mocha-sidebar
mocha-sidebar copied to clipboard
maty21
[Snyk] Fix for 12 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
679/1000 Why? Has a fix available, CVSS 9.3 |
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970 |
Yes | Proof of Concept |
 |
484/1000 Why? Has a fix available, CVSS 5.4 |
Open Redirect SNYK-JS-GOT-2932019 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783 |
Yes | Proof of Concept |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Validation Bypass SNYK-JS-KINDOF-537849 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-MIXINDEEP-450212 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-SETVALUE-1540541 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-SETVALUE-450213 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: npm
The new version differs by 250 commits.- 3b4ba65 7.0.0
- bbfc75d chore: fix weird .gitignore thing that happened somehow
- 8a2d375 docs: changelog for v7.0.0
- 365f2e7 [email protected]
- fafb348 [email protected]
- 9306c68 [email protected]
- 569cd64 [email protected]
- ac9fde7 Integration code for @ npmcli/[email protected]
- 704b9cd @ npmcli/[email protected]
- 3955bb9 [email protected]
- da240ef fix: patch config.js to remove duplicate values
- 9ae45a8 [email protected]
- 41ab36d [email protected]
- c474a15 [email protected]
- efc6786 fix: make sure publishConfig is passed through
- 1e4e6e9 docs: v7 using npm config refresh
- 5c1c2da fix: init config aliases
- 5bc7eb2 docs: v7 npm-install refresh
- 1a35d87 7.0.0-rc.4
- 7a5a557 docs: changelog for v7.0.0-rc.4
- f0cf859 chore: dedupe deps
- 0273745 [email protected]
- 7bd47ca @ npmcli/[email protected]
- 9320b8e only escape arguments, not the command name
Package name: nyc
The new version differs by 21 commits.- 4a6b327 chore(release): 13.0.1
- ae5318b chore: Update istanbul dependencies. (#896)
- d0b76e2 fix: Enable es-modules by default. (#889)
- 6b6cd5e fix: add flag to allow control of intrumenter esModules option, default to looser parsing (#863)
- c325799 docs: reference babel 7 in all places (#881)
- 7483ed9 fix: use uuid/v4 to generate unique identifiers. (#883)
- 8ab1ae3 chore: update dependencies (#872)
- 52b69ef fix: Update caching-transform options. (#873)
- 624a723 chore: update dependencies (#866)
- a5818f5 chore(release): 13.0.0
- f0d98a5 docs: update README.md with babel configuration info (#860)
- 893345a feat: allow rows with 100% statement, branch, and function coverage to be skipped in text report (#859)
- f09cf02 chore: update dependencies (#855)
- d0f654c fix: source was being instrumented twice, due to upstream fix in ista⦠(#853)
- adb310c chore(release): 12.0.2
- ddc9331 fix: stop bundling istanbul-lib-instrument due to npm issue on Node 6 (#854)
- b4c325b fix: don't bundle istanbul-lib-instrument due to Node 6 issues
- 9fc20e4 chore(release): 12.0.1
- 3e087d4 chore: upgrade to version of istanbul with optional catch binding (#851)
- eaf3f70 chore(release): 12.0.0
- 19b7d21 chore: upgrade to newest version of istanbul codebase (#848)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Regular Expression Denial of Service (ReDoS) π¦ Open Redirect π¦ Validation Bypass π¦ More lessons are available in Snyk Learn
This change isβ
