event-backend icon indicating copy to clipboard operation
event-backend copied to clipboard

Published 20 hours ago verified publisher icon pjmolina

[Snyk] Fix for 8 vulnerabilities

Open pjmolina opened this issue 7 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 No No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 No No Known Exploit
high severity 741/1000
Why? Mature exploit, Has a fix available, CVSS 7.1		 Uninitialized Memory Exposure
npm:base64url:20180511		 Yes Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt The new version differs by 81 commits.

See the full diff

Package name: grunt-cli The new version differs by 5 commits.

See the full diff

Package name: grunt-contrib-uglify The new version differs by 27 commits.
  • a3f3f34 5.2.1
  • 3c8d904 Update Readme
  • 0850dcd update dependencies (#568)
  • c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
  • 98b4c5f Fix documentation in relation to issue #565 (#566)
  • 7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
  • e410511 Update deps, v5.1.0 (#564)
  • 2cb31be Update uglify-js to v3.15.2 (#562)
  • 12ca0f2 Fix wording in README.md (#560)
  • 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
  • 0e4b1a0 Update uglify-js (#557)
  • 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
  • 4e83e45 Update UglifyJS to 3.13.3 (#554)
  • 8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
  • 14b71da v5.0.0
  • 9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
  • 4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
  • b7bcde4 Delete .travis.yml
  • cba2631 Delete appveyor.yml
  • 3dc53f0 ini github workflow
  • f65dbb9 v4.0.1. (#535)
  • b33a071 upgrade devDependencies (#536)
  • 1e40037 upgrade to uglify-js 3.5.0 (#534)
  • 33724cd update links to uglifyJS documentation (#530)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution

pjmolina avatar Dec 01 '23 14:12 pjmolina