pump.io icon indicating copy to clipboard operation
pump.io copied to clipboard

Published 20 hours ago verified publisher icon pump-io

[Snyk] Security upgrade activitystrea.ms from 2.1.3 to 3.1.0

Open strugee opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 554/1000
Why? Has a fix available, CVSS 6.8		 Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Timing Attack
SNYK-JS-ELLIPTIC-511941		 Yes No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-73638		 Yes Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Open Redirect
SNYK-JS-NODEFORGE-2330875		 Yes Proof of Concept
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-NODEFORGE-2331908		 Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337		 Yes No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339		 Yes No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-NODEFORGE-598677		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 XML External Entity (XXE) Injection
SNYK-JS-XMLDOM-1084960		 Yes No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Improper Input Validation
SNYK-JS-XMLDOM-1534562		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Prototype Pollution
SNYK-JS-XMLDOM-3042242		 Yes No Known Exploit
critical severity 811/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.8		 Improper Input Validation
SNYK-JS-XMLDOM-3092935		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
npm:node-forge:20180226		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: activitystrea.ms The new version differs by 10 commits.
  • 3189d9d 3.1.0
  • fdb0292 3.0.0
  • cf79342 chore: fix URL in package.json
  • 2b17247 2.1.4
  • 2e415b7 chore: npm audit fix
  • 76d52a6 test: fix for language error
  • 39b93ea Merge pull request #33 from Twipped/contrib
  • 58cbd7b test: override default language so tests pass
  • 29bcde1 Dependency bumps, add basic linting, fix a few bugs, rework signature test
  • 861de4d Squashed commit.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cryptographic Issues 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Command Injection 🦉 More lessons are available in Snyk Learn

strugee avatar Jan 31 '24 05:01 strugee