Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #40

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mkg20001
Copy link
Owner

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • server/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-NODEFORGE-598677
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: libp2p The new version differs by 250 commits.
  • bbf8ef7 chore: release version v0.29.0
  • d6d1a74 chore: update contributors
  • 28b79a7 test: fix pubsub intermittent test (#741)
  • 81e70df chore: update interop version (#740)
  • e9478ce chore: release version v0.29.0-rc.1
  • 7be17a3 chore: update contributors
  • 93dda74 fix: peer record interop with go (#739)
  • cfbd52d chore: migration to 0.29 should use webrtc-star0.20
  • 6cd23ea chore: use gossipsub0.6
  • 9b75a0f chore: bump libp2p-webrtc-star
  • b606ce0 chore: release version v0.29.0-rc.0
  • 64c8c0f chore: update contributors
  • 9be582e docs: migration 0.28 to 0.29 (#736)
  • 55c9bfa feat: gossipsub 1.1 (#733)
  • 1e86971 fix: replace node buffers with uint8arrays (#730)
  • 9107efe chore: apply suggestions from code review
  • cd09327 chore: add notice for addressBook.set
  • ca57e65 chore: apply suggestions from code review
  • f574e82 chore: apply suggestions from code review
  • 15613cc fix: do not return self on peerstore.peers
  • dab1c8b chore: increase bundle size
  • d437def chore: rename isEqual to equals in tests
  • 74d414c chore: add certified peer records to persisted peer store
  • 8f2e690 feat: cerified addressbook

See the full diff

Package name: libp2p-secio The new version differs by 36 commits.
  • 2e37947 chore: release version v0.13.0
  • a6a37f2 chore: update contributors
  • c3f1f34 fix: replace node buffers with uint8arrays (#124)
  • 328e68f chore: release version v0.12.6
  • a7784bd chore: update contributors
  • 34c4844 fix: comply with message framing spec (#123)
  • 5649f44 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (#122)
  • 0bb318d chore: release version v0.12.5
  • dbc8077 chore: update contributors
  • 70a8a98 fix: return public key (#121)
  • d2efc8c chore: remove commitlint from CI (#120)
  • 7ef0f25 chore: release version v0.12.4
  • 5da41f6 chore: update contributors
  • 914eb4f fix: add buffer (#118)
  • ef5f09d chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 (#117)
  • a0bfc86 chore: release version v0.12.3
  • 4ef9b70 chore: update contributors
  • 027e0ad fix: remove use of assert module (#114)
  • 74e95e2 chore: release version v0.12.2
  • 2c2d467 chore: update contributors
  • ab3fe44 chore: update deps (#113)
  • b3a7040 chore: release version v0.12.1
  • f1e79ce chore: update contributors
  • b22152a chore: clean up published package (#110)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants