owasp-threat-dragon-desktop
owasp-threat-dragon-desktop copied to clipboard
Published
20 hours ago •
mike-goodwin
mike-goodwin
[Snyk] Fix for 2 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | Proof of Concept |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: electron-installer-debian
The new version differs by 6 commits.Package name: electron-installer-redhat
The new version differs by 14 commits.- 9a9ffa3 Release 3.0.0 (#153)
- 9f8ccab chore: update dependencies (#151)
- 8962e7c Bump sinon from 7.5.0 to 8.1.0
- 11f7c10 Bump mocha from 6.2.2 to 7.0.0
- 6daae8e Bump eslint-plugin-node from 10.0.0 to 11.0.0
- bff6219 Bump yargs from 14.2.1 to 15.0.1 (#141)
- 0c4bfc0 Add notes/exceptions about requiring RPM 4.13 (#140)
- a174c7d Add dependency alternatives for OpenSuse
- 48b8a3f Update eslint-plugin-node requirement from ^9.1.0 to ^10.0.0 (#139)
- c53ad75 Update yargs requirement from ^13.2.2 to ^14.0.0 (#135)
- fb63612 Update eslint-config-standard requirement from ^13.0.0 to ^14.1.0 (#138)
- f269280 Update eslint-config-standard requirement from ^12.0.0 to ^13.0.0 (#133)
- 65ddbc3 Update eslint requirement from ^5.16.0 to ^6.0.1 (#132)
- af2d8fd fix: add openSUSE package name variant for kde-cli-tools (#131)
Package name: electron-installer-snap
The new version differs by 27 commits.- bbb9886 5.0.0
- e618211 refactor: upgrade ava to ^3 and eslint-plugin-ava to ^10 (#66)
- c1d52de chore: add sponsor links
- 0b87b11 refactor: replace cross-spawn-promise with spawn in electron-installer-common (#65)
- a1683af build(deps): upgrade semver to ^7.1.1
- 187db94 build(deps): upgrade electron-installer-common to ^0.9.0
- e4aa5bb chore: require Node >= 10
- dcf2cf9 refactor: depend on one lodash package (#60)
- 807e4e2 Bump nyc from 14.1.1 to 15.0.0 (#52)
- ff373b0 Bump eslint-plugin-node from 10.0.0 to 11.0.0 (#55)
- b8f06c1 Bump sinon from 7.5.0 to 8.0.4 (#57)
- 630aa7a chore: fix istanbul ignore lines (#59)
- 350047c chore: switch from Travis CI to GitHub Actions (#58)
- 3010d4b build: move codecov reporting to an NPM script
- 6f4f0e9 build: use Ubuntu 18.04 in Travis CI
- 3539140 4.1.0
- 514f0ae feat: autodetect base when not specified by the user (#47)
- 4f2b890 Bump yargs from 14.2.1 to 15.0.1 (#46)
- facca67 Bump which from 1.3.1 to 2.0.1 (#44)
- 2c0381e Update eslint-plugin-ava requirement from ^8.0.0 to ^9.0.0
- ad7d55e Update cross-env requirement from ^5.2.0 to ^6.0.0
- 24aa911 Update eslint-plugin-node requirement from ^9.1.0 to ^10.0.0 (#41)
- 753d28c Update yargs requirement from ^13.2.2 to ^14.0.0 (#39)
- 1551104 Update eslint-config-standard requirement from ^13.0.0 to ^14.0.0 (#40)
Package name: snyk
The new version differs by 250 commits.- 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
- 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
- 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
- 95631e7 test: migrate is-docker to jest
- babe22a test: migrate old-snyk-format to jest
- e22e94f feat: Snyk CLI is bundled with Webpack
- dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
- e7c314f Merge pull request #2178 from snyk/test/server-close
- 5e824c0 fix(protect): skip previously patched files
- ca2177a fix(protect): catch and log unexpected errors
- c9ddb44 chore(protect): move api url warnings to stderr
- e8fed38 refactor(protect): move stdout logs to top level
- 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
- 1522c5f test: server.close uses callbacks, not promises
- 13dce51 test: increase timeout for slow oauth test
- 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
- a1e3992 chore: don't run tests on master
- 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
- f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
- 1ed7d11 refactor: replace cc parser with split functions
- 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
- dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
- 7973015 fix: support quoted keys in inline tables
- 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
:warning: We detected 1 security issue in this pull request:
Vulnerable Libraries (1)
| Severity | Details |
|---|---|
| Medium | pkg:npm/[email protected] upgrade to: 3.24.5,5.6.5,2.5.3,1.1064.0,2.31.3,2.16.2,1.24.2,1.1.6 |
More info on how to fix Vulnerable Libraries in JavaScript.
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
![guardrails[bot] avatar](https://avatars.githubusercontent.com/in/5512?v=4 "Published by a pub.dev verified publisher"){kind=small}