cnpmjs.org
cnpmjs.org copied to clipboard
cnpm
[Snyk] Fix for 5 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | No Known Exploit |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
Yes | Proof of Concept |
 |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MINIMIST-559764 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: koa-middlewares
The new version differs by 14 commits.- 252f773 Release 6.0.0
- 3be6f96 deps: upgrade koa-onerror to 2.0.0 (#9)
- f49a6aa Release 5.0.0
- 34fc67b deps: update all dependencies
- 8e74e71 Release 4.1.0
- 94e51e8 bump dependencies
- fde10e5 Release 4.0.0
- 839a54a bump dependencies: koa-router@5
- edccf83 Release 3.1.0
- 8c6cb0d bump: koa-bodyparser
- ce743ed Release 3.0.1
- 1c762a2 bump bodyparser
- 8cb5e84 Release 3.0.0
- 47e67bc bump dependencies
Package name: rimraf
The new version differs by 52 commits.- 3b6b098 4.0.0
- e0cffea ci: reduce workload even more
- 0e6646d ci: remove unnecessary lint filter
- 546e017 update action versions
- 6d88a65 tone down benchmark intensity
- 842a8d2 fix benchmark workflow yaml
- 1b91697 chore: add copyright year to license
- 08bbb06 rewrite in TS, export hybrid, update changelog, docs
- 1b3f46e drop support for node versions below 14
- 2e1f003 gh actions workflow for benchmarks
- 52f9370 tests for retry-busy behavior
- 188e3ed don't test on very old node versions
- d1d5495 test for fix-eperm
- e7501cd prettier formatting
- 40f64ec windows: only fall back to move-remove when absolutely necessary
- b6f7819 update tap
- 99496cd test: run posix test on windows, why not?
- 51d43c1 benchmarks
- 6b8aa29 doc: correct os.tmp default
- 4b228c9 do not ever actually try to rmdir /
- 2442655 consolidate all the spellings of 'opt' into one
- d4eec2e add cli script
- 0c82d74 accept strings, arrays of strings, and no other types
- ad4f2db Do not rimraf /, override with preserveRoot:false
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS)
New and updated dependencies detected. Learn more about Socket for GitHub ↗︎
| Packages | Version | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|---|
| rimraf | 4.4.1 | filesystem, environment | +7 |
2.49 MB | isaacs |
| koa-middlewares | 2.1.0...6.0.0 | None | +129/-44 |
3.71 MB | dead_horse |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}