owasp-threat-dragon-desktop [Snyk] Fix for 6 vulnerabilities

[Snyk] Fix for 6 vulnerabilities

Open mike-goodwin opened this issue 1 year ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
464/1000 Why? Has a fix available, CVSS 5	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-570058	No	No Known Exploit
756/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.7	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-572020	No	Proof of Concept
631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-installer-debian

The new version differs by 6 commits.

Package name: electron-installer-redhat

The new version differs by 14 commits.

9a9ffa3 Release 3.0.0 (#153)
9f8ccab chore: update dependencies (#151)
8962e7c Bump sinon from 7.5.0 to 8.1.0
11f7c10 Bump mocha from 6.2.2 to 7.0.0
6daae8e Bump eslint-plugin-node from 10.0.0 to 11.0.0
bff6219 Bump yargs from 14.2.1 to 15.0.1 (#141)
0c4bfc0 Add notes/exceptions about requiring RPM 4.13 (#140)
a174c7d Add dependency alternatives for OpenSuse
48b8a3f Update eslint-plugin-node requirement from ^9.1.0 to ^10.0.0 (#139)
c53ad75 Update yargs requirement from ^13.2.2 to ^14.0.0 (#135)
fb63612 Update eslint-config-standard requirement from ^13.0.0 to ^14.1.0 (#138)
f269280 Update eslint-config-standard requirement from ^12.0.0 to ^13.0.0 (#133)
65ddbc3 Update eslint requirement from ^5.16.0 to ^6.0.1 (#132)
af2d8fd fix: add openSUSE package name variant for kde-cli-tools (#131)

Package name: electron-installer-snap

The new version differs by 27 commits.

bbb9886 5.0.0
e618211 refactor: upgrade ava to ^3 and eslint-plugin-ava to ^10 (#66)
c1d52de chore: add sponsor links
0b87b11 refactor: replace cross-spawn-promise with spawn in electron-installer-common (#65)
a1683af build(deps): upgrade semver to ^7.1.1
187db94 build(deps): upgrade electron-installer-common to ^0.9.0
e4aa5bb chore: require Node >= 10
dcf2cf9 refactor: depend on one lodash package (#60)
807e4e2 Bump nyc from 14.1.1 to 15.0.0 (#52)
ff373b0 Bump eslint-plugin-node from 10.0.0 to 11.0.0 (#55)
b8f06c1 Bump sinon from 7.5.0 to 8.0.4 (#57)
630aa7a chore: fix istanbul ignore lines (#59)
350047c chore: switch from Travis CI to GitHub Actions (#58)
3010d4b build: move codecov reporting to an NPM script
6f4f0e9 build: use Ubuntu 18.04 in Travis CI
3539140 4.1.0
514f0ae feat: autodetect base when not specified by the user (#47)
4f2b890 Bump yargs from 14.2.1 to 15.0.1 (#46)
facca67 Bump which from 1.3.1 to 2.0.1 (#44)
2c0381e Update eslint-plugin-ava requirement from ^8.0.0 to ^9.0.0
ad7d55e Update cross-env requirement from ^5.2.0 to ^6.0.0
24aa911 Update eslint-plugin-node requirement from ^9.1.0 to ^10.0.0 (#41)
753d28c Update yargs requirement from ^13.2.2 to ^14.0.0 (#39)
1551104 Update eslint-config-standard requirement from ^13.0.0 to ^14.0.0 (#40)

Package name: owasp-threat-dragon-core

The new version differs by 65 commits.

6faa383 version 1.3
e7bb028 [Snyk] Upgrade json-rules-engine from 3.0.2 to 3.1.0
bc930cf Merge pull request #44 from OWASP/snyk-upgrade-99c7c23007169f5d55cc916b6e73e110
f36e0d6 Merge pull request #43 from OWASP/snyk-upgrade-ff4efe8d5350514e63f2a5e04156a1e4
d2688d0 fix: upgrade angular-route from 1.7.8 to 1.7.9
4797841 fix: upgrade toastr from 2.1.2 to 2.1.4
f4c06c0 fix: upgrade json-rules-engine from 3.0.2 to 3.1.0
6fcfec7 add LGTM badge
3387cfa Update CI tests (#41)
be163b2 Update packages for security fixes (#40)
804e950 Add advice on env vars
896eb17 instructions are now comments
a7f4cae Update readme for the security policy
8ac02f8 Create SECURITY.md
b28ed15 improve links in contributing page
d3c1337 make pull request template same as other repos
db0d7fe Merge pull request #37 from OWASP/add-contributing-page
b29581c FAQs link update
6e5b894 Small addition to contribution.md
d3bae64 Update PULL_REQUEST_TEMPLATE.md
251302c Update README.md
e64f208 Update PULL_REQUEST_TEMPLATE.md
5ee6fd2 Create CONTRIBUTING.md
3782b54 Create PULL_REQUEST_TEMPLATE.md