Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 7 vulnerabilities #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

aliceUnhinged613
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Prototype Pollution
SNYK-JS-AJV-584908
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
Yes Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6
Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Poisoning
SNYK-JS-QS-3153490
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-Y18N-1021887
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: addons-linter The new version differs by 250 commits.
  • 58e1cd3 ⬆️ release 4.1.0
  • 819adb3 Merge mozilla/dispensary into this project (#4006)
  • 05a2c14 chore(deps): lock file maintenance (#4033)
  • b16cdd2 add script to automate l10n extraction (#4027)
  • 5879309 Pontoon: Update Dutch (nl) localization of AMO Linter
  • 4cf977f chore(deps): lock file maintenance (#4032)
  • ae72e5d chore(deps): lock file maintenance (#4031)
  • 9671f97 Pontoon: Update Vietnamese (vi) localization of AMO Linter
  • 531318f Pontoon: Update Swedish (sv-SE) localization of AMO Linter
  • 2280236 Pontoon: Update Hungarian (hu) localization of AMO Linter
  • 2c1c3c4 Pontoon: Update Ukrainian (uk) localization of AMO Linter
  • 63ff228 fix(deps): update dependency eslint-visitor-keys to v3.1.0 (#4029)
  • 3b39486 fix(deps): update dependency eslint to v8.2.0 (#4028)
  • fcb8bf8 Pontoon: Update Italian (it) localization of AMO Linter
  • 59b45a3 Pontoon: Update French (fr) localization of AMO Linter
  • 56b4e81 chore(deps): update dependency webpack to v5.62.1 (#4023)
  • aa8f306 Pontoon: Update Albanian (sq) localization of AMO Linter
  • 92b77d2 Pontoon: Update Albanian (sq) localization of AMO Linter
  • 8a1b61a Pontoon: Update German (de) localization of AMO Linter
  • 4108a8b Pontoon: Update Sorbian, Lower (dsb) localization of AMO Linter
  • 2a6efe2 Pontoon: Update Sorbian, Upper (hsb) localization of AMO Linter
  • 1342a3d Pontoon: Update Interlingua (ia) localization of AMO Linter
  • b66485b Pontoon: Update Frisian (fy-NL) localization of AMO Linter
  • ea9ca2c Pontoon: Update Chinese (Taiwan) (zh-TW) localization of AMO Linter

See the full diff

Package name: watchpack The new version differs by 179 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants