Skip to content

[Snyk] Fix for 1 vulnerabilities #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #10

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-NODEFORGE-598677		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: libp2p The new version differs by 126 commits.
  • 3bde9c8 chore: release version v0.24.4
  • 14e12ee chore: update contributors
  • 2374929 chore: update deps
  • 26de739 chore: 2019 q1 okrs planning (#293)
  • 0f8d6af chore: release version v0.24.3
  • daa2685 chore: update contributors
  • fdfb7b4 fix: not started yet (#297)
  • 15bdb79 chore: release version v0.24.2
  • 7d78728 chore: update contributors
  • 53ed3bd fix: use symbol instead of constructor name (#292)
  • ae51388 chore: release version v0.24.1
  • 7c78faa chore: update contributors
  • 7d12eb9 feat: allow configurable validators and selectors to the dht (#288)
  • 581a1de docs: merge example links: Peer and Content Routing (#285)
  • 288ac17 chore: update changelog
  • 2e4459b chore: release version v0.24.0
  • 2a5232b chore: update contributors
  • 44915b3 0.24.0-rc.3
  • 64bba57 chore: add publish files to package
  • 88ebd1f test: improve multiaddr trim test
  • 92cd591 chore: update deps
  • 320d84f docs: update examples (#271)
  • 970deec feat: add maxNumProviders to findprovs (#283)
  • 714b6ec fix: improve get peer info errors

See the full diff

Package name: libp2p-kad-dht The new version differs by 70 commits.
  • 323da51 chore: release version v0.14.2
  • 955b887 chore: update contributors
  • 441e29e chore: update dependencies (#70)
  • 59d1a94 chore: release version v0.14.1
  • 40a33a9 chore: update contributors
  • de5a9fb fix: typo get many option (#63)
  • 56c65e0 chore: release version v0.14.0
  • 490161c chore: update contributors
  • 3046b54 chore: update options timeout property (#62)
  • d645235 chore: release version v0.13.0
  • 43f9b4a chore: update contributors
  • 742b3fb feat: run queries on disjoint paths (#37) (#39)
  • 54336dd fix: make 'find peer query' test reliable (#58)
  • 60dc71e chore: release version v0.12.1
  • 0fe134f chore: update contributors
  • b731a1d feat: allow configurable validators and selectors (#57)
  • 31fb401 chore: release version v0.12.0
  • 0533e26 chore: update contributors
  • 03ad002 chore: add error code to all errors (#53)
  • f246eda chore: release version v0.11.1
  • 339c4ac chore: update contributors
  • 40bd243 chore: add max num providers to find providers (#55)
  • 3a5581b chore: release version v0.11.0
  • 326c149 chore: update contributors

See the full diff

Package name: libp2p-mdns The new version differs by 21 commits.
  • c4e90b4 chore: release version v0.12.2
  • d38e84b chore: update contributors
  • bd333c8 chore: update deps
  • 7398c19 chore: release version v0.12.1
  • 0ab8893 chore: update contributors
  • d267551 chore: upgrade dependencies
  • 28a1177 chore: add lead maintainer and fix readme headers (#75)
  • 313f74c chore: update gitignore
  • 85ced60 chore: release version v0.12.0
  • fcee5be chore: update contributors
  • 02eea97 docs: update README
  • d3eeb6e feat: (BREAKING CHANGE) update constructor. add tag
  • 526392b chore: release version v0.11.0
  • db03208 chore: update contributors
  • 7017875 chore: release version v0.10.0
  • 856136f chore: fix npm scripts
  • 78b9f3e chore: update deps
  • 2048b24 chore: update deps
  • c69ab01 docs(readme): mdns messages (#73)
  • cb69f2f feat: Use latest multicast-dns and dns-packet (#69)
  • fa8fe22 feat: service names (#68)

See the full diff

Package name: libp2p-secio The new version differs by 15 commits.

See the full diff

Package name: libp2p-websocket-star-multi The new version differs by 16 commits.

See the full diff

Package name: peer-info The new version differs by 17 commits.
  • b89f0ff chore: release version v0.15.0
  • 8478835 chore: update contributors
  • 0c44427 Merge pull request #69 from libp2p/chore/upgrade-dependencies
  • 6bcb085 chore: upgrade dependencies
  • e83cfa8 docs: add lead maintainer
  • 4323518 chore: update deps
  • 40f1dd4 chore: release version v0.14.1
  • 732ab32 chore: update contributors
  • 03b60ae chore: update deps
  • 0dc8e03 feat: add filter functionality for multiaddr (#63)
  • cf71234 chore: release version v0.14.0
  • 706556e chore: update contributors
  • 17729b5 chore: release version v0.13.0
  • 85b6c09 chore: update contributors
  • 8e08022 chore: release version v0.12.0
  • 2675720 chore: update contributors
  • 3f835a3 chore: update deps

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
b0a650e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot