cli-edgeworkers icon indicating copy to clipboard operation
cli-edgeworkers copied to clipboard

Published 20 hours ago verified publisher icon akamai

[Snyk] Security upgrade crypto-js from 4.1.1 to 4.2.0

Open hkambham opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 716/1000
Why? Recently disclosed, Has a fix available, CVSS 8.6		 Use of Weak Hash
SNYK-JS-CRYPTOJS-6028119		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: crypto-js The new version differs by 23 commits.
  • ac34a5a Merge branch 'release/4.2.0' into develop
  • d5af3ae Update release notes.
  • 9496e07 Bump version.
  • 421dd53 Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.
  • d1f4f4d Update grunt.
  • 1da3dab Discontinued
  • 4dcaa7a Merge pull request #380 from Alanscut/dev
  • 762feb2 chore: rename BF to Blowfish
  • fb81418 feat: blowfish support
  • c8a2312 Merge pull request #379 from Alanscut/dev
  • 09ee2ab feat: custom KDF hasher
  • 0229694 Merge branch 'develop' of ssh://github.com/brix/crypto-js into develop
  • df09288 Remove travis status, as travis is not used anymore.
  • 6703e79 Merge pull request #285 from paulmwatson/develop
  • d50d964 No es default param.
  • 4840268 Merge pull request #378 from Elity/develop
  • f92ddc0 Merge pull request #377 from Alanscut/dev
  • fe84967 fix: es-check error
  • ca7384f test: add test case,using salt in the config
  • dcc3848 fix:The "cfg.salt" parameter don't work
  • ecfe2e4 Update dev dependencies.
  • a4dac50 Merge branch 'release/4.1.1' into develop
  • 71ad0bc Minor typo fix: varialbes => variables

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of Weak Hash

hkambham avatar Oct 25 '23 15:10 hkambham