[Snyk] Fix for 5 vulnerabilities #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

interrupter wants to merge 1 commit into master from snyk-fix-16f4c2fc4febb90a13fda2172500e311

Owner

interrupter commented Nov 27, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	714/1000 Why? Has a fix available, CVSS 10	Sandbox Bypass npm:constantinople:20180421	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: handlebars

The new version differs by 203 commits.

7adc19a v4.7.4
9dd8d10 Update release notes
4671c4b Use tmp directory for files written during tests
e46baa1 tasks/test-bin.js: Delete duplicate test
c491b4e Revert "Update release-notes.md"
738391a Update release-notes.md
80c4516 chore: add unit tests for cli options (#1666)
d79212a fix: migrate from optimist to yargs (#1666)
b440c38 chore: ignore external @ types in tests
2dba7ee docs: fix comparison link
c978969 v4.7.3
9278f21 Update release notes
d78cc73 Fixes spelling and punctuation
4de51fe Add Type Definition for Handlebars.VERSION, Fixes #1647
a32d05f Include Type Definition for runtime.js in Package
ad63f51 chore: add missing "await" in aws-s3 publishing code
586e672 v4.7.2
f0c6c4c Update release notes
a4fd391 chore: execute saucelabs-task only if access-key exists
9d5aa36 fix: don't wrap helpers that are not functions
14ba3d0 v4.7.1
4cddfe7 Update release notes
f152dfc fix: fix log output in case of illegal property access
3c1e252 fix: log error for illegal property access only once per property

See the full diff

Package name: pm2

The new version differs by 250 commits.

56ee2cd pm2@4.4.0
b73c61a bump CHANGELOG.md
caca206 psh
593b43c various fixes for N14
42a10f4 bump @ pm2/js-api + mocharc.yml -> mocharc.js
e41282d fixes for node 14 + shelljs
a38b6ed bump pkg
c667244 add node 14 to travis
6f704e6 Merge branch 'master' into development
5dfb667 pm2@4.3.1
9d763ed cli-table-redemption -> cli-tableau
3980bff bump cli-table-redemption
9ee8a0f pm2@4.3.0
956afe7 pm2@4.3.0-beta.1
851c44c update changelog
03d0b28 Merge pull request #4662 from Timic3/fix/common-module-import
d8a6d38 bump pm2-deploy
4d1aedf throttle cron test
8fae340 bump vizion
b097dc2 pkg.json version bump
7a5da59 drop date-fns
195eb6e drop lodash lib
526756d 4.3.0
7323438 Add .cjs (common JS) as a viable extension

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution


          fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/npm:constantinople:20180421

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet