owasp-threat-dragon-desktop
owasp-threat-dragon-desktop copied to clipboard
Published
20 hours ago •
mike-goodwin
mike-goodwin
[Snyk] Security upgrade snyk from 1.295.0 to 1.518.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
778/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.7 |
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: snyk
The new version differs by 250 commits.- 8987918 Merge pull request #1781 from snyk/fix/replace-proxy
- eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
- 8045ceb test: update proxy tests for the new proxy global-agent
- 0d0c76a feat: support lowercase http_proxy envvars
- e597846 test(proxy): acceptance test for Proxy envvar settings
- 6d67579 fix: replace vulnerable proxy dependency
- 1449c57 Merge pull request #1707 from snyk/feat/snyk-fix
- 3d872fb test: assert exact errors for unsupported
- 5ebd685 Merge pull request #1777 from snyk/feat/fix-with-version-provenance
- 17e3431 Merge pull request #1778 from snyk/feat/dont-force-https
- fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
- 165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
- 77e6665 chore: lerna release with exact version
- f14819f Merge pull request #1760 from snyk/feat/support-critical-in-sarif
- b286418 feat: v1 support for previously fixed reqs.txt
- 0384020 feat: basic pip fix -r support
- f94c558 feat: include pins optionally
- 66ca77a feat: do not skip files with -r directive
- bc44f9a refactor: fix individual reqs manifest
- 6e84322 feat: fix individual file with provenance
- 9ed99f3 Merge pull request #1764 from snyk/feat/update-code-client
- c92599b Merge pull request #1774 from snyk/refactor/change-binaries-release-script
- ca508ac test: smoke test for `snyk fix`
- c68c7da feat: add @ snyk/fix as a dep
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
:warning: We detected 19 security issues in this pull request:
Vulnerable Libraries (19)
- [email protected] no patch available
- [email protected] no patch available
- [email protected] no patch available
- [email protected] no patch available
- [email protected] no patch available
-
[email protected] upgrade to
1.16.1 - [email protected] no patch available
-
[email protected] upgrade to
1.16.1 - [email protected] no patch available
- [email protected] no patch available
-
[email protected] upgrade to
1.16.1 -
[email protected] upgrade to
0.4.1 -
[email protected] upgrade to
0.4.1 - [email protected] no patch available
- [email protected] no patch available
-
[email protected] upgrade to
0.4.1 -
[email protected] upgrade to
6.3.2 - [email protected] no patch available
- y18n@unknown no patch available
More info on how to fix Vulnerable Libraries in Javascript.
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
![guardrails[bot] avatar](https://avatars.githubusercontent.com/in/5512?v=4 "Published by a pub.dev verified publisher"){kind=small}