Skip to content

[Snyk] Fix for 8 vulnerabilities#83

Open
matthewjablack wants to merge 1 commit intodevfrom
snyk-fix-a70db60c1e6acc619eb51ce62846ff4d
Open

[Snyk] Fix for 8 vulnerabilities#83
matthewjablack wants to merge 1 commit intodevfrom
snyk-fix-a70db60c1e6acc619eb51ce62846ff4d

Conversation

@matthewjablack
Copy link
Contributor

@matthewjablack matthewjablack commented Dec 20, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
medium severity 554/1000
Why? Has a fix available, CVSS 6.8		 Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Timing Attack
SNYK-JS-ELLIPTIC-511941		 Yes No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 Yes Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @liquality/ethereum-js-wallet-provider The new version differs by 250 commits.
  • 883e614 build: v1.12.0
  • e9f9865 Merge pull request #493 from liquality/fix/near-claim-expiration-check
  • 66b91f6 fix: test claim after expiration for each client
  • a2b1bda test: check that claim is passing after swap expiration
  • f694af0 fix: update near contract to ignore expiration when claiming
  • ab5b73a build: add test:integration:swap:single command
  • 8b206e7 add EthereumRpcFeeProvider to tests
  • f1e39b3 bump version
  • 82c6cc6 remove getFees from EthereumRpcProvider
  • 4ff2906 bump version
  • d1accc4 Add support for EIP 1599 (#490)
  • 762fa9f Merge pull request #488 from liquality/release_1.1.2
  • 72738b9 feat: Release 1.11.2
  • 413eef7 Merge pull request #487 from liquality/liq-761-na-is-displaying-under-private-key-for
  • f706961 feat: terra exportPrivateKey
  • 481c834 build: v1.11.1
  • 708e30e Merge pull request #486 from liquality/fix-retrieve-confirmations
  • da78b2f fix: EthereumRpcProvider retrieve confirmations accurately
  • a0cb9cb fix: remove parseInt (#484)
  • e616160 feat: 1.11.0 publish
  • 8282d27 fix: Handle terra tx status (#478)
  • 09ae54f Fix: Compare transaction lamports againsts swapParams value (#481)
  • 04c1a7b Merge pull request #482 from liquality/feat/update-terra-htlc
  • 05ae198 fix: Use const for codeId

See the full diff

Package name: @truffle/hdwallet-provider The new version differs by 250 commits.
  • 4468ee2 Publish
  • e9efaa0 Merge pull request #3203 from trufflesuite/patch-init
  • 3976147 Ensure test dir is tracked by git and fix path error
  • a8baab2 Merge pull request #3201 from trufflesuite/provider-check-backoff
  • ee07f94 Merge pull request #3199 from trufflesuite/prune-method
  • be5ae9a Merge pull request #2987 from trufflesuite/swap-library
  • ee13758 execute async func within setTimeout
  • 2a1dcf9 implement provider check w/ exponential backoff using recursive setTimeout pattern
  • 20adc2f Update some tests
  • e91bd3d Move url normalization into box
  • 5032e6a Promisify call to download repo
  • fed162f Remove unused method getCommitFromVersion
  • 6964fa4 Merge pull request #3197 from trufflesuite/bind-hijacker
  • 007a80c Add more test cases for unbox tests
  • 55a7e93 Add one more supported format for unbox test
  • e4b2d5d Handle rewriting full urls in format for download-git-repo and delete some obsolete tests
  • ddbb894 Add destination argument to the help for unbox and init
  • b07e7b6 Get rid of : syntax for unboxing to a destination
  • 6c62952 Correct capitalization error in subscriber
  • 4d2da62 Update parsing method, update a test, and regenerate yarn.lock
  • 31fa5ea Add some methods for sanitizing/validating the url and implement new github downloading library
  • 5728daa Swap out github download library for another
  • f2d4c7e Merge pull request #3196 from trufflesuite/prettier-defaults
  • 1781014 Bind rejectHijacker to the PromiEvent

See the full diff

Package name: gh-release The new version differs by 42 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Cryptographic Issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthewjablack @snyk-bot