nodeclub
nodeclub copied to clipboard

Published 20 hours ago •

Reame
Issues

[Snyk] Fix for 3 vulnerabilities

Open fengmk2 opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: data2xml

The new version differs by 2 commits.

2ee10d4 Bump the version number
09a2516 Remove tape as a dependency [fixes #21]

See the full diff

Package name: loader-builder

The new version differs by 22 commits.

3d38e6a Bump 2.7.0
89f261c upgrade dependencies
66f9228 Merge pull request #15 from sinchang-bot/patch
17f2944 Merge pull request #16 from sinchang-bot/patch-2
6cf0785 Update travis list
35707af Make the badge clear
e147812 Bump 2.6.1
f7a23cb Use fs.writeFileSync instead of
5163009 fix test cases
59cbff2 Bump 2.6.0
317bc68 Improve uglify to support ES syntax
3299f52 fix test cases
a38802b Update travis list
c8bc250 update document
1855604 Bump 2.5.0
f413131 improve documentation
e34f168 增加--no-debug的说明
382a7b5 Merge pull request #12 from JacksonTian/nodebug
28a410f fix test case for new babel transform
b524b47 update traivis config
f910c32 refine make file
282b60d Add --no-debug switch

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution

Dec 01 '23 15:12 fengmk2