lattice icon indicating copy to clipboard operation
lattice copied to clipboard

Published 20 hours ago verified publisher icon latticejs

[Snyk] Security upgrade systeminformation from 3.54.0 to 4.30.2

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/apollo-real-time-chart/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-SYSTEMINFORMATION-1043753		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: systeminformation The new version differs by 250 commits.
  • f828d6e 4.30.2
  • 11103a4 security update (prototype pollution prevention)
  • 73dce8d security update (prototype pollution prevention)
  • 52bbcd7 4.30.1
  • a06f209 updated docs
  • df3d51b 4.30.0
  • fc7769e get() possibility to provide params
  • 5a4e222 code cleanup
  • f4357e0 4.29.3
  • 932f962 blockdevices() catch errors adapted for just one line
  • 53e0e49 4.29.2
  • b0d6e96 blockdevices() catching errors
  • e46e775 4.29.1
  • 3f56c20 cpu(), system() better parsing Raspberry Pi revision codes
  • 6ec3bc9 4.29.0
  • 657e159 fsSize() correct fs type detection macOS (HFS, APFS, NFS)
  • eb724e6 4.28.1
  • 9ea2813 code cleanup, removing debug console.log()
  • b3eb2a5 services() handling of service names with spaces (windows)
  • db22d65 4.28.0
  • 4d2c684 graphics() added deviceName (windows)
  • e85de74 updated Raspberry PI versions
  • 5323ab8 4.27.11
  • 931feca inetChecksite() fixed vulnerability: command injection

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Nov 26 '20 03:11 snyk-bot