Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: lodash, jsonpath, , , chalk, dockerode, fs-extra, generate-password, open, ora, puppeteer, tar, tslib #85

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

seansund
Copy link
Member

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

lodash
from 4.17.19 to 4.17.21 | 2 versions ahead of your current version | 4 years ago
on 2021-02-20
jsonpath
from 1.0.2 to 1.1.1 | 2 versions ahead of your current version | 3 years ago
on 2021-04-01
@ibmgaragecloud/cloud-native-toolkit-cli
from 0.5.10 to 0.5.11 | 1 version ahead of your current version | 4 years ago
on 2020-08-05
@types/jest
from 26.0.7 to 26.0.24 | 17 versions ahead of your current version | 3 years ago
on 2021-07-06
chalk
from 4.1.0 to 4.1.2 | 2 versions ahead of your current version | 3 years ago
on 2021-07-30
dockerode
from 3.2.1 to 3.3.5 | 6 versions ahead of your current version | 2 years ago
on 2023-03-12
fs-extra
from 9.0.1 to 9.1.0 | 1 version ahead of your current version | 4 years ago
on 2021-01-19
generate-password
from 1.5.1 to 1.7.1 | 4 versions ahead of your current version | a year ago
on 2023-10-18
open
from 7.1.0 to 7.4.2 | 7 versions ahead of your current version | 4 years ago
on 2021-02-16
ora
from 4.0.5 to 4.1.1 | 2 versions ahead of your current version | 4 years ago
on 2020-08-07
puppeteer
from 5.2.1 to 5.5.0 | 5 versions ahead of your current version | 4 years ago
on 2020-11-16
tar
from 6.0.2 to 6.2.1 | 21 versions ahead of your current version | 6 months ago
on 2024-03-21
tslib
from 2.0.0 to 2.7.0 | 18 versions ahead of your current version | 21 days ago
on 2024-08-23

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-LODASH-567746
731 Proof of Concept
high severity Command Injection
SNYK-JS-SSH2-1656673
731 No Known Exploit
high severity Code Injection
SNYK-JS-LODASH-1040724
731 Proof of Concept
medium severity Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
731 Proof of Concept
medium severity Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
731 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
731 Proof of Concept
Release notes
Package name: lodash from lodash GitHub release notes
Package name: jsonpath from jsonpath GitHub release notes
Package name: @ibmgaragecloud/cloud-native-toolkit-cli
  • 0.5.11 - 2020-08-05
  • 0.5.10 - 2020-07-29
from @ibmgaragecloud/cloud-native-toolkit-cli GitHub release notes
Package name: @types/jest
  • 26.0.24 - 2021-07-06
  • 26.0.23 - 2021-04-26
  • 26.0.22 - 2021-03-25
  • 26.0.21 - 2021-03-17
  • 26.0.20 - 2021-01-07
  • 26.0.19 - 2020-12-10
  • 26.0.18 - 2020-12-08
  • 26.0.17 - 2020-12-08
  • 26.0.16 - 2020-12-01
  • 26.0.15 - 2020-10-20
  • 26.0.14 - 2020-09-16
  • 26.0.13 - 2020-09-02
  • 26.0.12 - 2020-08-31
  • 26.0.11 - 2020-08-31
  • 26.0.10 - 2020-08-14
  • 26.0.9 - 2020-08-05
  • 26.0.8 - 2020-07-31
  • 26.0.7 - 2020-07-23
from @types/jest GitHub release notes
Package name: chalk from chalk GitHub release notes
Package name: dockerode from dockerode GitHub release notes
Package name: fs-extra from fs-extra GitHub release notes
Package name: generate-password from generate-password GitHub release notes
Package name: open from open GitHub release notes
Package name: ora from ora GitHub release notes
Package name: puppeteer
  • 5.5.0 - 2020-11-16

    v5.5.0 (2020-11-16)

    Features

    Bug Fixes

    • common: fix generic type of _isClosedPromise (#6579) (122f074)
    • domworld: fix missing binding for waittasks (#6562) (67da1cf)
  • 5.4.1 - 2020-10-27

    Bug fixes

    • Fixed an issue in 5.4.0 on Node.js v10.17.0 and below where trying to access fs.promises would throw an error. See #6548 for the bug report and #6550 for the fix. We now run a CI build on Node 10.15 to ensure we don't cause similar regressions in the future.

    Raw notes

    520cd90 - chore: mark version 5.4.1
    8f4a79e - docs(troubleshooting): update Alpine Chromium version (#6529)
    e45acce - chore: run unit tests on node 10.15 + fix fs.promises access (#6550)
    a2175c6 - docs(queryhandler): fix link (#6543)
    d787865 - chore: bump version to v5.4.0-post (#6544)

  • 5.4.0 - 2020-10-23

    Feature changes

    Custom query handler API

    The custom query handler support is no longer marked as experimental. The API has been updated to:

    puppeteer.registerCustomQueryHandler(name: string, queryHandler: CustomQueryHandler): void;
    puppeteer.unregisterCustomQueryHandler(name: string): void;
    puppeteer.customQueryHandlerNames(): string[];
    puppeteer.clearCustomQueryHandlers(): void;

    New built-in query handlers

    Puppeteer now ships with two built-in handlers: aria and pierce:

    • The aria handler (#6307) allows querying elements based on the accessibility tree.
    • The pierce handler (#6509) pierces shadow roots while querying for a CSS selector.

    Roll Chromium 87.0.4272.0 (r809590)

    Behind the scenes

    • We now enforce Conventional Commits through commitlint (#6483)
    • We've started work towards automating the release process. This work can be tracked in #6482.

    Raw notes

    5e5fed1 - fix: ignore spurious bindingCalled events (#6538)
    e6b8c77 - chore: fix travis config (#6537)
    c756fb4 - fix(utils): typo fix (#6522)
    f63a123 - chore(agnostification): agnostify web socket connections (#6520)
    c2c2bb7 - chore(agnostification): common/helper.ts (#6515)
    637a1f7 - chore: gitignore new-docs (#6511)
    e655bb6 - chore(agnostification): split up root Puppeteer class (#6504)
    f3086d7 - fix(launcher): support relative userDataDir on headless Windows (#6506)
    8fabe32 - feat(queryhandler): add built-in pierce handler (#6509)
    f04bec5 - chore: update eslint & eslint plugins (#6487)
    4846b87 - chore(agnostification): split up launcher class (#6484)
    1ed38af - chore(node): move install.ts into node/ (#6490)
    e94a1e8 - chore: bump misc dependencies (#6488)
    936ccdc - chore: enforce Conventional Commits through commitlint (#6483)
    502ed8c - chore(agnostify): Create Node and Web initializer. (#6477)
    3afe193 - feat(a11y-query): extend aria handler with waitFor (#6472)
    cc7f1fd - docs(queryhandler): add custom query handler docs (#6476)
    70ed875 - fix(queryhandler) only expose custom handlers (#6475)
    950ae33 - feat(a11y-query): aria query handler sans waitfor (#6459)
    41ef3ee - fix: update preferences in default Firefox profile (#6465)
    9275653 - docs(examples): update selector for search example (#6471)
    49f25e2 - feat(chromium) roll Chromium to r809590 (#6458)
    4cdbebe - chore: disable firefox windows launcher test until Nov (#6451)
    75e3fb0 - docs(api): fix some outdated links (#6450)
    caa9a1c - chore(agnostic): Remove use of util.promisify (#6446)
    96f3d43 - feat(console): expose stack trace for console messages (#6445)
    322cc96 - chore: remove npm run test-types call (#6447)
    72fe86f - feat(a11y-query): introduce internal handlers (#6437)
    1396c9d - chore: bump version to v5.3.1-post (#6440)
    11ab402 - fix: add mime dependency back to fix build (#6441)

  • 5.3.1 - 2020-09-22

    Highlights

    • New API: page.emulateIdleState(...) (#6410)

    Raw notes

    c7d32cb - chore: mark version v5.3.1 (#6439)
    8f3171a - feat(permissions): Add idle-detection permission (#6438)
    083ea41 - test(frame): correct terminology in URL fragment test (#6416)
    bb1c521 - chore: remove mime dependency (#6415)
    17960e5 - feat(page): emulate idle state (#6410)
    03e41da - chore: bump version to v5.3.0-post (#6413)

  • 5.3.0 - 2020-09-11

    Highlights

    • Chromium 86.0.4240.0 (r800071)
    • Support configuring the browser download path through PUPPETEER_DOWNLOAD_PATH (#6014)
    • New API: page.waitForTimeout and subsequently, frame.waitForTimeout (#6268)
    • Deprecated API: page.waitFor and frame.waitFor (#6268)

    Raw notes

    030fcaa - chore: mark version v5.3.0 (#6412)
    4ce600a - chore: Remove target debug-unit and add unit-debug (#6411)
    62ac167 - feat(chromium): roll Chromium to r800071 (#6407)
    35cfbe1 - docs(troubleshooting.md): updated commands (#6296)
    ce6ae35 - doc(contributing): add info on bisecting upstream changes (#6402)
    e22ca4c - chore: extend Firefox launch test deadline by a month (#6403)
    2470d1e - chore: update documentation on rolling chromium (#6399)
    b6bbfd0 - fix: ensure frame.url() includes the query string (#6398)
    7b24e54 - fix: revise interesting classification for AXNodes (#6334)
    13ea347 - feat: support configuring the browser download path (#6014)
    615cd37 - chore: use https URL for license info (

Snyk has created this PR to upgrade:
  - lodash from 4.17.19 to 4.17.21.
    See this package in npm: https://www.npmjs.com/package/lodash
  - jsonpath from 1.0.2 to 1.1.1.
    See this package in npm: https://www.npmjs.com/package/jsonpath
  - @ibmgaragecloud/cloud-native-toolkit-cli from 0.5.10 to 0.5.11.
    See this package in npm: https://www.npmjs.com/package/@ibmgaragecloud/cloud-native-toolkit-cli
  - @types/jest from 26.0.7 to 26.0.24.
    See this package in npm: https://www.npmjs.com/package/@types/jest
  - chalk from 4.1.0 to 4.1.2.
    See this package in npm: https://www.npmjs.com/package/chalk
  - dockerode from 3.2.1 to 3.3.5.
    See this package in npm: https://www.npmjs.com/package/dockerode
  - fs-extra from 9.0.1 to 9.1.0.
    See this package in npm: https://www.npmjs.com/package/fs-extra
  - generate-password from 1.5.1 to 1.7.1.
    See this package in npm: https://www.npmjs.com/package/generate-password
  - open from 7.1.0 to 7.4.2.
    See this package in npm: https://www.npmjs.com/package/open
  - ora from 4.0.5 to 4.1.1.
    See this package in npm: https://www.npmjs.com/package/ora
  - puppeteer from 5.2.1 to 5.5.0.
    See this package in npm: https://www.npmjs.com/package/puppeteer
  - tar from 6.0.2 to 6.2.1.
    See this package in npm: https://www.npmjs.com/package/tar
  - tslib from 2.0.0 to 2.7.0.
    See this package in npm: https://www.npmjs.com/package/tslib

See this project in Snyk:
https://app.snyk.io/org/seansund/project/53aa0d30-7bbe-44c2-a951-730b0775f54e?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants