[Snyk] Upgrade: console-io, cookie-signature, jquery #371

tt9133github · 2024-09-11T23:13:21Z

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

console-io
from 2.6.3 to 2.7.14 | 15 versions ahead of your current version | 8 years ago
on 2016-11-09
cookie-signature
from 1.0.2 to 1.2.1 | 8 versions ahead of your current version | 2 years ago
on 2023-02-27
jquery
from 3.0.0-alpha1 to 3.7.1 | 20 versions ahead of your current version | a year ago
on 2023-08-28

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	399	No Known Exploit
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	399	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	399	No Known Exploit
Denial of Service (DoS) npm:ws:20160624	399	No Known Exploit
Denial of Service (DoS) npm:ws:20171108	399	Mature
Denial of Service (DoS) npm:ws:20160624	399	No Known Exploit
Denial of Service (DoS) npm:ws:20171108	399	Mature
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	399	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	399	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	399	Proof of Concept
Prototype Override Protection Bypass npm:qs:20170213	399	No Known Exploit
Non-Constant Time String Comparison npm:cookie-signature:20160804	399	No Known Exploit
Prototype Pollution SNYK-JS-JQUERY-174006	399	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	399	Mature
Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	399	Mature
Cross-site Scripting (XSS) npm:jquery:20150627	399	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	399	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	399	No Known Exploit
Insecure Randomness npm:ws:20160920	399	No Known Exploit
Insecure Randomness npm:ws:20160920	399	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:mime:20170907	399	No Known Exploit

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade: - console-io from 2.6.3 to 2.7.14. See this package in yarn: - cookie-signature from 1.0.2 to 1.2.1. See this package in yarn: - jquery from 3.0.0-alpha1 to 3.7.1. See this package in yarn: See this project in Snyk: https://app.snyk.io/org/t438879/project/0c65b672-d7dd-463c-bbae-20d65f2b6c38?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade: console-io, cookie-signature, jquery #371

[Snyk] Upgrade: console-io, cookie-signature, jquery #371

tt9133github commented Sep 11, 2024

[Snyk] Upgrade: console-io, cookie-signature, jquery #371

Are you sure you want to change the base?

[Snyk] Upgrade: console-io, cookie-signature, jquery #371

Conversation

tt9133github commented Sep 11, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade: