[Snyk] Fix for 1 vulnerabilities #18

snyk-bot · 2021-08-18T05:07:46Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cacache

The new version differs by 9 commits.

41e12c1 chore(release): 11.0.1
208b7bd deps: bump ssri
aa59d82 chore(release): 11.0.0
33d4eed feat(opts): use figgy-pudding for opts (npm update command npm/npm#128)
529f347 meta: drop support for node@4
4446327 test: use nyc through tap
109ff93 standard: --fix for standard@11
3817b7a deps: bump devDeps
a7d25b4 deps: bump deps

See the full diff

Package name: libcipm

The new version differs by 37 commits.

c4fe48c chore(release): 1.6.3
aadcc43 deps: npm audit fix
2a34dcd deps: bump devDeps
0c4538c deps: bump deps
65a7a71 meta: npm6-ify pkglock
112565f chore(release): 1.6.2
9149631 fix(lifecycle): detect binding.gyp for default install lifecycle (make npm the registry npm/npm#46)
7fe4703 chore(release): 1.6.1
08ed1cc fix(prefix): don't reference prefix before computing it ([Snyk] Fix for 1 vulnerabilities #40)
7f27a52 fix(lifecycle): defer to lifecycle’s internal logic as to whether or not to execute a run-script (untag npm/npm#42)
401d466 fix(prefix): Resolve to promise when passing --prefix to npm ci (Error during installation: "tar: Unrecognized archive format: Inappropriate file type or format" npm/npm#43)
54d0106 fix(bin): Set non-zero exit code on error ([Snyk] Fix for 1 vulnerabilities #41)
8774fac deps: bump libcipm in cli
7149bdb chore(release): 1.6.0
a923bc5 meta: standard --fix
677c88f deps: bump devDeps
9c635cc deps: bump deps
6ff054d bin: bump bin version
d62668e fix(bin): cli.js was being excluded
a3383fd feat(libcipm): working standalone cipm release!
bb688fa chore(release): 1.5.1
7405360 fix(_from): do not add _from to directory deps
0988ed2 chore(release): 1.5.0
6239499 fix(errors): handle aggregate errors better

See the full diff

Package name: pacote

The new version differs by 28 commits.

118157c chore(release): 8.0.0
d94abdb deps: bump devDeps
6737bf6 deps: bump deps
4af129e meta: bump pkglock to npm@6 version
11478ff meta: drop support for node@4
85b269b fix(git): make full clones do a full mirror
757bee1 chore(release): 7.6.1
bb52d02 fix(standard): update to new standard rules
5f78812 deps: bump devDeps
597ad85 deps: bump deps
b1f5b7f chore(release): 7.6.0
425c58d feat(git): added retry logic for all git operations. (npm ls installed seems to stop working in 0.1.21 npm/npm#136)
ef47db4 chore(release): 7.5.3
3db03c2 fix(tarball): stop dropping stream errors on the floor
62e6bc9 chore(release): 7.5.2
5b8b509 fix(console): remove spurious debugging console.log :<
c61c9cd chore(release): 7.5.1
bdd6628 fix(tarball): catch errors thrown from stream handler
c9d17a9 chore(release): 7.5.0
0fb8037 feat(logging): let users know when file: resolved packages fail integrity check
45080bb chore(release): 7.4.2
bba20c8 fix(deps): move mkdirp and rimraf to dependencies (install.sh unique tmp dir npm/npm#140)
042aac9 chore(release): 7.4.1
0286ba5 fix(tarball): fix spurious errors from tarball.stream()

See the full diff

Package name: ssri

The new version differs by 11 commits.

b7c8c7c chore(release): 6.0.2
b30dfdb fix: backport regex change from 8.0.1
a4337cd chore(release): 6.0.1
cf86553 fix(opts): use figgy-pudding to specify consumed opts
97b032d deps: npm6ify pkglock
d1aa2f7 chore(release): 6.0.0
04b3ef7 deps: remove safe-buffer
d9bf359 meta: drop support for node@4
b71ef17 fix(docs): minor typo
0ae0c23 chore(release): 5.3.0
bf26b84 feat(checkData): optionally throw when checkData fails

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SSRI-1085630

fix: package.json & package-lock.json to reduce vulnerabilities

7fc0389

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SSRI-1085630

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 1 vulnerabilities #18

[Snyk] Fix for 1 vulnerabilities #18

Uh oh!

Uh oh!

Uh oh!

[Snyk] Fix for 1 vulnerabilities #18

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #18

Uh oh!

Conversation

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Uh oh!