New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 7 vulnerabilities #29

Open

xpertopensourcegh wants to merge 1 commit into main from snyk-fix-463cf5aa940f7c975430d5c0778ddc5c

Owner

xpertopensourcegh commented Feb 2, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Arbitrary File Read SNYK-JS-HTMLPDF-467248	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	691/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.4	Improper Verification of Cryptographic Signature SNYK-JS-PASSPORTSAML-3043103	No	Proof of Concept
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOMXMLDOM-3042243	No	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOMXMLDOM-3092934	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: html-pdf

The new version differs by 15 commits.

bac0f69 3.0.1
c12d697 Invert localUrlAccess to fix https://www.npmjs.com/advisories/1095
7f054b6 Fix options.base example path to avoid #508
13b438c 3.0.0
296313e chore: Update circleci config
236a297 fix: Prevent local file access by default using the `localUrlAccess: false` option
85e2470 chore: Add package-lock.json
36a551c Fixed error handling
4e15719 Satisfying test for TravisCI
9349b6f Added null checker
a0f4500 A better way for handling PhantomJS exits
9e14ef5 Fix issue with last header appearing on all pages
89a41e3 Extract business card test into separate file
63ba98f Re-add business card example pdf
b0018c4 Fix two of three broken links

See the full diff

Package name: i18next-node-fs-backend

The new version differs by 24 commits.

41d4166 update changelog
ccffd22 Merge pull request #238 from ceastman-ibm/patch-1
67ee4c2 Update js-yaml to a non vulnerable version
26e20ac rebuild
13157e2 Merge pull request #237 from felixmosh/fix-236
229a7f1 Bump dep versions due to DOS vulnerability
0056a49 Merge pull request #233 from ffflorian/patch-1
714e078 Add repository to package.json
7e946e7 rebuild
1122cb7 Merge pull request #230 from jonathanz/patch-1
14844ac fix [ReferenceError: language is not defined]
6135a7f update version
07ac0af rebuild
7952dec Merge pull request #226 from lovro-bikic/master
6854cc4 update addPath to support functions and paths
f061442 change `var` to `let` in src
19b5b0d fix dependencies
cfdc02c transpile to ES5
ca9f110 run build script
4e1afb2 update loadPath to support functions as parameters
479ac5f update travis target
97d8d7a remove dep
bd52d90 remove cson parser, adds option.parse for custom parsing
209127a Update README.md

See the full diff

Package name: passport-saml

The new version differs by 5 commits.

8816748 Update @ xlmdom/xmldom to v0.7.6 (#795)
7b1f232 Release 3.2.3
28c8c4c Update changelog and related tools (#791)
8b6b2f2 Release 3.2.2
8b7e3f5 Merge pull request from GHSA-m974-647v-whv7

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Arbitrary Code Execution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn


          fix: package.json & package-lock.json to reduce vulnerabilities

1e1d089

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HTMLPDF-467248
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-3043103
- https://snyk.io/vuln/SNYK-JS-XMLDOMXMLDOM-3042243
- https://snyk.io/vuln/SNYK-JS-XMLDOMXMLDOM-3092934

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet