Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade config from 1.25.1 to 1.31.0 #86

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

[Snyk] Upgrade config from 1.25.1 to 1.31.0 #86

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade config from 1.25.1 to 1.31.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 12 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2018-07-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
npm:sshpk:20180409		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Override Protection Bypass
npm:qs:20170213		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
npm:extend:20180424		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
npm:deep-extend:20180409		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Insecure Randomness
npm:crypto-browserify:20140722		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Uninitialized Memory Exposure
npm:base64url:20180511		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Mature
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WEBSOCKETEXTENSIONS-570623		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Arbitrary File Overwrite
SNYK-JS-TAR-174125		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Arbitrary File Write
SNYK-JS-TAR-1579155		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-73638		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-73638		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Arbitrary File Overwrite
SNYK-JS-FSTREAM-174725		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Improper Access Control
SNYK-JS-FAYE-567757		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Insecure Randomness
SNYK-JS-CRYPTOJS-548472		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-AWSSDK-1059424		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Uninitialized Memory Exposure
npm:tunnel-agent:20170305		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:tough-cookie:20170905		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Uninitialized Memory Exposure
npm:stringstream:20180511		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Mature
Regular Expression Denial of Service (ReDoS)
npm:brace-expansion:20170302		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-MINIMIST-559764		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-559764		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
npm:lodash:20180130		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
npm:lodash:20180130		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:moment:20170905		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: config
  • 1.31.0 - 2018-07-23
  • 1.30.0 - 2018-02-26
  • 1.29.4 - 2018-02-04
  • 1.29.3 - 2018-02-03
  • 1.29.2 - 2018-01-13
  • 1.29.1 - 2018-01-07
  • 1.29.0 - 2017-12-26
  • 1.28.1 - 2017-11-09
  • 1.28.0 - 2017-11-07
  • 1.27.0 - 2017-10-17
  • 1.26.2 - 2017-08-12
  • 1.26.1 - 2017-05-03
  • 1.25.1 - 2017-02-01
from config GitHub release notes
Commit messages
Package name: config
  • a6d49e5 Bump for 1.31 release
  • 76bebd8 Merge pull request #490 from SimonSchick/chore/deps
  • ce2a291 remove unused dependency and bump up json5
  • 66bd8e1 Merge pull request #486 from leonardovillela/node-env-define-multiple-load-files
  • 7e7c9cf Fix new line at end of files
  • a27b959 Add support for load multiple files by values defined in NODE_ENV
  • 54d2f71 Merge pull request #484 from bastbijl/issue-483-support-coffeescript
  • b0126a2 Fix coffeescript to 2.2.4
  • 1964867 Fix version of coffeescript to 2.3.1
  • becba67 Remove node_js 4 from travis test
  • b16d4a5 History log
  • 2112be4 Support using coffeescript without dash
  • 955db09 Prep for 1.30.0 npm publish
  • 70ca4ca Merge pull request #474 from patrickpilch/nested-raw
  • 2892fc1 Support for nested raw() in javascript configurations
  • 27a155a Prep for 1.29.4
  • 5dbf5ca Prep for 1.29.3 deploy
  • 67a2167 Merge pull request #465 from gewentao/master
  • f851fb0 add soft dependencies
  • fd08311 Updates for 1.29.2 npm publish
  • 63d8e90 Merge pull request #459 from electroma/437-reuse-existing-ts-handler
  • 553a162 Added test for ts-node double registration (thanks @ lorenwest)
  • 00e3be1 Fixes #437 again
  • e052e4e Fixed contributor tool bug and prepare for publish

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot