godaddy-dns icon indicating copy to clipboard operation
godaddy-dns copied to clipboard

Published 20 hours ago verified publisher icon lmammino

[Snyk] Fix for 17 vulnerabilities

Open lmammino opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 No No Known Exploit
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 No No Known Exploit
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 No Proof of Concept
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2		 Prototype Pollution
SNYK-JS-LODASH-567746		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-73638		 No Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Insecure Randomness
npm:cryptiles:20180710		 No No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Prototype Pollution
npm:extend:20180424		 No No Known Exploit
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:hoek:20180212		 No Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
npm:sshpk:20180409		 No Proof of Concept
medium severity 646/1000
Why? Mature exploit, Has a fix available, CVSS 5.2		 Uninitialized Memory Exposure
npm:stringstream:20180511		 No Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: request-promise The new version differs by 28 commits.
  • 4bc186d Version 4.2.6
  • 4c7d51d chore: bumped request-promise-core due to security vulnerability of lodash
  • f364ee4 docs: reference to request deprecation and alternative libs
  • 873d156 Merge pull request #341 from shisama/patch-1
  • 052331d docs: deprecate this package
  • b4dafe4 docs: fixed link
  • fd52247 Version 4.2.5
  • a27ba86 chore: updated request-promise-core that updates lodash
  • 4e3b7ed Version 4.2.4
  • 94be6fe fix: tough-cookie version
  • 03f7030 chore: updated publish-please config
  • d831905 Version 4.2.3 (now really)
  • 37e8773 fix: updated indirect lodash dependency to fix security vulnerability
  • 229225e Version 4.2.3
  • 4f27097 chore: fix ci build for node v8+
  • c535eb6 Merge pull request #299 from aomdoa/fixToughCookieDep
  • 488947b Merge branch 'master' into fixToughCookieDep
  • 131abd7 fix: breaking change in tough-cookie v3
  • b454ddc chore: added node 8 and 10 to ci build
  • 6d11ddc fix: typo
  • 3a136ea Merge pull request #303 from lexjacobs/patch-1
  • 5e32191 docs: mention of wrapped request errors
  • 2ac4f3e Update rp.js
  • 1457338 Workaround on the cookie processing test.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Command Injection 🦉 More lessons are available in Snyk Learn

lmammino avatar Feb 08 '24 18:02 lmammino