MirrorOS
MirrorOS copied to clipboard
Published
20 hours ago •
wassgha
wassgha
[Snyk] Fix for 40 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
-
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
-
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9 |
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181 |
No | Proof of Concept |
 |
344/1000 Why? Has a fix available, CVSS 2.6 |
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-IMMER-1019369 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-IMMER-1540542 |
Yes | Proof of Concept |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LOADERUTILS-3043105 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept |
|
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept |
|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Directory Traversal SNYK-JS-MOMENT-2440688 |
No | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238 |
No | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Certificate Validation SNYK-JS-NODESASS-1059081 |
Yes | No Known Exploit |
 |
715/1000 Why? Has a fix available, CVSS 9.8 |
Use After Free SNYK-JS-NODESASS-535497 |
No | No Known Exploit |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
Denial of Service (DoS) SNYK-JS-NODESASS-542662 |
No | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Command Injection SNYK-JS-REACTDEVUTILS-1083268 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884 |
Yes | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840 |
No | No Known Exploit |
|
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062 |
No | Proof of Concept |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JS-SOCKJS-575261 |
No | Proof of Concept |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536528 |
Yes | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536531 |
Yes | No Known Exploit |
|
410/1000 Why? Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579147 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579152 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579155 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366 |
No | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835 |
No | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-YARGSPARSER-560381 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: axios
The new version differs by 166 commits.- e367be5 [Releasing] 0.21.3
- 83ae383 Correctly add response interceptors to interceptor chain (#4013)
- c0c8761 [Updating] changelog to include links to issues and contributors
- 619bb46 [Releasing] v0.21.2
- 82c9455 Create SECURITY.md (#3981)
- 5b45711 Security fix for ReDoS (#3980)
- 5bc9ea2 Update ECOSYSTEM.md (#3817)
- e72813a Fixing README.md (#3818)
- e10a027 Fix README typo under Request Config (#3825)
- e091491 Update README.md (#3936)
- b42fbad Removed un-needed bracket
- 520c8dc Updating CI status badge (#3953)
- 4fbeecb Adding CI on Github Actions. (#3938)
- e9965bf Fixing the sauce labs tests (#3813)
- dbc634c Remove charset in tests (#3807)
- 3958e9f Add explanation of cancel token (#3803)
- 69949a6 Adding custom return type support to interceptor (#3783)
- 49509f6 Create FUNDING.yml (#3796)
- 199c8aa Adding parseInt to config.timeout (#3781)
- 94fc4ea Adding isAxiosError typeguard documentation (#3767)
- 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
- a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
- 59fa614 [Updated] follow-redirects to the latest version (#3771)
- 7821ed2 Feat/json improvements (#3763)
Package name: node-sass
The new version differs by 121 commits.- 3b556c1 7.0.2
- c716359 Bump sass-graph@^4.0.1 (#3292)
- 24741b3 docs(readme): fix docpad plugin link
- 1523330 feat: Drop Node 12
- 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
- 1456114 build(deps): bump actions/upload-artifact from 2 to 3
- b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
- e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
- 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
- 29e2344 build(deps): bump actions/checkout from 2 to 3
- 85b0d22 build(deps): bump actions/setup-node from 2 to 3
- 3bb51da Use make-fetch-happen instead of request (#3193)
- adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
- 77d12f0 chore: disable Apline for Node 16/17 builds
- 308d533 ci: use Python 3 for Node 12
- c818907 ci: unpin actions/setup-node to v2
- 99242d7 7.0.1
- 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
- c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
- 918dcb3 Lint fix
- 0a21792 Set rejectUnauthorized to true by default (#3149)
- e80d4af chore: Drop EOL Node 15 (#3122)
- d753397 feat: Add Node 17 support (#3195)
- dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
Package name: socket.io-client
The new version differs by 19 commits.- de2ccff chore(release): 2.4.0
- e9dd12a chore: bump engine.io-client version
- 7248c1e ci: migrate to GitHub Actions
- 4631ed6 chore(release): 2.3.1
- 7f73a28 test: fix tests in IE
- 67c54b8 chore: bump engine.io-parser and socket.io-parser
- 15a52ab test: remove arrow function (for now)
- 050108b fix: fix reconnection after opening socket asynchronously (#1253)
- b570025 chore: bump engine.io-client and downgrade debug
- 1fb1b78 chore: remove unused dependencies
- 0c39f14 docs: add section about Debug / logging on the client side (#1278)
- 6ce02ee docs: add server port in the example (#1359)
- f4a4d89 chore: update package-lock.json file
- 3c1d860 chore: bump component-emitter dependency (#1376)
- b7dbbd2 test: fix race condition in the tests
- 661f1e7 [chore] Release 2.3.0
- 71d7b79 [chore] Bump engine.io-client to version 3.4.0
- 8b4a539 [docs] Add CDN link (#1318)
- 40cf185 [ci] use Node.js 10 for compatibility with Gulp v3
With a Snyk patch:
| Severity | Priority Score (*) | Issue | Exploit Maturity |
|---|---|---|---|
|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Server-Side Request Forgery (SSRF) 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn
