[Snyk] Fix for 52 vulnerabilities #43

clifford-snyk-github · 2024-10-22T05:20:54Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	No	Proof of Concept
631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	No	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	No	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	No	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	No	Proof of Concept
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	No	Proof of Concept
561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	No	Proof of Concept
791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	No	Proof of Concept
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	No	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	No	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYK-3037342	No	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYK-3038622	No	Proof of Concept
504/1000 Why? Has a fix available, CVSS 5.8	Code Injection SNYK-JS-SNYK-3111871	No	No Known Exploit
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	No	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	No	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	No	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	No	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	No	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	No	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	No	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browserify

The new version differs by 146 commits.

c94b4d5 16.5.2
678d650 Merge pull request #1973 from browserify/browser-resolve-2
fc324b5 update browser-resolve to v2
da0f1e1 16.5.1
dc71ea0 Use non-deprecated mkdirp package.
c53f841 gitignore - add node_modules
2b50632 Update package.json
249f54b Update package.json
985dad9 deps - pin deps for node v0.8 support
86c3a00 fixes swapped changelog PR references in 10.2.0
a245fe6 Add security.md
506533c 16.5.0
85489cc Update changelog.markdown
4c04949 Merge pull request #1918 from browserify/custom-browser-field
8213b64 Support custom names for "browser" field resolution
8980670 16.4.0
f871a85 Update changelog.markdown
52de2c4 Merge pull request #1916 from browserify/stream-http
5dc1bf2 Upgrade stream-http to v3
4a5ea7e Add funding.yml
9824fae 16.3.0
9e3397b Add http2 to builtins (#1913)
d2ade25 Add http2 to builtins
876182d Tweak license text so Github detects it correctly

See the full diff

Package name: nodemon

The new version differs by 158 commits.

f219dcc test: Update release.yml to use ubuntu-latest (#2123)
af3b9e2 fix: node@10 support back in
a3f0e12 test: package wasn't installing
8ded28c docs: update test runners and add TODO
83ef51d chore: website supporters
86d5f40 fix: also watch cjs
7881f05 chore: remove legacy .nodemon support
04302b8 Merge branch 'Vindeep07-develop'
64c426a Merge branch 'develop' of https://github.com/Vindeep07/nodemon into Vindeep07-develop
c13dbbb Merge branch 'Triple-Whale-main'
023e2d1 Merge branch 'main' of https://github.com/Triple-Whale/nodemon into Triple-Whale-main
725569b Merge branch 'ibmi-always-enable-polling' of https://github.com/abmusse/nodemon into abmusse-ibmi-always-enable-polling
6bb8766 fix: semver vuln dep
3b58104 feat: always use polling on IBM i
3681000 update simple-update-notifier
083b4a6 bump simple-update-notifier & semver
6787871 chore: web site render
ddbc630 chore: web site render
d585386 allow user set PATH
43bdacc Merge branch 'main' of github.com:remy/nodemon
65ad501 chore: web site render
75c275a chore: web site render
272d519 chore: web site render
40a8d45 chore: fix web site render