New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 5 vulnerabilities #2

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-de1217701f6ab6374a16b6eae2756eb3

snyk-bot commented Dec 17, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	Prototype Pollution npm:hoek:20180212	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:validator:20180218	Yes	Proof of Concept

Commit messages

Package name: less-middleware

The new version differs by 9 commits.

8471bff Version 3.0.0
b9556a0 Version 2.3.0
a8559d5 Merge branch 'master' of github.com:emberfeather/less.js-middleware
136bd2e Fixing the style of the DI shield.
9f4e712 Merge pull request #151 from emberfeather/feature/circleci
0b6ea0e Fixing the syntax for the circle config.
19edda6 Fixing the docker user.
7bac1f7 Adding basic config and test for circle.
9b57cbf Updating dependencies.

See the full diff

Package name: socket.io

The new version differs by 46 commits.

a10dc8d [chore] Release 2.0.2
2b21690 [fix] Fix timing issues with middleware (#2948)
832b8fc [chore] Release 2.0.1
a005690 [fix] Update path of client file (#2934)
3367eaa [chore] Release 2.0.0
6c0705f [docs] Add an example of custom parser (#2929)
1980fb4 [chore] Merge history of 1.7.x and 0.9.x branches (#2930)
0d07c47 [chore] Added backers and sponsors on the README (#2933)
a086588 [chore] Bump dependencies (#2926)
87b06ad [feat] Move binary detection to the parser (#2923)
199eec6 [docs] Replace non-breaking space with proper whitespace (#2913)
f1b39a6 [docs] Update emit cheatsheet (#2906)
240b154 [docs] Explicitly document that Server extends EventEmitter (#2874)
c5b7738 [docs] Add server.engine.generateId attribute (#2880)
03f3bc9 [docs] Fix wrong space character in README (#2900)
e40accf [docs] Fix documentation for 'connect' event (#2898)
01a4623 [feat] Allow to join several rooms at once (#2879)
2d5b002 [docs] Add webpack build example (#2828)
5ae06e6 [chore] Bump socket.io-adapter to version 1.0.0 (#2867)
4d8f68c [chore] Bump engine.io to version 2.0.2 (#2864)
5b79ab1 [docs] Update the wording to match the code example (#2853)
54ff591 [feature] Merge Engine.IO and Socket.IO handshake packets (#2833)
e1facd5 [docs] Small addition to the Express Readme Part (#2846)
3b92cc2 [feature] Allow the use of custom parsers (#2829)

See the full diff

Package name: validator

The new version differs by 250 commits.

748d499 9.4.1
1950835 Patch a REDOS
77ed1ed Update the changelog and min version
5c4c971 Merge pull request #788 from malachiwa/patch-1
6a91b75 Update Israel's prefixes of mobile phone numbers
c93cf2c Merge pull request #786 from amilajack/patch-1
eeba049 Run against node 8
4e455d2 9.4.0
4fb34e9 Re-add the change to the en-IN phone regex
f2b9806 Updates from the previous merge
ca20e91 Merge pull request #785 from geekguy/master
f51344f Indian mobile numbers can start with 6 now.
0ccb1c7 Update the changelog and min version
e7b8557 Merge pull request #769 from ProfNandaa/feat-741-is-phone-number-cc
5615a12 isMobilePhone: add option for strictMode
ca0f25f 9.3.0
e9a4009 Remove the leftover compiled isDate
bf46b58 Update the changelog and min version
06d6b16 Merge pull request #774 from vetoshko/new-phones
3920f9d Merge branch 'master' into new-phones
f5fcb6d Merge pull request #777 from athivvat/support-thailand-locale
cbea0c7 Merge branch 'master' into support-thailand-locale
ab898d5 Merge pull request #779 from aniham/master
cfca110 Merge branch 'master' into master

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json & .snyk to reduce vulnerabilities

e838d0e

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:validator:20180218


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:ms:20170412

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet