[Snyk] Fix for 5 vulnerabilities #99

devinpearson · 2022-10-08T16:45:10Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
521/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mymonero/mymonero-exchange-helper

The new version differs by 13 commits.

8da2b8d chore: update comment
3823346 v1.3.3
a57c6ef chore: remove unnecessary package lock
f742dd8 chore: clean up debug output
f380530 v1.3.2
1ff6504 v1.3.1
f8329f7 Merge pull request QR Code works on desktop, not on mobile app #41 from mymonero/refactor-deprecated-guardarian-field
81fa290 Merge pull request Fix self.isYatHandle undefined error, revert "Merge pull request #39" #40 from mymonero/yat-cjs-compatible-tooltip
5656f86 refactor: update fiat currency enabled check due to deprecated field
05f3290 feat: add cjs-compatible tooltip code
394ac64 Merge pull request #38 from mymonero/yat-buy
6d0fc8b Merge pull request Bump Android version to v1.1.21 due to hotfix #37 from mymonero/fix/is-array-check
46747c1 corrected isArray check

See the full diff

Package name: @mymonero/mymonero-locales

The new version differs by 238 commits.

6262996 v2.0.0
191e55c Merge pull request Resolve v1.2.1 dev merge to master #58 from mymonero/tweaks-for-lerna
4731b59 chore: replaced svg logo with png.
0a447ef chore: additional readme updates
d3ae002 Updated Readme logos
1af7edb fix: updated for each loop to check for addresses
33e68c4 updated packages and moved more of
9347e96 Merge pull request build: bump versionCode and SDK level #57 from mymonero/patch-axios-mocha-and-coveralls
2348fa1 chore: update package versions based on Snyk PRs
11f7c29 Merge pull request build: updated buildCode and API level #56 from mymonero/fix-unexpected-token
d84065a Merge pull request chore:refactor repo to bring inline with web and desktop #54 from mymonero/net-utils-update
d9b55f0 refactor: clean up needless code
38676fb fix: for some reason, optional chaining throws an unexpected token error on Android
6e730c8 Merge pull request Merge v1.2.1 into master #55 from mymonero/add-release-notes
c1b1d77 docs: remove unclosed tag
5a92a78 docs: change absolute URL to relative URL
be6a64b docs: write up release and publish instructions
93de1b6 Updated to r
9c2075e Merge pull request chore:added updated issue templates #53 from mymonero/guardarian-logo-and-conversion-optimisations
ec0aa3f refactor: display Guardarian logo where needed, auto-populate initial exchange quote
194bc34 Merge pull request Release v1.2.1 #52 from mymonero/readme-update
0f46f44 Merge pull request chore: updated build number #51 from mymonero/remove-console-logs
b7d9f00 Merge pull request Enable vertical scroll for new exchange and fix layout of exchange on mobile #50 from mymonero/cleanup-net-utils
333c66d updated hosted api package

See the full diff

Package name: @mymonero/mymonero-page-templates

The new version differs by 15 commits.

8da2b8d chore: update comment
3823346 v1.3.3
a57c6ef chore: remove unnecessary package lock
f742dd8 chore: clean up debug output
f380530 v1.3.2
1ff6504 v1.3.1
f8329f7 Merge pull request QR Code works on desktop, not on mobile app #41 from mymonero/refactor-deprecated-guardarian-field
81fa290 Merge pull request Fix self.isYatHandle undefined error, revert "Merge pull request #39" #40 from mymonero/yat-cjs-compatible-tooltip
5656f86 refactor: update fiat currency enabled check due to deprecated field
05f3290 feat: add cjs-compatible tooltip code
394ac64 Merge pull request #38 from mymonero/yat-buy
6d0fc8b Merge pull request Bump Android version to v1.1.21 due to hotfix #37 from mymonero/fix/is-array-check
46747c1 corrected isArray check
ee93c64 v1.3.1-alpha.4
55ea87b refactor: enable additional exchange pairs

See the full diff

Package name: terser

The new version differs by 62 commits.

0136e8a update changelog
c5cb19d 5.14.2
a4da734 fix potential regexp DDOS
839b81b Add source mapping for closing `}` (#1211)
645a092 Optimize property access evaluation (#1213)
6706fec 5.14.1
4a56ef2 update changelog
c558e12 Add keep_numbers option. Closes #1208
f745ac7 fix parsing of nested template strings. Closes #1204
1707753 5.14.0
cb82833 update changelog
3483388 Fix compressed source-maps have non-terminated segments (#1106)
b47c3e6 chore: Set permissions for GitHub actions (#1195)
a47f29a Switch to GenMapping for sourcemap generation (#1190)
8627a08 Update package.json (#1194)
2d59a11 include types export for ts4.7 nodenext resolution (#1193)
663ea2a Add note about ecma parse option being deprecated
f80f962 fix (domprops): add `COMPLETION_STATUS_KHR` to the domprops list (#1191)
878a631 garbage collect the AST while outputting code (#1189)
423b304 Switch to TraceMap for sourcemap's originalPositionFor API (#1181)
fa9b0e4 5.13.1
03a1af6 update changelog
adf7e85 remove spurious self-assignments. Closes #1081
56a05f0 factor out the inline code