[Snyk] Fix for 7 vulnerabilities#9

Open

FAVE01 wants to merge 1 commit intomasterfrom

snyk-fix-101f0194d0560a4f6d20b71f91a29440

Owner

FAVE01 commented Sep 22, 2022

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @definitelytyped/utils

The new version differs by 250 commits.

e377a7e v0.0.113
8b01655 v0.0.113-next.22
e246b08 Use cached npm info (#451)
47c3604 v0.0.113-next.21
3e1d59e Delete create-search-index.ts (#456)
c246cff v0.0.113-next.20
f1d3998 Allow @ aws-sdk/client-s3 dependency (#477)
aea7482 v0.0.113-next.19
5746e11 Re-add failing packages to expectedFailures (#476)
b7953cb v0.0.113-next.18
eddf634 Update allowedPackageJsonDependencies.txt (#475)
ccfac12 v0.0.113-next.17
c25b43e Fix Definitely Typed branding (#474)
87a37ab v0.0.113-next.16
d53f934 Ship 4.7, deprecate 3.9 (#473)
125b5a6 v0.0.113-next.15
709a5c1 gapi.client.* updates (#469)
7c5f3e3 v0.0.113-next.14
dee75c4 Add @ npm/types to allowed dependencies (#468)
698c2a9 v0.0.113-next.13
9c7c0c4 add analytics to allowed deps (#467)
79988a5 v0.0.113-next.12
937aba0 Restore required package.json dependencies (#466)
e61125d v0.0.113-next.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn


          fix: package.json & package-lock.json to reduce vulnerabilities

2da8389

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet