cli-edgeworkers icon indicating copy to clipboard operation
cli-edgeworkers copied to clipboard

Published 20 hours ago verified publisher icon akamai

[Snyk] Fix for 7 vulnerabilities

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 No No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 No No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 No No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 No No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 No No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 No No Known Exploit
Commit messages
Package name: tar The new version differs by 27 commits.
  • 3e35515 4.4.18
  • 52b09e3 fix: prevent path escape using drive-relative paths
  • bb93ba2 fix: reserve paths properly for unicode, windows
  • 2f1bca0 fix: prune dirCache properly for unicode, windows
  • 9bf70a8 4.4.17
  • 6aafff0 fix: skip extract if linkpath is stripped entirely
  • 5c5059a fix: reserve paths case-insensitively
  • fd6accb 4.4.16
  • 53cea6e tests: run (and pass) on windows
  • 166cfc0 fix: refactoring to pass tests on Windows
  • ce5148e fix: refactoring to pass tests on Windows
  • 3f2e2da fix: normalize paths on Windows systems
  • e29a665 fix: properly prefix hard links
  • fd2a38d chore: WriteEntry cleaner write() handling
  • 7b2acc5 update deps
  • 83bb22c WriteEntry backpressure
  • 0dcc5b2 chore: track fs state on WriteEntry class, not in arguments
  • adf3511 Avoid an unlikely but theoretically possible redos
  • d688cad fix: properly handle top-level files when using strip
  • ea6f254 unpack: keep path reservations longer
  • b2a97e1 Address unpack race conditions using path reservations
  • f0fe3aa basic path reservation system
  • 843c897 4.4.15
  • 46fe350 Remove paths from dirCache when no longer dirs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 26 '22 16:01 snyk-bot