chore(deps): bump @metamask/profile-sync-controller from 16.0.0 to 26.0.0 #2430
21 new alerts including 10 high severity security vulnerabilities
New alerts in code changed by this pull request
Security Alerts:
- 10 high
- 10 medium
- 1 low
Alerts not introduced by this pull request might have been detected because the code changes were too large.
See annotations below for details.
Annotations
Check failure on line 32354 in package-lock.json
Code scanning / Trivy
cross-spawn: regular expression denial of service High
Check failure on line 12278 in package-lock.json
Code scanning / Trivy
nodejs-axios: Regular expression denial of service in trim function High
Check failure on line 29720 in package-lock.json
Code scanning / Trivy
node-fetch: exposure of sensitive information to an unauthorized actor High
Check failure on line 12278 in package-lock.json
Code scanning / Trivy
axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests High
Check failure on line 12278 in package-lock.json
Code scanning / Trivy
axios: Axios DoS via lack of data size check High
Check failure on line 18145 in package-lock.json
Code scanning / Trivy
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor High
Check failure on line 24943 in package-lock.json
Code scanning / Trivy
node-forge: node-forge ASN.1 Unbounded Recursion High
Check failure on line 24943 in package-lock.json
Code scanning / Trivy
node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications High
Check failure on line 21609 in package-lock.json
Code scanning / Trivy
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode High
Check failure on line 19431 in package-lock.json
Code scanning / Trivy
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability High
Check warning on line 31401 in package-lock.json
Code scanning / Trivy
index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ... Medium
Check warning on line 24943 in package-lock.json
Code scanning / Trivy
node-forge: node-forge: Integer Overflow allows OID-based security bypass Medium
Check warning on line 20892 in package-lock.json
Code scanning / Trivy
js-yaml: js-yaml prototype pollution in merge Medium
Check warning on line 18145 in package-lock.json
Code scanning / Trivy
follow-redirects: Possible credential leak Medium
Check warning on line 18145 in package-lock.json
Code scanning / Trivy
follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() Medium
Check warning on line 18145 in package-lock.json
Code scanning / Trivy
follow-redirects: Exposure of Sensitive Information via Authorization Header leak Medium
Check warning on line 13964 in package-lock.json
Code scanning / Trivy
nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets Medium
Check warning on line 12278 in package-lock.json
Code scanning / Trivy
axios: exposure of confidential data stored in cookies Medium
Check warning on line 12278 in package-lock.json
Code scanning / Trivy
nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address Medium
Check warning on line 6707 in package-lock.json
Code scanning / Trivy
js-yaml: js-yaml prototype pollution in merge Medium
Check notice on line 32741 in package-lock.json
Code scanning / Trivy
tmp: tmp Symbolic Link Write Vulnerability Low