Skip to content

[Snyk] Fix for 4 vulnerabilities#27

Open
scottie wants to merge 1 commit intomasterfrom
snyk-fix-3ac4ed566b876ad0c5b39db70a0fdbe2
Open

[Snyk] Fix for 4 vulnerabilities#27
scottie wants to merge 1 commit intomasterfrom
snyk-fix-3ac4ed566b876ad0c5b39db70a0fdbe2

Conversation

@scottie
Copy link
Owner

@scottie scottie commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 No No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: selenium-standalone The new version differs by 174 commits.
  • 27356a6 6.21.0
  • 4c470ea Remove useless packages (#509)
  • 70d96a0 Replace request with got (#508)
  • ebc70a0 chore(deps): pin dependencies (#507)
  • 287a9a2 Add Eslint + prettier (#497)
  • df10900 remove doctoc mention
  • 16c869d Update docs (#506)
  • db9be9a chore(deps): update ubuntu:latest docker digest to 4e4bc99 (#501)
  • db81929 remove phantomjs and minor updates (#500)
  • ce97b58 update iedriver version (#499)
  • e360c0a update nodejs to 12 (#498)
  • 9450f18 remove some node versions (#495)
  • a630774 chore(deps): update ubuntu:latest docker digest to 1d7b639 (#485)
  • 40cef52 fix chromiumedge download on macos (#494)
  • 4b473b6 6.20.2
  • 1ecb872 bump deps
  • be93c33 Merge pull request #486 from StefanStadler/update-chromedriver-version
  • a08d7f4 Updated Chromedriver Version
  • b084adb Merge pull request #483 from vvo/renovate/docker-ubuntu-latest
  • 7434091 chore(deps): update ubuntu:latest docker digest to 2e70e9c
  • 00b2626 update changelog
  • 066aef6 6.20.1
  • 0cbffa3 fix(node6): object.values => _.values
  • aab87ee Merge pull request #482 from mgrybyk/fix-chromiumedge-chmod

See the full diff

Package name: wd The new version differs by 95 commits.
  • 2eae99c 1.11.1
  • f5454a9 Merge pull request #568 from GreenGremlin/patch-1
  • daa0fc9 Upgrade lodash to pickup fix for prototype pollution vulnerability
  • 5ed1515 This bitdeli thing seems to no longer exist
  • 9fa214b Updating the mocha runner, also contains security vulns
  • 43839e7 upgrade the sauce-connect-launcher package to deal with security vulneratibilities in the depedencies
  • b556135 Merge pull request #561 from mattrayner/master
  • d0a1f0d [WIP] Chrome fixes
  • a436e8c [#555] Update request dependency
  • cc30fbb Merge pull request #560 from vtabary/master
  • b9678b7 fix a typo on sessionID in webdriver
  • 321fbfa 1.11.0
  • 3d35543 Merge pull request #559 from admc/jlipps-custom-loc-strat
  • c97169b Revert "Most repos I see aren't pushing the package-lock.json"
  • 4664894 add custom find strategy
  • 3ad3668 Most repos I see aren't pushing the package-lock.json
  • 8ed028b Looks like map and filter both need _.value(), removing all others
  • b8d6ad5 Removing underscore value() just for the api mapping code
  • 0f84188 Revert "Removing remaining _.value() calls that seem no longer important, fixing the make targets"
  • 9159ff7 Removing remaining _.value() calls that seem no longer important, fixing the make targets
  • 391f48f Executing JS commands doesn't work with new firefox apparently
  • 181cf02 Merge branch 'master' of github.com:admc/wd
  • 1349f7f bump sauce connect, remove the linux build platform constraint
  • 1e43f5b Merge pull request #556 from KazuCocoa/add_flags_for_keycode

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scottie @snyk-bot