[Snyk] Fix for 23 vulnerabilities #232

snyk-bot · 2023-04-26T20:47:09Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- node_modules/lines-and-columns/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
635/1000 Why? Has a fix available, CVSS 8.2	Information Disclosure SNYK-JS-SEMANTICRELEASE-1041706	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept
704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	Yes	Mature
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mocha

The new version differs by 250 commits.

5f96d51 build(v10.1.0): release
ed74f16 build(v10.1.0): update CHANGELOG
51d4746 chore(devDeps): update 'ESLint' to v8 (#4926)
4e06a6f fix(browser): increase contrast for replay buttons (#4912)
41567df Support prefers-color-scheme: dark (#4896)
61b4b92 fix the regular expression for function `clean` in `utils.js` (#4770)
77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill (#4905)
84b2f84 chore(ci): upgrade GH actions to latest versions (#4899)
023f548 build(v10.0.0): release
62b1566 build(v10.0.0): update CHANGELOG
fbe7a24 chore: update dependencies (#4878)
2b98521 docs: replace 'git.io' short links (#4877) [ci skip]
007fa65 chore(ci): add Node v18 to test matrix (#4876)
f6695f0 chore(esm): remove code for Node v12 (#4874)
59f6192 chore(ci): conditionally skip 'push' event (#4872)
b863359 docs: fix 'fgrep' url (#4873)
baaa41a chore(ci): ignore changes to docs files (#4871)
ac81cc5 refactor!: drop support of 'growl' notification (#4866)
3946453 chore(deps)!: upgrade 'minimatch' (#4865)
592905b refactor!: rename 'bin/mocha' to 'bin/mocha.js' (#4863)
b7b849b refactor!: remove deprecated Runner signature (#4861)
0608fa3 chore(site): fix supporters' download (#4859)
785aeb1 chore(test): drop AMD/'requirejs' (#4857)
ed640c4 chore(devDeps): upgrade 'coffee-script' (#4856)

See the full diff

Package name: semantic-release

The new version differs by 250 commits.

c8d38b6 style: removed line breaks to align with xo rule ([Snyk] Security upgrade ava from 1.4.1 to 6.0.0 #1689)
ca90b34 fix: mask secrets when characters get uri encoded
63fa143 docs(plugins): add listing for new plugin ([Snyk] Security upgrade nyc from 10.3.2 to 13.0.1 #1686)
2bf3771 fix: use valid git credentials when multiple are provided ([Snyk] Security upgrade semantic-release from 6.3.6 to 12.0.0 #1669)
77a75f0 fix: don't parse port as part of the path in repository URLs ([Snyk] Security upgrade karma from 1.7.1 to 2.0.0 #1671)
d74ffef docs: add npm-deprecate-old-versions in plugins list ([Snyk] Security upgrade karma from 1.7.1 to 2.0.0 #1667)
3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key ([Snyk] Security upgrade airtap from 0.0.4 to 1.0.0 #1656)"
b8fb35c feat: throw an Error if package.json has duplicate "repository" key ([Snyk] Security upgrade airtap from 0.0.4 to 1.0.0 #1656)
18e35b2 docs: reorder default plugins list ([Snyk] Security upgrade changelogx from 3.0.0 to 4.0.0 #1650)
e35e5bb docs(contributing): fix commit message examples ([Snyk] Security upgrade karma from 0.13.22 to 2.0.0 #1648)
311c465 docs(README): welcome @ travi, add alumni section
b4c5d0a fix: add logging for when ssh falls back to http ([Snyk] Security upgrade eslint from 6.8.0 to 9.0.0 #1639)
c982249 docs(contributing): typo fix ([Snyk] Security upgrade eslint from 5.16.0 to 9.0.0 #1638)
9635f50 docs: improve github actions recipe on git plugin ([Snyk] Security upgrade eslint from 5.16.0 to 9.0.0 #1626)
d036a89 ci(docs): use actions/checkout@v2 ([Snyk] Security upgrade eslint from 6.8.0 to 9.0.0 #1620)
9303d1d docs(resources.md): added more sematnic release article ([Snyk] Security upgrade karma-webpack from 3.0.5 to 5.0.0 #1610)
b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release ([Snyk] Security upgrade eslint from 2.13.1 to 9.0.0 #1607)
ee44ee8 docs(github-actions): suggest action_dispatch as trigger ([Snyk] Security upgrade eslint from 6.8.0 to 9.0.0 #1605)
b24d247 docs: add `semantic-release-rubygem` to community plugins ([Snyk] Security upgrade eslint from 3.19.0 to 9.0.0 #1602)
6d118c6 docs: be clear about what module of semantic-release handles updating the package.json ([Snyk] Security upgrade eslint from 6.8.0 to 9.0.0 #1601)
b5c9dea docs: update github documentation to `docs.github.com`
1405b94 docs: added recipe for Jenkins CI configuration ([Snyk] Upgrade ts-loader from 8.0.2 to 8.3.0 #1) ([Snyk] Security upgrade tap from 13.1.11 to 14.10.2 #1591)
0f0c650 fix: use correct ci branch context ([Snyk] Security upgrade eslint-release from 1.2.0 to 2.0.0 #1521)
a465801 feat(bitbucket-basic-auth): support for bitbucket server basic auth ([Snyk] Security upgrade eslint from 3.19.0 to 9.0.0 #1578)

See the full diff

Package name: ts-node

The new version differs by 50 commits.

d90ffba 3.2.0
2e03f54 fix(package): update chalk to version 2.0.0 ([Snyk] Fix for 5 vulnerabilities #372)
c60d3a7 Export `printError` utility ([Snyk] Security upgrade requests from 1.2.3 to 2.20 #376)
3f0d975 Enable debug flag for method call tracking ([Snyk] Fix for 19 vulnerabilities #377)
394ddb8 Boolean flags inherit from env ([Snyk] Fix for 44 vulnerabilities #375)
82effb2 Handle possibly undefined diagnostic "start"
9bc3dd8 Remove `preferGlobal` from `package.json`
3ea7458 3.1.0
1cac86b Combine source map with source file output ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #368)
61f1c16 Add missing implementations to service host ([Snyk] Fix for 4 vulnerabilities #366)
28697b1 chore(package): update tslint-config-standard to version 6.0.0 ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #354)
125544f 3.0.6
ae4b423 Set `cache.contents` (no version) on read request ([Snyk] Fix for 8 vulnerabilities #347)
c18331a 3.0.5
5cf97b1 Add `--inspect-brk` to known flags ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #343)
7dfb3e3 Pin node tests at `6.x` ([Snyk] Fix for 5 vulnerabilities #340)
633d537 chore(package): update chai to version 4.0.1 ([Snyk] Security upgrade standard from 7.1.2 to 11.0.0 #337)
b751a56 Define `exports` and improve `getTypeInfo` help ([Snyk] Security upgrade tap from 0.4.13 to 1.0.8 #332)
d018300 Update `yn` default option
cc3bf22 Expose `_` bin file for consumers to use
01a6be2 3.0.4
d5849b4 Enable caching by default for programmatic usage ([Snyk] Fix for 4 vulnerabilities #323)
1856f71 3.0.3
491ce93 Delete config options after TypeScript parse ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #321)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

snyk-bot mentioned this pull request Apr 27, 2023

[Snyk] Fix for 13 vulnerabilities #243

Open

aliscco mentioned this pull request Apr 27, 2023

[Snyk] Fix for 7 vulnerabilities #267

Open

This was referenced Jun 21, 2023

[Snyk] Fix for 1 vulnerabilities #527

Open

[Snyk] Fix for 1 vulnerabilities #531

Open

[Snyk] Fix for 1 vulnerabilities #621

Open

[Snyk] Security upgrade airtap from 0.0.4 to 1.0.0 #746

Open

aliscco mentioned this pull request Nov 29, 2023

[Snyk] Security upgrade airtap from 0.0.4 to 1.0.0 #953

Open

This was referenced Apr 16, 2024

[Snyk] Security upgrade airtap from 0.0.4 to 1.0.0 #1655

Open

[Snyk] Security upgrade airtap from 0.0.4 to 1.0.0 #1656

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 23 vulnerabilities #232

[Snyk] Fix for 23 vulnerabilities #232

snyk-bot commented Apr 26, 2023

[Snyk] Fix for 23 vulnerabilities #232

Are you sure you want to change the base?

[Snyk] Fix for 23 vulnerabilities #232

Conversation

snyk-bot commented Apr 26, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: