[Snyk] Security upgrade file-type from 12.4.2 to 16.5.4 (!8) · Merge requests · Eric Husband / juice-shop

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: file-type

The new version differs by 123 commits.

b5fe3b9 16.5.4
d868356 Fix: Malformed MKV could cause an infinite loop
3b08ab1 Upgrade and unlock dependencies
c011315 Lock strtok3 dependency
9102f1c Update dependency to token-types v3, supporting BigInt (#465)
ac866f9 16.5.1
0012c56 Fix `mimeTypes` TypeScript type (#464)
92f3f50 Meta tweaks
4ea7bff 16.5.0
57ecf2d Add support for JPEG XL image format (#455)
07101ac Remove ASAR 240 bytes of JSON payload length limitation (#453)
3df0ed1 Remove an unnecessary dependency (#458)
1e4e8df 16.4.0
29618c8 Add support for VCF (and fix ICS detection) (#451)
6ab25f3 Add support for XCF (#450)
7021d9a Remove moot check for sync word at odd offsets for MPEG detection (#448)
fd1e72c 16.3.0
9319167 Add support for Zstandard compressed file (#439)
2cc0869 Add file type descriptions (#433)
98e6886 16.2.0
9736aa3 Improve PDF / AI (Adobe Illustrator) recognition (#396)
7f95cd2 Add support for 3mf (#415)
579f8cb 16.1.0
e43cdc9 Add support for CHM (#424)

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

[Snyk] Security upgrade file-type from 12.4.2 to 16.5.4