[Snyk] Fix for 11 vulnerabilities #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

NickGDev-zz wants to merge 1 commit into master from snyk-fix-06d5156fb8a6ee39ccf75d239d4483b8

Owner

NickGDev-zz commented Oct 4, 2022

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Root Path Disclosure npm:send:20151103	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Memory Exposure npm:ws:20160104	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20160624	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	Yes	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: send

The new version differs by 206 commits.

b11c3a3 Release 0.16.0
9f562e3 deps: mime@1.4.1
a472ed3 perf: improve path validation speed
63c0d33 Add "immutable" option
a1a3445 Fix missing </html> in default error & redirects
528559b lint: apply standard 10 style
bc6b5d4 Use instance methods on steam to check for listeners
ccdf3ab deps: mime@1.4.0
8b080c8 Release 0.15.6
43738dd perf: improve If-Match token parsing
c3fd47b lint: remote parameter reassignments
4edb37e deps: debug@2.6.9
2d17fa1 Release 0.15.5
32ef137 deps: fresh@0.5.2
112e8b3 deps: etag@~1.8.1
1daeb4c build: Node.js@8.4
0eafb9a build: Node.js@6.11
bad2a46 Release 0.15.4
aa380d2 deps: http-errors@~1.6.2
fb3e006 deps: depd@~1.1.1
1e45f67 build: support Node.js 8.x
3bea353 deps: debug@2.6.8
cbeac74 build: Nodejs@7.10
a20f8f2 Release 0.15.3

See the full diff

Package name: websocket-stream

The new version differs by 98 commits.

e743003 Bumped v5.2.0.
441a94a Merge pull request #147 from scarry1992/cork-logic-browser-fix
d1879ff fix if structure
21443f3 cork client fix
3f39dcb Bumped v5.1.2.
aa3f04b Merge pull request #142 from ChALkeR/patch-1
e69d128 Avoid using deprecated Buffer constructor
48dc3dd Removed _destroy() alltogether
da49e02 Bumped v5.1.1
f715bf3 Use this.end() in _destroy
0fe66d9 Bumped v5.1.0.
9b2bb17 Updated deps. push null in case of _destroy
a6a7275 Merge pull request #135 from lpinca/use/_destroy
65bcbca Do not override the `destroy` method, use `_destroy` instead
1a140a8 Merge pull request #134 from roccomuso/patch-1
e2a5164 Update demo
9667649 Merge pull request #132 from moshest/patch-1
9b8d7e0 Add express.js usage example
8f1c28c Bumped 5.0.1.
68f9e5a Fixed tabs vs spaces
6a6e4d0 fixed: WS is null
15e83fb fix: window is undefined
b9796a1 Bumped v5.0.0.
42a155a Merge pull request #123 from lpinca/update/ws

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn


          fix: package.json to reduce vulnerabilities

cde94c1

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:send:20151103
- https://snyk.io/vuln/npm:ws:20160104
- https://snyk.io/vuln/npm:ws:20160624
- https://snyk.io/vuln/npm:ws:20160920
- https://snyk.io/vuln/npm:ws:20171108

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet