[Snyk] Upgrade sinon from 7.3.2 to 14.0.0 #4

snyk-bot · 2022-10-22T21:11:10Z

Snyk has created this PR to upgrade sinon from 7.3.2 to 14.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 32 versions ahead of your current version.
The recommended version was released 5 months ago, on 2022-05-07.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-NPM-537606	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Overwrite SNYK-JS-NPM-537603	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-BINLINKS-537610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Unauthorized File Access SNYK-JS-NPM-537604	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Unauthorized File Access SNYK-JS-BINLINKS-537609	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sinon

14.0.0 - 2022-05-07
14.0.0
13.0.2 - 2022-04-14
13.0.2
13.0.1 - 2022-02-01
13.0.1
13.0.0 - 2022-01-28
13.0.0
12.0.1 - 2021-11-04
12.0.1
12.0.0 - 2021-11-03
12.0.0
11.1.2 - 2021-07-27
11.1.2
11.1.1 - 2021-05-26
11.1.0 - 2021-05-25
11.0.0 - 2021-05-24
10.0.1 - 2021-04-08
10.0.0 - 2021-03-22
9.2.4 - 2021-01-23
9.2.3 - 2021-01-06
9.2.2 - 2020-12-11
9.2.1 - 2020-10-28
9.2.0 - 2020-10-06
9.1.0 - 2020-09-29
9.0.3 - 2020-08-11
9.0.2 - 2020-04-08
9.0.1 - 2020-03-10
9.0.0 - 2020-02-19
8.1.1 - 2020-01-22
8.1.0 - 2020-01-16
8.0.4 - 2020-01-06
8.0.3 - 2020-01-06
8.0.2 - 2019-12-30
8.0.1 - 2019-12-23
8.0.0 - 2019-12-22
7.5.0 - 2019-09-23
7.4.2 - 2019-09-02
7.4.1 - 2019-08-06
7.3.2 - 2019-04-17

from sinon GitHub release notes

Commit messages

Package name: sinon

242b429 14.0.0
c2bbd82 Drop node 12
18d5601 13.0.2
bddb631 Update fake-timers
9e334cd master => main
eaed0eb Bump nokogiri from 1.13.3 to 1.13.4 (#2451)
0ed91d7 Bump minimist from 1.2.5 to 1.2.6 (#2450)
ff1443e Bump nokogiri from 1.13.1 to 1.13.3
238f14b Add some jsdoc
698fe79 13.0.1
a21ad7a omission 💩
ec4223f Bump nise to fix TypeError: performance.mark is not a function on node@16 sinonjs/nise#193
f329a01 Add unimported to workflow (#2441)
209f71f Fix fake tests (#2439)
7f16cec Enable updates to same major version
0dd4d93 Merge branch 'single-release-per-major__master'
91dab22 Persist prettier fix to the script that generates this
f784d7a Re-introduce new version.sh script to version hook
51c508a Add dry run mode to `npm version` (#2436)
a57bbf6 Remove dry-run flag from npm publish (#2434)
ae134d2 Add sort_id
0cb7c09 Adjust copy script
3cfd12a update script
b217ba9 Update scripts and Liquid templates