New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 9 vulnerabilities #13

Open

ukmadlz wants to merge 1 commit into master from snyk-fix-62d5e517aa2bdbb0ce8d3a1eaa0a66c6

Member

ukmadlz commented Feb 3, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper input validation npm:call:20160705	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:content:20170908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:content:20180305	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	CORS Bypass npm:hapi:20151020	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:hapi:20151223	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Potentially loose security restrictions npm:hapi:20151228	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hapi

The new version differs by 250 commits.

b8e64d0 Update version
5ced8ae 18.1.0
7578f61 Expose bourne settings. Closes #3917
3378e78 Update dep. Closes #3922
4b59b3f 18.0.1
5f6a00b misc
ccc538d Typo
1af289f Update deps. Closes #3912. Closes #3914
aa3934f Add IDEs
75756f6 Fix route assert. Closes #3909
06a48ea 18.0.0
4da282e Its 2019
4bd7c38 Update deps. Closes #3905. Closes #3906. Closes #3907. Closes #3908
3350a5c Refactor cache config. Closes #3876, Closes #3904
03e03dc Split request.info.responded to responded and completed. Closes #3901
7521468 Coverage
a3a5ca9 Fix close event handling in node 11. Closes #3898
7b85840 Fix test
17ca301 Exclude vs
5e91092 Fix test. For #3900
89604b0 Merge pull request #3900 from AdriVanHoudt/fix-test-803
a4f9121 Merge pull request #3882 from dominykas/validate-cookies-alt
04758ac Update API.md
413290f For #3897

See the full diff

Package name: inert

The new version differs by 108 commits.

5f699ba 5.1.3
4514a5e Don't resolve against files.relativeTo multiple times. Closes #125
fc143b3 Handle top level directory listing without trailing slash. Closes #119
8633b9f Test using hapi 18
4569240 Merge pull request #123 from Nargonath/changelog
b0c3901 Add changelog.md
d8e55cc 5.1.2
08e2a10 Use new requirements config. Closes #122
7cc122b 5.1.1
dc47399 Cleanup and update deps. Closes #121
84b50b4 5.1.0
302b1e0 Rename internal variable
c2a2703 Add path data to error events. Closes #111
bd48207 Refactor directory file lookup
f424ddb Add boom error type helpers
318f5fa Refactor path normalization
8745e1a Remove a closure
bac2072 Rethrow developer errors. Closes #103
f248b2e Update deps. Closes #102
9f22671 Update docs
ceadca7 Throw when registration options are passed
aa3fe79 Move etagsCacheMaxSize to a server option. Closes #99
5b48693 rc8
988f4e4 rc7

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 CORS Bypass
🦉 Denial of Service (DoS)
🦉 Prototype Poisoning
🦉 More lessons are available in Snyk Learn


          fix: package.json to reduce vulnerabilities

13b0218

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/npm:call:20160705
- https://snyk.io/vuln/npm:content:20170908
- https://snyk.io/vuln/npm:content:20180305
- https://snyk.io/vuln/npm:hapi:20151020
- https://snyk.io/vuln/npm:hapi:20151223
- https://snyk.io/vuln/npm:hapi:20151228
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:qs:20170213

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet