lets-chat [Snyk] Fix for 4 vulnerabilities

[Snyk] Fix for 4 vulnerabilities

Open saralaw1212 opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less

The new version differs by 250 commits.

e4f7551 v3.12.0
371185c v3.12.0-RC.2 (#3540)
d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
a722237 Remove lib folder from git (#3531)
e0f5c1a Move changelog to root (#3530)
f7bdce7 Duplicate dist files in root for older links (#3529)
0925cf1 Test-data module (#3525)
51fb02b Fixes #3504 / organizes tests (#3523)
efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
95b9007 Update changelog
6238bbc Fixes #3508 (#3509)
8338366 Update README.md
6313bc5 Update changelog
53bf877 Remove tree caching in import manager (#3498)
0f271f3 issue#3481 ignore missing debugInfo (#3482)
3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
0715d90 fix: Use make-dir instead of mkdirp (#3490)
2634494 Properly exit calc mode after use (#3493)
096dd22 Convert to auto-changelog (#3477)
842386b Fixes #3469 - Include tslib dependency (#3475)
1adaadb 3.11.0 (#3468)

Package name: nunjucks

The new version differs by 250 commits.

53d1223 Release v3.2.1
93129bf Replace yargs with commander
17691da Chokidar bump
40dfdf0 Remove dead link
cefb1cf Prevent optional dependency Chokidar from loading when not watching
1485a44 Add badges in README.md
2246457 Add Mozilla Code of Conduct file
ff5571c Release v3.2.0
f997a52 Add NodeResolveLoader
34b0a26 Fix syntax typos in CONTRIBUTING.md
55e0b7a Set dash as joiner element
c99154e Update faq.md
1338712 Emit 'load' events on Loader and Environment instances
057e7b3 Add test for line/column info in user-function exception
bcf38f3 Emit line and column info for functions
fbddcd5 lexer more accurately tracks token line and column information
889ef80 Add nodejs versions 10 and 11 to CI, remove 6 and 9
b828158 Fix documentation typo
1370361 v3.1.7
0a65e1f Fixes for replace example
2946fb4 Removed postinstall-build in favor of npm prepare script
9fd5bdb Add link to Plugin syntax highlighting for VSCode
68ba15c Fix bug where exceptions were silently swallowed with synchronous render
7c187ac tests: fix issue running tests on node 10.x

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Nov 28 '23 18:11 saralaw1212