[Snyk] Fix for 1 vulnerabilities #47

snyk-bot · 2021-07-30T22:00:04Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipfs-api

The new version differs by 21 commits.

f382ac0 chore: release version v26.0.3
2856afe chore: update contributors
7fb2cff chore: release version v26.0.2
75e0771 chore: update contributors
ddf8bee chore: release version v26.0.1
a8f37d6 chore: update contributors
0b46750 fix: pin.ls ignored opts when hash was present (#875)
9eaaea3 chore: release version v26.0.0
3f927a9 chore: update contributors
979d8b5 fix: add missing and remove unused dependencies (#879)
0652ac0 chore: update to ipld-dag-cbor 0.13
c534375 chore: remove ipld formats re-export (#872)
ef49e95 feat: ipns over pubsub (#846)
14a4471 chore: release version v25.0.0
07d6351 chore: update contributors
834934f fix: add bl module to package dependencies (#853) (#854)
68503cc chore: require just functions needed from lodash (#865)
c510cb7 fix: add lodash dependency (#873)
180da77 fix: >150mb bodies no longer crashing Chromium (#868)
afc5724 chore: set minimal node version to 8 (#847)
118a965 small fix to bundle-browserify for recent js-ipfs-api (#849)

See the full diff

Package name: libp2p

The new version differs by 50 commits.

3bde9c8 chore: release version v0.24.4
14e12ee chore: update contributors
2374929 chore: update deps
26de739 chore: 2019 q1 okrs planning ([Snyk] Security upgrade webpack from 4.47.0 to 5.94.0 #293)
0f8d6af chore: release version v0.24.3
daa2685 chore: update contributors
fdfb7b4 fix: not started yet ([Snyk] Fix for 13 vulnerabilities #297)
15bdb79 chore: release version v0.24.2
7d78728 chore: update contributors
53ed3bd fix: use symbol instead of constructor name ([Snyk] Security upgrade webpack from 2.7.0 to 5.94.0 #292)
ae51388 chore: release version v0.24.1
7c78faa chore: update contributors
7d12eb9 feat: allow configurable validators and selectors to the dht ([Snyk] Security upgrade ipfs from 0.30.0 to 0.66.1 #288)
581a1de docs: merge example links: Peer and Content Routing ([Snyk] Security upgrade ipfs from 0.30.0 to 0.66.1 #285)
288ac17 chore: update changelog
2e4459b chore: release version v0.24.0
2a5232b chore: update contributors
44915b3 0.24.0-rc.3
64bba57 chore: add publish files to package
88ebd1f test: improve multiaddr trim test
92cd591 chore: update deps
320d84f docs: update examples ([Snyk] Security upgrade ipfs from 0.30.0 to 0.66.1 #271)
970deec feat: add maxNumProviders to findprovs ([Snyk] Fix for 1 vulnerabilities #283)
714b6ec fix: improve get peer info errors

See the full diff

Package name: libp2p-circuit

The new version differs by 15 commits.

702fddc chore: release version v0.3.3
5b709dc chore: update contributors
29ed23c chore: update dependencies ([Snyk] Security upgrade ipfs from 0.30.0 to 0.50.0 #42)
36e0e44 chore: release version v0.3.2
4d0a673 chore: update contributors
c27c344 fix: connection establishment event handling ([Snyk] Security upgrade node from 9.5.0 to 14.16.1 #41)
b2698fd chore: release version v0.3.1
1d872ca chore: update contributors
e830ad8 chore: update files for publish
f17539a fix: catch bad peerid and update deps ([Snyk] Security upgrade ipfs from 0.30.0 to 0.35.0 #39)
26ad29f chore: release version v0.3.0
b0ac05a chore: update contributors
9dd3a40 correctly close streams on error conditions ([Snyk] Security upgrade ipfs from 0.30.0 to 0.51.0 #33)
4a71892 chore: remove non jenkins ci
1ac430d fix: listener should emit connection ([Snyk] Security upgrade ipfs from 0.30.0 to 0.50.0 #30)

See the full diff

Package name: libp2p-kad-dht

The new version differs by 26 commits.

