[Snyk] Fix for 6 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- scripts/commit-lint/package.json
- scripts/commit-lint/package-lock.json
- scripts/commit-lint/.snyk
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9 |
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255 |
No | Proof of Concept | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269 |
No | Proof of Concept | |
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution SNYK-JS-DOTPROP-543489 |
Yes | Proof of Concept | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181 |
No | Proof of Concept | |
344/1000 Why? Has a fix available, CVSS 2.6 |
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @commitlint/config-conventional
The new version differs by 62 commits.- 3982e5a v10.0.0
- 0a70592 chore: update dependency eslint to v7.7.0 (#2063)
- 5be34ec chore: update dependency @ types/jest to v26.0.10 (#2064)
- 7b7f9a8 chore: update dependency @ types/semver to v7.3.2 (#2062)
- 25d42f4 fix: update dependency find-up to v5 (#2060)
- 74d54d0 chore: update dependency ts-jest to v26.2.0 (#2059)
- 0772b27 chore: update typescript-eslint monorepo to v3.9.0 (#2058)
- 4895d5f Use read dafult export - requiring with CommonJS (#2057)
- da0c75d build(deps): bump prismjs from 1.20.0 to 1.21.0 (#2055)
- 0329e09 chore: update dependency conventional-changelog-angular to v5.0.11 (#2056)
- d8b6bd6 chore: update dependency @ types/node to v12.12.54 (#2054)
- 08bd3db chore: update dependency @ types/lodash to v4.14.159 (#2053)
- 13382ec chore: update dependency @ types/jest to v26.0.9 (#2052)
- 46c3982 chore: update babel monorepo (#2050)
- 163a789 chore: update typescript-eslint monorepo to v3.8.0 (#2045)
- f4db933 fix: update dependency cosmiconfig to v7 (#2044)
- ca63602 chore: update dependency eslint to v7.6.0 (#2042)
- 964876e chore: update dependency @ types/jest to v26.0.8 (#2041)
- 62f4772 chore: update babel monorepo (#2037)
- ebb57d2 chore: update dependency eslint-plugin-jest to v23.20.0 (#2034)
- 1efce79 chore: update dependency ts-jest to v26.1.4 (#2031)
- 1784ef2 chore: use non-fixed lerna version (#2026)
- 0b08b4d chore: update dependency eslint-plugin-jest to v23.19.0 (#2030)
- 3beacfc chore: update typescript-eslint monorepo to v3.7.1 (#2029)
Package name: axios
The new version differs by 115 commits.- e367be5 [Releasing] 0.21.3
- 83ae383 Correctly add response interceptors to interceptor chain (#4013)
- c0c8761 [Updating] changelog to include links to issues and contributors
- 619bb46 [Releasing] v0.21.2
- 82c9455 Create SECURITY.md (#3981)
- 5b45711 Security fix for ReDoS (#3980)
- 5bc9ea2 Update ECOSYSTEM.md (#3817)
- e72813a Fixing README.md (#3818)
- e10a027 Fix README typo under Request Config (#3825)
- e091491 Update README.md (#3936)
- b42fbad Removed un-needed bracket
- 520c8dc Updating CI status badge (#3953)
- 4fbeecb Adding CI on Github Actions. (#3938)
- e9965bf Fixing the sauce labs tests (#3813)
- dbc634c Remove charset in tests (#3807)
- 3958e9f Add explanation of cancel token (#3803)
- 69949a6 Adding custom return type support to interceptor (#3783)
- 49509f6 Create FUNDING.yml (#3796)
- 199c8aa Adding parseInt to config.timeout (#3781)
- 94fc4ea Adding isAxiosError typeguard documentation (#3767)
- 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
- a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
- 59fa614 [Updated] follow-redirects to the latest version (#3771)
- 7821ed2 Feat/json improvements (#3763)
Snyk patch:
With aSeverity | Priority Score (*) | Issue | Exploit Maturity |
---|---|---|---|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: