Skip to content

[Snyk] Fix for 1 vulnerabilities#32

Open
volkovasystems wants to merge 1 commit into
masterfrom
snyk-fix-9ef40cd9029ec1027132dd962c7a28e6
Open

[Snyk] Fix for 1 vulnerabilities#32
volkovasystems wants to merge 1 commit into
masterfrom
snyk-fix-9ef40cd9029ec1027132dd962c7a28e6

Conversation

@volkovasystems

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm The new version differs by 250 commits.
  • 30a9844 7.21.0
  • 0b2cd9d update AUTHORS
  • 06461ec docs: changelog for v7.21.0
  • 771a1cb chore(tests): fix snapshots
  • 71cdfd8 spdx-license-ids@3.0.10
  • 94f92de make-fetch-happen@9.0.5
  • 7ac621c smart-buffer@4.2.0
  • 218caca is-core-module@2.6.0
  • ff6626a fix(docs): update npm-publish access flag info
  • b6f40b5 tar@6.1.10
  • e9e5ee5 @ npmcli/arborist@2.8.2
  • 991a3bd read-package-json@4.0.0
  • f077724 init-package-json@2.0.4
  • 68a19bb fix(error-message): look for er.path not er.file
  • ff34d6c feat(cache): initial implementation of ls and rm
  • 8183976 normalize-package-data@3.0.3
  • df57f0d @ npmcli/run-script@1.8.6
  • 487731c fix(logging): sanitize logged argv
  • 7a58264 chore(ci): check that docs are up to date in ci
  • 22f3bbb chore(docs): add more 'autogenerated' comments
  • 4314490 fix(docs): revert auto-generated portion of docs
  • 32e88c9 fix(did-you-mean): switch levenshtein libraries
  • 59b9851 7.20.6
  • 2591e67 update AUTHORS

See the full diff

Package name: tar The new version differs by 228 commits.
  • 1098f4b v3.0.0
  • 51396a9 test and push on version bump
  • 753ea13 parse test: early end isn't a zlib error on v4
  • 9440c43 Merge branch 'v3'
  • 7ac6960 pack test: set times explicitly so travis doesn't fail
  • 7d8bd02 Handle truncated zlib input
  • 3d1b142 docs: fix example code for tar.t({file})
  • 50bfa6e Parser: emit warning about truncated input
  • 3c70b5d Directory entries should have 0 size
  • 4bfd57b Pax: don't break on line-break-having values or empty keys
  • 09215cd ;
  • a2a12d3 Doc improvements. Warnings and cwd consistency
  • 740ac18 parse: Array is not faster than linked list
  • f5899f6 parser: make consumeBody/Meta/Header private methods
  • d32397f benchmark: output timer to stdout
  • 0e8b390 Don't create obnoxious directories
  • dffa806 follow option for packing
  • 4b0b393 add preserveOwner flag for tar.x/tar.Unpack
  • 5db47b0 use makeTar in unpack test
  • 41965bd ignore extract benchmark folder
  • 080d4d6 abstract out timer code from benchmarks
  • 0b195dc Document benchmarks, clearer output
  • 2464b53 Add files stanza to package.json
  • ca9611a comprehensive benchmarks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants