Skip to content

[Snyk] Fix for 1 vulnerabilities#86

Open
matthewjablack wants to merge 1 commit intodevfrom
snyk-fix-f12a132f6e836b509f4364cf8d7cb2d7
Open

[Snyk] Fix for 1 vulnerabilities#86
matthewjablack wants to merge 1 commit intodevfrom
snyk-fix-f12a132f6e836b509f4364cf8d7cb2d7

Conversation

@matthewjablack
Copy link
Contributor

@matthewjablack matthewjablack commented Jan 5, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-AXIOS-6144788		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @liquality/bitcoin-esplora-api-provider The new version differs by 250 commits.
  • de4ee76 tests: Increase tolerance for bitcoin fee
  • 1b77713 v.0.8.0
  • 51847b6 update ethereumjs-tx to 2.1.1
  • f05e7a6 update package-lock
  • 4883164 update package-lock
  • 4d86b5c remove hoist from bootstrap command
  • 1d2946c update babel deps to match across project
  • 141a351 check for response type from rpc server
  • a64956a process data instead of response.data
  • f7a7b4c update package-lock files
  • e196495 add clean command
  • cd945a8 update error messages
  • 5ec1651 resolve conflicts
  • 351f81c use node-provider; remove unused deps
  • 02b1c68 add node-provider
  • 7b35622 Merge pull request #367 from liquality/rsk
  • e18b88d workflow: apt-get update before install (2)
  • 7ae0303 workflow: apt-get update before install
  • 8bb2700 Fix tests based on block time + verify claim mined
  • 193b056 Support ganache way of mining, erc20 tests fix
  • 9afbc91 RSK network
  • 8de528d throw new error when initiation transaction is not found
  • ad767b2 bump version
  • 885a0a7 return fee info from findAddressTransaction

See the full diff

Package name: @liquality/ethereum-rpc-provider The new version differs by 250 commits.
  • de4ee76 tests: Increase tolerance for bitcoin fee
  • 1b77713 v.0.8.0
  • 51847b6 update ethereumjs-tx to 2.1.1
  • f05e7a6 update package-lock
  • 4883164 update package-lock
  • 4d86b5c remove hoist from bootstrap command
  • 1d2946c update babel deps to match across project
  • 141a351 check for response type from rpc server
  • a64956a process data instead of response.data
  • f7a7b4c update package-lock files
  • e196495 add clean command
  • cd945a8 update error messages
  • 5ec1651 resolve conflicts
  • 351f81c use node-provider; remove unused deps
  • 02b1c68 add node-provider
  • 7b35622 Merge pull request #367 from liquality/rsk
  • e18b88d workflow: apt-get update before install (2)
  • 7ae0303 workflow: apt-get update before install
  • 8bb2700 Fix tests based on block time + verify claim mined
  • 193b056 Support ganache way of mining, erc20 tests fix
  • 9afbc91 RSK network
  • 8de528d throw new error when initiation transaction is not found
  • ad767b2 bump version
  • 885a0a7 return fee info from findAddressTransaction

See the full diff

Package name: axios The new version differs by 250 commits.
  • 8790b8e chore(release): v1.6.4 (#6173)
  • 0ad520d chore(ci): fix notify action; (#6172)
  • 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
  • 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
  • 90864b3 docs: update logos
  • 1542719 docs: updated headline sponsors
  • b15b918 chore(release): v1.6.3 (#6151)
  • b76cce0 chore(ci): added branches filter for notify action; (#6084)
  • 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
  • 8befb86 docs: update alloy link (#6145)
  • d18f40d docs: add headline sponsors
  • b3be365 chore(release): v1.6.2 (#6082)
  • 8739acb chore(ci): removed redundant release action; (#6081)
  • bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
  • a2b0fb3 chore(docs): update README.md (#6048)
  • b12a608 chore(ci): removed paths-ignore filter; (#6080)
  • 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
  • 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
  • cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
  • 7009715 chore(ci): fixed release notification action; (#6064)
  • 7144f10 chore(ci): fixed release notification action; (#6063)
  • f6d2cf9 chore(ci): fix publish action content permission; (#6061)
  • a22f4b9 chore(release): v1.6.1 (#6060)
  • cb8bb2b chore(ci): Publish to NPM with provenance (#5835)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthewjablack @snyk-bot