[Snyk] Fix for 10 vulnerabilities#41

Open

enterstudio wants to merge 1 commit intomasterfrom

snyk-fix-9defeca6753e4f879f0fb12a8a127350

Owner

enterstudio commented Feb 2, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-AMMO-548920	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper input validation npm:call:20160705	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:content:20170908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:content:20180305	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	CORS Bypass npm:hapi:20151020	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:hapi:20151223	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Potentially loose security restrictions npm:hapi:20151228	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hapi

The new version differs by 250 commits.

b8e64d0 Update version
5ced8ae 18.1.0
7578f61 Expose bourne settings. Closes #3917
3378e78 Update dep. Closes #3922
4b59b3f 18.0.1
5f6a00b misc
ccc538d Typo
1af289f Update deps. Closes #3912. Closes #3914
aa3934f Add IDEs
75756f6 Fix route assert. Closes #3909
06a48ea 18.0.0
4da282e Its 2019
4bd7c38 Update deps. Closes #3905. Closes #3906. Closes #3907. Closes #3908
3350a5c Refactor cache config. Closes #3876, Closes #3904
03e03dc Split request.info.responded to responded and completed. Closes #3901
7521468 Coverage
a3a5ca9 Fix close event handling in node 11. Closes #3898
7b85840 Fix test
17ca301 Exclude vs
5e91092 Fix test. For #3900
89604b0 Merge pull request #3900 from AdriVanHoudt/fix-test-803
a4f9121 Merge pull request #3882 from dominykas/validate-cookies-alt
04758ac Update API.md
413290f For #3897

See the full diff

Package name: hapi-auth-basic

The new version differs by 39 commits.

1f99d06 5.0.0
222c98c Merge pull request Web UI start app "Instances" control only allows 1 tableflip/guvnor#61 from hapijs/v17
d6396b9 Update example to include custom response
7183fff Update readme
08aaeab More PR feedback
34a9035 PR feedback
445c767 Upgrade to hapi 17.x.x support
bd83f57 4.2.0
9f49215 Merge pull request How to stop ever-crashing guvnor-web? tableflip/guvnor#51 from gergoerdosi/node-v6
e1eef96 Test on node v6, update dependencies
6418c3b Update README.md
fc5eff2 Merge pull request guv-web Error: Restart / Stop Not Working tableflip/guvnor#48 from cvillerm/master
b135b96 Clarifies callback err parameter
f23314a v4.1.0
548566d Merge pull request [Snyk] Security upgrade moonboots_hapi from 4.0.2 to 5.0.0 #46 from maxbeatty/unauthorized-attributes
57b59bb add option to pass attributes to unauthorized replies
0da82a6 Merge pull request [Snyk] Security upgrade prompt from 0.2.14 to 1.2.0 #44 from mtharrison/master
d2e3b90 Update README example for ES6 styles
f2693a6 Added missing blank line in .travis.yml
b82ff08 Node 4+, Hapi 10+, ES6 changes
02ea672 Merge pull request [Snyk] Fix for 10 vulnerabilities #41 from mtharrison/depsbump
64198eb Update devDependencies. Close [Snyk] Fix for 1 vulnerabilities #40
42fd6cb Merge pull request [Snyk] Fix for 13 vulnerabilities #39 from mtharrison/update-lab
901c912 Update lab to 6.x.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 CORS Bypass
🦉 Prototype Poisoning
🦉 More lessons are available in Snyk Learn


          fix: package.json to reduce vulnerabilities

5de6b63

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AMMO-548920
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/npm:call:20160705
- https://snyk.io/vuln/npm:content:20170908
- https://snyk.io/vuln/npm:content:20180305
- https://snyk.io/vuln/npm:hapi:20151020
- https://snyk.io/vuln/npm:hapi:20151223
- https://snyk.io/vuln/npm:hapi:20151228
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:qs:20170213

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet