New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 12 vulnerabilities #21

Open

baby636 wants to merge 1 commit into master from snyk-fix-9e35d2417cb18509555babd95359bd33

Owner

baby636 commented Nov 27, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 96 commits.

52ab250 v2.28.0
019f8ea fix: remove document.write (#2019)
3b0581e browser-sync-2017 use chalk everywhere (#2018)
c1db647 v2.27.12
6a8133d build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (#2011)
61bfdd9 build(deps): bump cookiejar in /packages/browser-sync (#2006)
9d71626 build(deps): bump cookiejar in /packages/browser-sync-ui (#2005)
f5fd00f build(deps): bump parse-url and lerna (#2000)
54d16e4 build(deps): bump minimist in /packages/browser-sync-ui (#1998)
98ae491 build(deps): bump minimist from 1.2.5 to 1.2.7 (#1997)
423d137 build(deps): bump socket.io-parser in /packages/browser-sync-ui (#1996)
9b46af3 build(deps): bump moment in /packages/browser-sync-ui (#1973)
769c4df build(deps): bump ua-parser-js in /packages/browser-sync (#2007)
01caeb3 v2.27.11
74873cc updated deps (#1995)
88527a8 Add CodeSee architecture diagram workflow to repository (#1972)
f6965a6 v2.27.10
e6c7bed Updated portscanner to 2.2.0 (#1960)
6a587ec fix readme's
91258ae Merge branch 'browser-sync-1946-esbuild'
f48d6b4 👋 app veyor
30c24dc Merge pull request #1947
9d24de5 drop webpack from UI
7a00341 build client with esbuild

See the full diff

Package name: gulp-sass

The new version differs by 5 commits.

5775044 Update CHANGELOG.md
978b8f6 Update to major version 5 (#802)
10eae93 Update changelog for 4.1.1
947b26c Upgrade lodash to fix a security issue (#776)
8d6ac29 Update changelog

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 NULL Pointer Dereference
🦉 Uncontrolled Recursion
🦉 More lessons are available in Snyk Learn


          fix: package.json to reduce vulnerabilities

be8077e

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-NODESASS-535498
- https://snyk.io/vuln/SNYK-JS-NODESASS-535500
- https://snyk.io/vuln/SNYK-JS-NODESASS-540958
- https://snyk.io/vuln/SNYK-JS-NODESASS-540964
- https://snyk.io/vuln/SNYK-JS-NODESASS-540978
- https://snyk.io/vuln/SNYK-JS-NODESASS-540992
- https://snyk.io/vuln/SNYK-JS-NODESASS-540998
- https://snyk.io/vuln/SNYK-JS-NODESASS-541000
- https://snyk.io/vuln/SNYK-JS-NODESASS-541002
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet