[Snyk] Fix for 1 vulnerabilities

[awaisab172]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipns

The new version differs by 34 commits.

• 4d1aff1 chore: release version v0.8.0
• a41f809 chore: update contributors
• 06ee535 fix: replace node buffers with uint8arrays ([Snyk] Security upgrade ipld-zcash from 0.3.0 to 0.5.2 #67)
• 2ae9525 chore(deps-dev): bump ipfs from 0.48.2 to 0.49.0 ([Snyk] Fix for 1 vulnerabilities #65)
• 4fe0828 chore(deps-dev): bump ipfs-http-client from 45.0.0 to 46.0.0 ([Snyk] Security upgrade ipfs-repo from 0.26.6 to 0.27.0 #66)
• fd238f9 chore: release version v0.7.4
• 315ee78 chore: update contributors
• 1843a23 chore(deps): bump multihashes from 1.0.1 to 3.0.1 ([Snyk] Fix for 16 vulnerabilities #59)
• d027162 chore(deps): bump multibase from 1.0.1 to 3.0.0 ([Snyk] Security upgrade libp2p from 0.26.2 to 0.27.0 #57)
• 64e892e chore(deps-dev): bump ipfs-http-client from 44.3.0 to 45.0.0 ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #52)
• 42edb64 chore(deps-dev): bump ipfs from 0.47.0 to 0.48.1 ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #53)
• 260afcd chore(deps-dev): bump ipfs from 0.46.0 to 0.47.0 ([Snyk] Security upgrade ipfs-repo from 0.26.6 to 15.0.0 #50)
• d771771 chore: release version v0.7.3
• c37ab19 chore: update contributors
• a3f8d38 chore: update deps ([Snyk] Fix for 1 vulnerabilities #49)
• 7c6c672 fix: key encoding ([Snyk] Fix for 1 vulnerabilities #48)
• 7d3c49c chore(deps-dev): bump aegir from 22.1.0 to 23.0.0 ([Snyk] Fix for 1 vulnerabilities #43)
• 40d1df5 chore(deps-dev): bump ipfs from 0.44.0 to 0.46.0 ([Snyk] Fix for 3 vulnerabilities #41)
• e8a9471 update contributing link ([Snyk] Fix for 1 vulnerabilities #38)
• 0dd3859 chore(deps-dev): bump ipfs from 0.43.3 to 0.44.0 ([Snyk] Fix for 2 vulnerabilities #39)
• f7ee71b chore: release version v0.7.2
• 0bae59c chore: update contributors
• 23a846e chore(deps): bump interface-datastore from 0.8.3 to 1.0.2 ([Snyk] Security upgrade just-safe-set from 2.2.3 to 4.0.2 #36)
• 3c8030b chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 ([Snyk] Security upgrade ipfs-repo from 0.28.2 to 2.0.1 #37)

See the full diff

Package name: libp2p

The new version differs by 250 commits.

• bbf8ef7 chore: release version v0.29.0
• d6d1a74 chore: update contributors
• 28b79a7 test: fix pubsub intermittent test (test: 'get recursive' test ipfs/js-ipfs#741)
• 81e70df chore: update interop version (🌟 feat: add websocket bootstrapers to the config ipfs/js-ipfs#740)
• e9478ce chore: release version v0.29.0-rc.1
• 7be17a3 chore: update contributors
• 93dda74 fix: peer record interop with go (DNS support for Bootstrapper nodes ipfs/js-ipfs#739)
• cfbd52d chore: migration to 0.29 should use webrtc-star0.20
• 6cd23ea chore: use gossipsub0.6
• 9b75a0f chore: bump libp2p-webrtc-star
• b606ce0 chore: release version v0.29.0-rc.0
• 64c8c0f chore: update contributors
• 9be582e docs: migration 0.28 to 0.29 (Add failing get recursive test ipfs/js-ipfs#736)
• 55c9bfa feat: gossipsub 1.1 (test: refactor for test sanity ipfs/js-ipfs#733)
• 1e86971 fix: replace node buffers with uint8arrays (Should not append /ipfs/id if the multiaddr already has it ipfs/js-ipfs#730)
• 9107efe chore: apply suggestions from code review
• cd09327 chore: add notice for addressBook.set
• ca57e65 chore: apply suggestions from code review
• f574e82 chore: apply suggestions from code review
• 15613cc fix: do not return self on peerstore.peers
• dab1c8b chore: increase bundle size
• d437def chore: rename isEqual to equals in tests
• 74d414c chore: add certified peer records to persisted peer store
• 8f2e690 feat: cerified addressbook

See the full diff

Package name: libp2p-bootstrap

The new version differs by 30 commits.

• 1d2ca16 chore: release version v0.12.0
• d38c837 chore: update contributors
• b59b7ad fix: replace node buffers with uint8arrays (merge tests ipfs/js-ipfs#106)
• d14bd1e chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (Fix for ipfs.files.add + added corresponding tests ipfs/js-ipfs#104)
• 189e2a7 chore: release version v0.11.0
• 3f992d5 chore: update contributors
• 01ce4ec Merge pull request move, update and clean the roadmap ipfs/js-ipfs#103 from libp2p/chore/peer-discovery-not-using-peer-info
• 3a9200e chore: use new libp2p-interfaces release
• b782934 chore: add tests for peer-discovery interface
• 8a99f1b chore: peer-discovery not using peer-info
• a87c1f7 chore(deps-dev): bump aegir from 20.6.1 to 21.2.0 (Update README.md ipfs/js-ipfs#102)
• a0d96c5 chore: release version v0.10.4
• cfa0718 chore: update contributors
• 29b8aa6 fix: remove use of assert module ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #99)
• d38edfb chore: release version v0.10.3
• a2a1f20 chore: update contributors
• 5041f28 fix: validate list ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #97)
• 83201ca chore: update deps ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #96)
• 37ed296 chore: release version v0.10.2
• c247d30 chore: update contributors
• 5ad84ff Revert "fix: use callback in start from js-libp2p ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #93)"
• c2d9ae9 chore: release version v0.10.1
• 59b46ff chore: update contributors
• 74c305d fix: use callback in start from js-libp2p ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #93)

See the full diff

Package name: libp2p-delegated-content-routing

The new version differs by 13 commits.

• dff4cbd chore: release version v0.4.3
• 4d166ab chore: update contributors
• d36b085 chore: update ipfs-http-client dep ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #23)
• f672b84 docs: document required API endpoints ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #21)
• ad91771 chore: release version v0.4.2
• 8e532ea chore: update contributors
• 7af6f74 chore: use it-all ([Snyk] Security upgrade libp2p from 0.26.2 to 0.30.3 #20)
• 6ff0e64 chore: release version v0.4.1
• 3868dce chore: update contributors
• b2690c7 fix: async it refs ([Snyk] Security upgrade libp2p from 0.26.2 to 0.30.3 #19)
• 31b26bc chore: release version v0.4.0
• 524e11f chore: update contributors
• 22ff40c chore: rename timeout option ([Snyk] Fix for 1 vulnerabilities #18)

See the full diff

Package name: libp2p-delegated-peer-routing

The new version differs by 22 commits.

• b90d1ac chore: release version v0.6.0
• dd25092 chore: update contributors
• d903612 chore: update deps ([Snyk] Security upgrade react-scripts from 3.1.1 to 3.4.4 #35)
• 38d2848 chore: release version v0.5.0
• 1bb207a chore: update contributors
• a1b1b5e chore: make ipfs-http-client a peer dependency ([Snyk] Security upgrade react-scripts from 3.1.1 to 3.4.4 #32)
• f49ddc0 chore: remove-peer-info-from-api ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #25)
• 4e76474 chore(deps-dev): bump ipfsd-ctl from 3.1.0 to 4.0.1 ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #31)
• 3255b6f chore: release version v0.4.3
• e90430c chore: update contributors
• 528adf3 chore: update deps ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #30)
• bdb89b6 chore: release version v0.4.2
• 46658e0 chore: update contributors
• 67536b4 chore: update ipfs-http-client to the latest version ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #23)
• c777434 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2
• 00296ba chore: release version v0.4.1
• ee2128e chore: update contributors
• afbc877 chore: update ipfs-http-client dep ([Snyk] Fix for 1 vulnerabilities #17)
• 949c0c0 docs: document required API endpoint ([Snyk] Fix for 1 vulnerabilities #15)
• 9a46c6b chore: release version v0.4.0
• 1510fde chore: update contributors
• 36d852f chore: rename timeout option ([Snyk] Security upgrade libp2p-webrtc-star from 0.16.1 to 0.20.4 #14)

See the full diff

Package name: libp2p-gossipsub

The new version differs by 117 commits.

• 28d214e chore: release version v0.5.0
• 60c1486 chore: update contributors
• 2f50108 fix: replace node buffers with uint8arrays (js-multihash ipfs/js-ipfs#118)
• a590997 chore: release version v0.4.6
• a76f829 chore: update contributors
• afcfb1e Merge pull request Make ipfs config commands work with daemon running ipfs/js-ipfs#109 from ChainSafe/fix/connected-with-a-subscriber-before-mesh-created-should-send-messages
• 060346a fix: connected with a subscriber before a mesh is created should send messages
• d171126 Merge pull request merge tests ipfs/js-ipfs#106 from ChainSafe/badges
• da322e3 es and node badges
• a5adedf es and node badges
• 97943fe chore: release version v0.4.5
• 2f1fdaa chore: update contributors
• 8118894 fix: use unidirectional streams ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #78)
• beaa225 chore: release version v0.4.4
• 569d66d chore: update contributors
• dd86739 fix: add static member for multicodec ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #81)
• df12156 chore: release version v0.4.3
• e69b983 chore: update contributors
• 49dc8fd Merge pull request [Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #77 from ChainSafe/typescript
• 666099e chore: add pretest script
• 99bb48f chore: remove duplication in RPC interfaces
• 12c40d1 chore: add more comments to RPC interfaces
• 8610696 chore: address PR comments
• ba64575 chore: add pre_script to travis

See the full diff

Package name: libp2p-kad-dht

The new version differs by 102 commits.

• 6c85b6b chore: release version v0.20.6
• ded5639 chore: update contributors
• 6be6f32 chore: update deps (Only log addresses that are actually being listened on ipfs/js-ipfs#213)
• 4321ae7 chore: release version v0.20.5
• 040136a chore: update contributors
• 3c2096e fix: do not throw on empty provider list (Added License, Hack section, fixed spelling mistakes, cleaned up Cont… ipfs/js-ipfs#212)
• 5c39279 chore: release version v0.20.4
• 0905b74 chore: update contributors
• d0db16b feat: adds removeLocal function (Update peer-book to version 0.1.1 🚀 ipfs/js-ipfs#211)
• ba029ca chore: release version v0.20.3
• 24e3319 chore: update contributors
• c1f71f9 chore: add files to package json (pre-commit@1.1.3 breaks build ⚠️ ipfs/js-ipfs#208)
• 20d57b5 feat: adds custom multicodec protocol option (libp2p-swarm@0.12.10 breaks build ⚠️ ipfs/js-ipfs#206)
• efd5e0f chore: release version v0.20.2
• 9e6e9cf chore: update contributors
• b28afdd feat: onPut and onRemove events (WIP add, cat and get HTTP-API Endpoints ipfs/js-ipfs#205)
• 87f8511 chore: release version v0.20.1
• 5840ab2 chore: update contributors
• 1d6f0bd chore: update deps (ipfs-api@3.0.3 breaks build 🚨 ipfs/js-ipfs#203)
• 61ee22b chore: release version v0.20.0
• d3d8256 chore: update contributors
• 989be87 fix: replace node buffers with uint8arrays (lodash@4.12.0 breaks build ⚠️ ipfs/js-ipfs#202)
• 8eabccf chore: release version v0.19.9
• f8b041c chore: update contributors

See the full diff

Package name: libp2p-mdns

The new version differs by 29 commits.

• ddcc10b chore: release version v0.15.0
• 061c3f0 chore: update contributors
• 3cf0e75 chore: upgrade deps ([Snyk] Security upgrade react-scripts from 3.1.1 to 4.0.0 #97)
• e1087a9 chore: release version v0.14.3
• 0ecc116 chore: update contributors
• 9fea1f6 fix: ensure event handlers are removed on MulticastDNS.stop ([Snyk] Security upgrade react-scripts from 3.1.1 to 5.0.0 #96)
• 9186dbf chore: release version v0.14.2
• 183c065 chore: update contributors
• 9f45f73 fix: actually check tcp multiaddrs ([Snyk] Fix for 5 vulnerabilities #94)
• 60a0dbe chore: release version v0.14.1
• edec51d chore: update contributors
• 3dc9475 test(fix): wait for the right peer in 3+ tests ([Snyk] Security upgrade ipld-zcash from 0.3.0 to 0.5.2 #92)
• cfe90c6 chore: use address manager ([Snyk] Fix for 1 vulnerabilities #91)
• 5b46aaa chore: release version v0.14.0
• bcf3e44 chore: update contributors
• fca175e chore: peer-discovery not using peer-info ([Snyk] Security upgrade ipfs-repo from 0.28.2 to 11.0.0 #90)
• ecdda6e chore: release version v0.13.3
• 28c0ae1 chore: update contributors
• cf180e1 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2
• e362b04 fix: remove use of assert module ([Snyk] Fix for 1 vulnerabilities #87)
• bea3dd1 chore: release version v0.13.2
• 0d2c1a1 chore: update contributors
• 084ee53 chore: remove unused dep async ([Snyk] Security upgrade vue from 2.7.16 to 3.0.0 #86)
• a9661bd chore: release version v0.13.1

See the full diff

Package name: libp2p-secio

The new version differs by 29 commits.

• 2e37947 chore: release version v0.13.0
• a6a37f2 chore: update contributors
• c3f1f34 fix: replace node buffers with uint8arrays (js-libp2p-spdy ipfs/js-ipfs#124)
• 328e68f chore: release version v0.12.6
• a7784bd chore: update contributors
• 34c4844 fix: comply with message framing spec (js-libp2p-tcp ipfs/js-ipfs#123)
• 5649f44 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (js-libp2p-swarm ipfs/js-ipfs#122)
• 0bb318d chore: release version v0.12.5
• dbc8077 chore: update contributors
• 70a8a98 fix: return public key (js-multistream ipfs/js-ipfs#121)
• d2efc8c chore: remove commitlint from CI (js-multiaddr ipfs/js-ipfs#120)
• 7ef0f25 chore: release version v0.12.4
• 5da41f6 chore: update contributors
• 914eb4f fix: add buffer (js-multihash ipfs/js-ipfs#118)
• ef5f09d chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 (js-peer-id ipfs/js-ipfs#117)
• a0bfc86 chore: release version v0.12.3
• 4ef9b70 chore: update contributors
• 027e0ad fix: remove use of assert module (js-ipfs-repo ipfs/js-ipfs#114)
• 74e95e2 chore: release version v0.12.2
• 2c2d467 chore: update contributors
• ab3fe44 chore: update deps (js-ipfs-unixfs ipfs/js-ipfs#113)
• b3a7040 chore: release version v0.12.1
• f1e79ce chore: update contributors
• b22152a chore: clean up published package (Shared Core API (standardise across js-ipfs and js-ipfs-api) ipfs/js-ipfs#110)

See the full diff

Package name: libp2p-webrtc-star

The new version differs by 69 commits.

• 2af1167 chore: release version v0.19.0
• 5ffbe88 chore: update contributors
• 306b453 fix: use relaxed webrtc check (Update ipfs-unixfs-engine to version 0.7.0 🚀 ipfs/js-ipfs#249)
• 68805b0 fix: replace node buffers with uint8arrays (Update libp2p-ipfs to version 0.6.0 🚀 ipfs/js-ipfs#244)
• 9b87e9b chore(deps): bump streaming-iterables from 4.1.2 to 5.0.2 (Update libp2p-ipfs to version 0.5.0 🚀 ipfs/js-ipfs#239)
• 1d03c8a chore: add webrtc servers (Update libp2p-swarm to version 0.13.0 🚀 ipfs/js-ipfs#232)
• 4007894 chore: release version v0.18.6
• de4cd12 chore: update contributors
• 5795435 fix: use simple-peer fork that does not throw when setting error codes (Update multiaddr to version 2.0.0 🚀 ipfs/js-ipfs#231)
• c07ac28 chore: release version v0.18.5
• 8a02859 chore: update contributors
• f09d007 chore: use ipfs utils for webrc support (daemon leaves behind api file lock on error ipfs/js-ipfs#229)
• 79059da chore(deps-dev): bump aegir from 22.1.0 to 23.0.0 (WIP http cat ipfs/js-ipfs#227)
• f89449a chore: release version v0.18.4
• 130da90 chore: update contributors
• 74e9059 fix: do not signal if channel destroyed (chore(package): update ipfs-api to version 4.0.3 ipfs/js-ipfs#226)
• dc9bfa6 fix: add error handler for incoming connections (aegir@3.0.4 breaks build ⚠️ ipfs/js-ipfs#224)
• 50dd42d chore: make the docker image much smaller. (aegir@3.0.3 breaks build ⚠️ ipfs/js-ipfs#223)
• 7fc8a8b chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (Update ipfs-api to version 4.0.1 🚀 ipfs/js-ipfs#221)
• bb781a3 chore: release version v0.18.3
• 7357362 chore: update contributors
• fe14c96 chore: release version v0.18.2
• d571fd0 chore: update contributors
• 830507d chore: update aegir (Update ipfs-api to version 4.0.0 🚀 ipfs/js-ipfs#220)

See the full diff

Package name: peer-id

The new version differs by 67 commits.

• 5468ee0 chore: release version v0.14.3
• f895151 chore: update contributors
• e7d0eaa chore: update deps (Fix a typo: infrasture -> infrastructure ipfs/js-ipfs#137)
• 41ab96c docs: correct case for RSA keyType (snazzy@3.0.1 breaks build ⚠️ ipfs/js-ipfs#136)
• 4178e53 docs: add documentation for isPeerId(id) (Update ipfs-repo to version 0.6.0 🚀 ipfs/js-ipfs#134) (Update ipfs-repo to version 0.6.1 🚀 ipfs/js-ipfs#135)
• 10ead07 chore: release version v0.14.2
• d940099 chore: update contributors
• b2ee342 feat: has inline public key method (Fix peer-id errors on browser tests ipfs/js-ipfs#132)
• ecc1e5b chore: release version v0.14.1
• 153bc8e chore: update contributors
• d40d588 fix: ts constructor types (peer-id@0.6.3 breaks build 🚨 ipfs/js-ipfs#130)
• 224b30c fix: privKey possible undefined (Update karma-spec-reporter to version 0.0.26 🚀 ipfs/js-ipfs#129)
• 6d571ae fix: typo in readme (Video player with js-ipfs ipfs/js-ipfs#128)
• ff4bd96 chore: release version v0.14.0
• 427b46c chore: update contributors
• d16ce9c fix: replace node buffers with uint8arrays (example: Use js-ipfs to load the entire assets of a WebSite/WebApplication ipfs/js-ipfs#127)
• cd99cb2 chore: release version v0.13.13
• c295329 chore: update contributors
• bb32b12 chore: update deps (js-libp2p-ipfs-browser ipfs/js-ipfs#126)
• 6fd5ca2 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (js-libp2p-spdy ipfs/js-ipfs#124)
• 020b963 chore: release version v0.13.12
• e3da29a chore: update contributors
• 8cd9dfb feat(cli): add support for specifying type and size (js-libp2p-swarm ipfs/js-ipfs#122)
• 3598a43 chore: release version v0.13.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic