[Snyk] Fix for 10 vulnerabilities by arealmaas · Pull Request #22 · EdtechFoundry/semantic-release

arealmaas · 2023-12-04T14:46:29Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @semantic-release/condition-travis

The new version differs by 38 commits.

6cc3502 feat: Call github API to determine the Travis API to use (pro / regular)
eafebb0 chore(package): update prettier to version 1.7.2
f5275ff ci(codecov): Enforce coverage with Codecov
f21ad8c fix(package): update @ semantic-release/error to version 2.0.0
7057165 chore(readme): Fix badge paths
c504fd8 chore(package): Remove duplicate engines
cd17473 fix(package): Set minimum node version to 4
afb8819 chore: Fix eslint path
0e64be8 fix(package): remove semantic-release from peerDependencies
e578e8b ci(codecov): Replace coveralls by codecov
f411409 chore: Use prettier config for eslint-plugin-prettier
7e13e8c chore(package): update semantic-release to version 8.0.0
fe21932 ci(travis): Avoid double build and add comments to .travis.yml
5dc20a9 Merge pull request Create a semantic-release-plugin yeoman generator. semantic-release/semantic-release#71 from semantic-release/fix-greekeeper-badge
8a81ea0 chore: Fix typo in Greenkeeper badge URL
ee0e915 chore(package): Add `semantic-release` as peerDependencies
255b482 style(package): Format and add missing `main`
e82d9f6 refactor: Format and es6 (template strings)
56c1682 chore: More generic `.gitignore` (Windows, Mac OS, Linux)
d706bc6 chore: Remove lockfiles
4045cbf test: Use `ava` and `nyc` and refactor test in es6
9bc964c chore: Add `commitizen`
4904a01 chore: Add license file
f1348f8 style: use `eslint-config-standard` + `prettier`

See the full diff

Package name: github

The new version differs by 193 commits.

e6a0950 docs(CONTRIBUTING): Merging the Pull Request & releasing a new version
bc32299 chore: remove CHANGELOG.md - moved to GitHub releases
1f9216c chore(travis): semantic-release setup
68e5367 chore(package): semantic-release setup
493473c chore(gitignore): package-lock.json
2abb33f chore(package): remove package-lock.json
f74b2f8 docs(readme): add Greenkeeper badge
cab5531 chore(package): update dependencies
f4845cf chore(package): nyc & coveralls
4bcc50b docs(README): add coverage badge
70ed5de chore(travis): upload coverage after success
c088e0f chore(gitignore): .nyc_output, coverage
887a8ab chore(package): add @ gr2m to contributors
a2738dc chore(examples): rename repo owner to octokit
ad9907b chore(CONTRIBUTING): rename repo owner to octokit
c74aac5 style: standard
f67b1d3 style(scripts): remove trailing spaces in comments
439bf32 docs(examples): adapt for standard linter
04661e6 docs(README): adapt examples to standard linter
d106fd8 chore(package): standard, standard-markdown
e8bcb8f chore(package): @ octokit/fixtures@^2.4.0
106b422 test: lock/unlock issue
1ade57a chore: remove obsolete comments
155a211 test: branch protection

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 10 vulnerabilities#22

[Snyk] Fix for 10 vulnerabilities#22
arealmaas wants to merge 1 commit into
cariboufrom
snyk-fix-18c0ef0faf0445acd665b79667fecff3

arealmaas commented Dec 4, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

arealmaas commented Dec 4, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants