[Snyk] Upgrade chokidar from 3.4.3 to 3.6.0 #934

drnachio · 2024-08-06T05:37:59Z

Snyk has created this PR to upgrade chokidar from 3.4.3 to 3.6.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released on 6 months ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	482	Proof of Concept
Uncontrolled resource consumption SNYK-JS-BRACES-6838727	482	Proof of Concept
Uncontrolled resource consumption SNYK-JS-BRACES-6838727	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	482	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	482	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482	No Known Exploit
Uncaught Exception SNYK-JS-SOCKETIO-7278048	482	No Known Exploit
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	482	No Known Exploit
Command Injection SNYK-JS-SSH2-1656673	482	No Known Exploit
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	482	No Known Exploit
Open Redirect SNYK-JS-GOT-2932019	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	482	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	482	Proof of Concept
Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	482	Proof of Concept
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	482	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	482	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-JSZIP-1251497	482	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	482	No Known Exploit
Denial of Service (DoS) SNYK-JS-JSZIP-1251497	482	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	482	No Known Exploit
Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	482	Proof of Concept
Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	482	Proof of Concept
Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	482	Proof of Concept
Insecure Defaults SNYK-JS-SOCKETIO-1024859	482	Proof of Concept
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	482	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	482	No Known Exploit
Prototype Pollution SNYK-JS-NCONF-2395478	482	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	482	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	482	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-PUG-1071616	482	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-PUGCODEGEN-1082232	482	Proof of Concept
Improper Control of Generation of Code ('Code Injection') SNYK-JS-PUGCODEGEN-7086056	482	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	482	Proof of Concept
Code Injection SNYK-JS-LODASH-1040724	482	Proof of Concept
Prototype Pollution SNYK-JS-LODASHSET-1320032	482	Proof of Concept
Infinite loop SNYK-JS-MARKDOWNIT-6483324	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	482	Proof of Concept
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	482	No Known Exploit
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	482	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	482	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	482	Proof of Concept
Prototype Pollution SNYK-JS-UNSETVALUE-2400660	482	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	482	Proof of Concept
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	482	No Known Exploit
Internal Property Tampering SNYK-JS-TAFFYDB-2992450	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	482	Proof of Concept
Code Injection SNYK-JS-LODASH-1040724	482	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	482	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	482	Proof of Concept
Command Injection SNYK-JS-SNYK-3037342	482	Proof of Concept
Command Injection SNYK-JS-SNYK-3038622	482	Proof of Concept
Code Injection SNYK-JS-SNYK-3111871	482	No Known Exploit
Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	482	Proof of Concept
Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	482	Proof of Concept
Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	482	Proof of Concept
Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482	Proof of Concept
Prototype Pollution SNYK-JS-XML2JS-5414874	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	482	No Known Exploit
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	482	Proof of Concept
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	482	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-VUETEMPLATECOMPILER-7554675	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	482	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	482	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	482	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	482	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482	Proof of Concept

Release notes

Package name: chokidar

3.6.0 - 2024-02-06
What's Changed
- fix readyCount logic by @ JLHwung in #1288
- handle MustScanSubDirs by @ MarcCelani-at in #1197
- update fs.FSWatcher types to satisfy nodejs versions >= 16; fixes #1299 by @ ben-polinsky in #1300
New Contributors
- @ Mutahhar made their first contribution in #1226
- @ zqianem made their first contribution in #1242
- @ JLHwung made their first contribution in #1288
- @ MarcCelani-at made their first contribution in #1197
- @ ben-polinsky made their first contribution in #1300
Full Changelog: 3.5.3...3.6.0
3.5.3 - 2022-01-18
What's Changed
- types: use correct type def for ignored option by @ iheyunfei in #1140
- Update chokidar-cli link in README.md by @ mcecode in #1142
- handle promise rejection when a symlink's target does not exist. Fixe… by @ nicks in #1010
- fix: improve add and unwatch TypeScript definitions by @ alan-agius4 in #1157
- Enable dtslinting by @ alan-agius4 in #1158
- style: delete yarn.lock by @ alan-agius4 in #1159
New Contributors
- @ iheyunfei made their first contribution in #1140
- @ mcecode made their first contribution in #1142
- @ nicks made their first contribution in #1010
- @ alan-agius4 made their first contribution in #1157
Full Changelog: 3.5.2...3.5.3
3.5.2 - 2021-06-15
"Update" glob-parent dependency from ~5.1.0 to ~5.1.2 to silence "vulnerability" warnings
3.5.1 - 2021-01-15
- Symlink fixes
3.5.0 - 2021-01-06
- Support for ARM Macs with Apple Silicon.
- Fixed missing removal of symlinks when the target path was deleted (#1042)
3.4.3 - 2020-10-13
No content.