323da51 chore: release version v0.14.2
955b887 chore: update contributors
441e29e chore: update dependencies ([Snyk] Security upgrade aegir from 14.0.0 to 15.0.0 #70)
59d1a94 chore: release version v0.14.1
40a33a9 chore: update contributors
de5a9fb fix: typo get many option ([Snyk] Fix for 1 vulnerabilities #63)
56c65e0 chore: release version v0.14.0
490161c chore: update contributors
3046b54 chore: update options timeout property ([Snyk] Fix for 3 vulnerabilities #62)
d645235 chore: release version v0.13.0
43f9b4a chore: update contributors
742b3fb feat: run queries on disjoint paths ([Snyk] Security upgrade ipfs from 0.30.0 to 0.50.0 #37) ([Snyk] Security upgrade ipfs from 0.30.0 to 0.35.0 #39)
54336dd fix: make 'find peer query' test reliable ([Snyk] Security upgrade ipfs-repo from 0.24.0 to 0.26.5 #58)
60dc71e chore: release version v0.12.1
0fe134f chore: update contributors
b731a1d feat: allow configurable validators and selectors ([Snyk] Security upgrade ipfs from 0.30.0 to 0.34.0 #57)
31fb401 chore: release version v0.12.0
0533e26 chore: update contributors
03ad002 chore: add error code to all errors ([Snyk] Security upgrade update-notifier from 2.5.0 to 3.0.0 #53)
f246eda chore: release version v0.11.1
339c4ac chore: update contributors
40bd243 chore: add max num providers to find providers ([Snyk] Fix for 2 vulnerabilities #55)
3a5581b chore: release version v0.11.0
326c149 chore: update contributors

See the full diff

Package name: libp2p-secio

The new version differs by 7 commits.

9b16472 chore: release version v0.11.1
dac8520 chore: update contributors
581d80f chore: update deps
f95a406 fix: reduce bundle size
80e3420 chore: release version v0.11.0
5d46976 chore: update contributors
a6290f2 chore: update dependencies

See the full diff

Package name: libp2p-websocket-star

The new version differs by 20 commits.

0d461ef chore: release version v0.10.2
7773e8c chore: update contributors
c78c1c2 test: fix discovery test
16b6339 fix: reduce bundle size ([Snyk] Security upgrade electron from 2.0.18 to 10.4.4 #66)
c102915 chore: release version v0.10.1
d8796c6 chore: update contributors
4741340 chore: update dependencies ([Snyk] Security upgrade ipld from 0.17.4 to 0.19.0 #69)
63608af chore: release version v0.10.0
013668e chore: update contributors
ae9fb1c feat: retrieve peers on connect ([Snyk] Security upgrade ipfs from 0.30.0 to 0.55.0 #64)
f3e1dc4 fix: remove dead code
e9f9fe1 chore: release version v0.9.1
e426f1c chore: update contributors
c4f110a chore: upgrade dependencies
8f19b49 chore: release version v0.9.0
6800e62 chore: update contributors
faa7c57 fix: better ws errors
9953f95 feat: fix stream closing behaviour
50de6af Update dependencies and remove non jenkins ci files ([Snyk] Security upgrade ipfs from 0.30.0 to 0.51.0 #60)
7ca0a5d chore: update lead maintainer

See the full diff

Package name: peer-book

The new version differs by 5 commits.

aea87ba chore: release version v0.9.0
2be0d64 chore: update contributors
645f504 chore: updates deps
516c30b Merge pull request [Snyk] Fix for 1 vulnerabilities #38 from libp2p/chore/upgrade-dependencies
94d1958 chore: upgrade dependencies

See the full diff

Package name: peer-info

The new version differs by 6 commits.

b89f0ff chore: release version v0.15.0
8478835 chore: update contributors
0c44427 Merge pull request [Snyk] Security upgrade ipld from 0.17.4 to 0.19.0 #69 from libp2p/chore/upgrade-dependencies
6bcb085 chore: upgrade dependencies
e83cfa8 docs: add lead maintainer
4323518 chore: update deps

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677

fix: package.json to reduce vulnerabilities

b8341dc

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677

adamlaska mentioned this pull request Feb 2, 2024

[Snyk] Fix for 16 vulnerabilities #230

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 1 vulnerabilities #47

[Snyk] Fix for 1 vulnerabilities #47

Uh oh!

snyk-bot commented Jul 30, 2021

Uh oh!

Uh oh!

[Snyk] Fix for 1 vulnerabilities #47

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #47

Uh oh!

Conversation

snyk-bot commented Jul 30, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Uh oh!