owasp-threat-dragon-desktop [Snyk] Fix for 1 vulnerabilities

[Snyk] Fix for 1 vulnerabilities

Open snyk-bot opened this issue 3 years ago • 1 comments

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-installer-debian

The new version differs by 6 commits.

Package name: electron-installer-redhat

The new version differs by 14 commits.

9a9ffa3 Release 3.0.0 (#153)
9f8ccab chore: update dependencies (#151)
8962e7c Bump sinon from 7.5.0 to 8.1.0
11f7c10 Bump mocha from 6.2.2 to 7.0.0
6daae8e Bump eslint-plugin-node from 10.0.0 to 11.0.0
bff6219 Bump yargs from 14.2.1 to 15.0.1 (#141)
0c4bfc0 Add notes/exceptions about requiring RPM 4.13 (#140)
a174c7d Add dependency alternatives for OpenSuse
48b8a3f Update eslint-plugin-node requirement from ^9.1.0 to ^10.0.0 (#139)
c53ad75 Update yargs requirement from ^13.2.2 to ^14.0.0 (#135)
fb63612 Update eslint-config-standard requirement from ^13.0.0 to ^14.1.0 (#138)
f269280 Update eslint-config-standard requirement from ^12.0.0 to ^13.0.0 (#133)
65ddbc3 Update eslint requirement from ^5.16.0 to ^6.0.1 (#132)
af2d8fd fix: add openSUSE package name variant for kde-cli-tools (#131)

Package name: electron-installer-snap

The new version differs by 12 commits.

Package name: snyk

The new version differs by 250 commits.

4cc1a94 Merge pull request #2105 from snyk/feat/webpack
7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
95631e7 test: migrate is-docker to jest
babe22a test: migrate old-snyk-format to jest
e22e94f feat: Snyk CLI is bundled with Webpack
dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
e7c314f Merge pull request #2178 from snyk/test/server-close
5e824c0 fix(protect): skip previously patched files
ca2177a fix(protect): catch and log unexpected errors
c9ddb44 chore(protect): move api url warnings to stderr
e8fed38 refactor(protect): move stdout logs to top level
55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
1522c5f test: server.close uses callbacks, not promises
13dce51 test: increase timeout for slow oauth test
65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
a1e3992 chore: don't run tests on master
20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
1ed7d11 refactor: replace cc parser with split functions
707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
7973015 fix: support quoted keys in inline tables
18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Sep 16 '21 02:09 snyk-bot

:warning: We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
High	[email protected] (t) upgrade to: >1.1.0

More info on how to fix Vulnerable Libraries in JavaScript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sep 16 '21 02:09 guardrails[bot]