wololock.github.io icon indicating copy to clipboard operation
wololock.github.io copied to clipboard

Published 20 hours ago verified publisher icon wololock

[Snyk] Fix for 6 vulnerabilities

Open wololock opened this issue 8 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASHSET-1320032		 No Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Arbitrary File Read
SNYK-JS-SWIGTEMPLATES-3266805		 Yes Proof of Concept
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4		 Arbitrary Code Execution
SNYK-JS-SWIGTEMPLATES-3266806		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: hexo-deployer-git The new version differs by 14 commits.
  • 70e2c8f release: 3.0.0 (#198)
  • a431418 chore(deps-dev): bump mocha from 7.2.0 to 8.0.1 (#190)
  • d95bf33 chore(deps-dev): bump eslint from 6.8.0 to 7.1.0 (#188)
  • 751b7a7 chore(deps): bump hexo-fs from 2.0.0 to 3.0.1 (#178)
  • c312a15 chore(deps): bump hexo-util from 1.9.0 to 2.1.0 (#184)
  • 6abb97b ci: drop node 8 & add node 14 (#181)
  • d38cabd chore(deps-dev): eslint-config-hexo from 3.0.0 to 4.1.0 (#156)
  • 6e84df7 chore(deps): bump chalk from 3.0.0 to 4.0.0 (#176)
  • da86591 chore(deps-dev): bump mocha from 6.2.3 to 7.1.2 (#179)
  • 6732e1e chore: add release-drafter (#166)
  • 5468a71 Update and rename mocha.opts to .mocharc.yml
  • dcf927e Merge pull request #173 from stevenjoezhang/master
  • 2416cc4 Replace swig-templates with nunjucks
  • a4d02c9 chore(deps-dev): bump nyc from 14.1.1 to 15.0.0 (#157)

See the full diff

Package name: snyk The new version differs by 250 commits.
  • 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
  • 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
  • 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
  • 95631e7 test: migrate is-docker to jest
  • babe22a test: migrate old-snyk-format to jest
  • e22e94f feat: Snyk CLI is bundled with Webpack
  • dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
  • e7c314f Merge pull request #2178 from snyk/test/server-close
  • 5e824c0 fix(protect): skip previously patched files
  • ca2177a fix(protect): catch and log unexpected errors
  • c9ddb44 chore(protect): move api url warnings to stderr
  • e8fed38 refactor(protect): move stdout logs to top level
  • 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
  • 1522c5f test: server.close uses callbacks, not promises
  • 13dce51 test: increase timeout for slow oauth test
  • 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
  • a1e3992 chore: don't run tests on master
  • 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
  • f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
  • 1ed7d11 refactor: replace cc parser with split functions
  • 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
  • dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
  • 7973015 fix: support quoted keys in inline tables
  • 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution 🦉 Arbitrary File Read 🦉 Arbitrary Code Execution 🦉 More lessons are available in Snyk Learn

wololock avatar Nov 27 '23 14:11 wololock