rpc): fix require of @ cypress/request (#459)
  • 06ac733 Release 16.0.6 (#449)
  • d0d93b9 devDeps: bump babel packages (#450)
  • e131674 ci: run on ubuntu-latest(22.04) instead of ubuntu-20.04 (#448)
  • 843d875 refresh yarn.lock (#451)
  • c850d58 deps: ws@^5.1.1->^7.5.9 (#446)
  • 9ff7230 docs: New package names for @ metamask/json-rpc-engine and @ metamask/eth-json-rpc-middleware (#440)
  • adbc7a4 ci: test major node versions 12,14,16,18,20 (#443)
  • f5a78a9 fix(suproviders/filters): Rename class from SubsciptionsSubProvider to FiltersSubProvider (#442)
  • aa03299 deps: switch from request to @ cypress/request (#441)
  • 8ee6004 Bump cached-path-relative from 1.0.2 to 1.1.0 (#403)
  • 0d705a3 Bump word-wrap from 1.2.3 to 1.2.4 (#437)
  • 9ac79a4 Bump http-cache-semantics from 4.1.0 to 4.1.1 (#429)
  • cf612f8 Bump cookiejar from 2.1.3 to 2.1.4 (#428)
  • 2509e6a Release 16.0.5 (#427)
  • 25563f2 Replace scrypt with scryptsy (#425)
  • 18bd6cd chore: update dependencies eth-block-tracker to 5.0.1 (#409)
  • 9b8fd02 Bump decode-uri-component from 0.2.0 to 0.2.2 (#420)
  • 4984566 Bump minimatch from 3.0.4 to 3.1.2 (#423)
  • 963a76c Bump express from 4.17.1 to 4.18.2 (#422)
  • 763803f Bump qs from 6.5.2 to 6.5.3 (#421)
  • e835b80 Bump shell-quote from 1.7.2 to 1.7.3 (#416)
  • cdcf608 Communicate project status in README (#413)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

knanjukutty-polymath avatar Apr 17 '24 07:04 knanjukutty-polymath