from chokidar GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"chokidar","from":"3.4.3","to":"3.6.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ENGINEIO-1056749","issue_id":"SNYK-JS-ENGINEIO-1056749","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ENGINEIO-3136336","issue_id":"SNYK-JS-ENGINEIO-3136336","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ASYNC-2441827","issue_id":"SNYK-JS-ASYNC-2441827","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SOCKETIO-7278048","issue_id":"SNYK-JS-SOCKETIO-7278048","priority_score":649,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.7","score":435},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncaught Exception"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SOCKETIOPARSER-1056752","issue_id":"SNYK-JS-SOCKETIOPARSER-1056752","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SOCKETIOPARSER-5596892","issue_id":"SNYK-JS-SOCKETIOPARSER-5596892","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SSH2-1656673","issue_id":"SNYK-JS-SSH2-1656673","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-GLOBPARENT-1016905","issue_id":"SNYK-JS-GLOBPARENT-1016905","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-GOT-2932019","issue_id":"SNYK-JS-GOT-2932019","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-GOT-2932019","issue_id":"SNYK-JS-GOT-2932019","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HOSTEDGITINFO-1088355","issue_id":"SNYK-JS-HOSTEDGITINFO-1088355","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":572,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COLORSTRING-1082939","issue_id":"SNYK-JS-COLORSTRING-1082939","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HOSTEDGITINFO-1088355","issue_id":"SNYK-JS-HOSTEDGITINFO-1088355","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","issue_id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-7148531","issue_id":"SNYK-JS-IP-7148531","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ISTANBULREPORTS-2328088","issue_id":"SNYK-JS-ISTANBULREPORTS-2328088","priority_score":215,"priority_score_factors":[{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Reverse Tabnabbing"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSON5-3182856","issue_id":"SNYK-JS-JSON5-3182856","priority_score":427,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSON5-3182856","issue_id":"SNYK-JS-JSON5-3182856","priority_score":427,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSZIP-1251497","issue_id":"SNYK-JS-JSZIP-1251497","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSZIP-3188562","issue_id":"SNYK-JS-JSZIP-3188562","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write via Archive Extraction (Zip Slip)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSZIP-1251497","issue_id":"SNYK-JS-JSZIP-1251497","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSZIP-3188562","issue_id":"SNYK-JS-JSZIP-3188562","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write via Archive Extraction (Zip Slip)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SNYKPYTHONPLUGIN-3039677","issue_id":"SNYK-JS-SNYKPYTHONPLUGIN-3039677","priority_score":571,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5","score":250},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Command Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SNYKSBTPLUGIN-3038626","issue_id":"SNYK-JS-SNYKSBTPLUGIN-3038626","priority_score":571,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5","score":250},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Command Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625","issue_id":"SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625","priority_score":571,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5","score":250},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Command Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SOCKETIO-1024859","issue_id":"SNYK-JS-SOCKETIO-1024859","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insecure Defaults"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SOCKETIOPARSER-3091012","issue_id":"SNYK-JS-SOCKETIOPARSER-3091012","priority_score":490,"priority_score_factors":[{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SOCKETIOPARSER-3091012","issue_id":"SNYK-JS-SOCKETIOPARSER-3091012","priority_score":490,"priority_score_factors":[{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NCONF-2395478","issue_id":"SNYK-JS-NCONF-2395478","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NETMASK-1089716","issue_id":"SNYK-JS-NETMASK-1089716","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NETMASK-6056519","issue_id":"SNYK-JS-NETMASK-6056519","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NORMALIZEURL-1296539","issue_id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PUG-1071616","issue_id":"SNYK-JS-PUG-1071616","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PUGCODEGEN-1082232","issue_id":"SNYK-JS-PUGCODEGEN-1082232","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PUGCODEGEN-7086056","issue_id":"SNYK-JS-PUGCODEGEN-7086056","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1040724","issue_id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASHSET-1320032","issue_id":"SNYK-JS-LODASHSET-1320032","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MARKDOWNIT-6483324","issue_id":"SNYK-JS-MARKDOWNIT-6483324","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Infinite loop"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-XMLHTTPREQUESTSSL-1082936","issue_id":"SNYK-JS-XMLHTTPREQUESTSSL-1082936","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TRIMNEWLINES-1298042","issue_id":"SNYK-JS-TRIMNEWLINES-1298042","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-XMLHTTPREQUESTSSL-1255647","issue_id":"SNYK-JS-XMLHTTPREQUESTSSL-1255647","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Access Restriction Bypass"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-Y18N-1021887","issue_id":"SNYK-JS-Y18N-1021887","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-Y18N-1021887","issue_id":"SNYK-JS-Y18N-1021887","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNSETVALUE-2400660","issue_id":"SNYK-JS-UNSETVALUE-2400660","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAFFYDB-2992450","issue_id":"SNYK-JS-TAFFYDB-2992450","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Internal Property Tampering"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TMPL-1583443","issue_id":"SNYK-JS-TMPL-1583443","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1040724","issue_id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"...

Snyk has created this PR to upgrade chokidar from 3.4.3 to 3.6.0. See this package in npm: chokidar See this project in Snyk: https://app.snyk.io/org/drnachio/project/0235dece-0710-40d2-b9c0-b6ae0c08e4a4?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade chokidar from 3.4.3 to 3.6.0 #934

[Snyk] Upgrade chokidar from 3.4.3 to 3.6.0 #934

drnachio commented Aug 6, 2024

What's Changed

New Contributors

What's Changed

New Contributors

[Snyk] Upgrade chokidar from 3.4.3 to 3.6.0 #934

Are you sure you want to change the base?

[Snyk] Upgrade chokidar from 3.4.3 to 3.6.0 #934

Conversation

drnachio commented Aug 6, 2024

Snyk has created this PR to upgrade chokidar from 3.4.3 to 3.6.0.

Issues fixed by the recommended upgrade:

What's Changed

New Contributors

What's Changed

New Contributors