Skip to content

[Snyk] Fix for 6 vulnerabilities

Lilian Castro requested to merge snyk-fix-8e15de575b543b105add5b279d649d6d into main

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • scripts/commit-lint/package.json
    • scripts/commit-lint/package-lock.json
    • scripts/commit-lint/.snyk

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255 		No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269 		No Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-DOTPROP-543489 		Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181 		No Proof of Concept
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346 		No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @commitlint/config-conventional The new version differs by 62 commits.
  • 3982e5a v10.0.0
  • 0a70592 chore: update dependency eslint to v7.7.0 (#2063)
  • 5be34ec chore: update dependency @ types/jest to v26.0.10 (#2064)
  • 7b7f9a8 chore: update dependency @ types/semver to v7.3.2 (#2062)
  • 25d42f4 fix: update dependency find-up to v5 (#2060)
  • 74d54d0 chore: update dependency ts-jest to v26.2.0 (#2059)
  • 0772b27 chore: update typescript-eslint monorepo to v3.9.0 (#2058)
  • 4895d5f Use read dafult export - requiring with CommonJS (#2057)
  • da0c75d build(deps): bump prismjs from 1.20.0 to 1.21.0 (#2055)
  • 0329e09 chore: update dependency conventional-changelog-angular to v5.0.11 (#2056)
  • d8b6bd6 chore: update dependency @ types/node to v12.12.54 (#2054)
  • 08bd3db chore: update dependency @ types/lodash to v4.14.159 (#2053)
  • 13382ec chore: update dependency @ types/jest to v26.0.9 (#2052)
  • 46c3982 chore: update babel monorepo (#2050)
  • 163a789 chore: update typescript-eslint monorepo to v3.8.0 (#2045)
  • f4db933 fix: update dependency cosmiconfig to v7 (#2044)
  • ca63602 chore: update dependency eslint to v7.6.0 (#2042)
  • 964876e chore: update dependency @ types/jest to v26.0.8 (#2041)
  • 62f4772 chore: update babel monorepo (#2037)
  • ebb57d2 chore: update dependency eslint-plugin-jest to v23.20.0 (#2034)
  • 1efce79 chore: update dependency ts-jest to v26.1.4 (#2031)
  • 1784ef2 chore: use non-fixed lerna version (#2026)
  • 0b08b4d chore: update dependency eslint-plugin-jest to v23.19.0 (#2030)
  • 3beacfc chore: update typescript-eslint monorepo to v3.7.1 (#2029)

See the full diff

Package name: axios The new version differs by 115 commits.
  • e367be5 [Releasing] 0.21.3
  • 83ae383 Correctly add response interceptors to interceptor chain (#4013)
  • c0c8761 [Updating] changelog to include links to issues and contributors
  • 619bb46 [Releasing] v0.21.2
  • 82c9455 Create SECURITY.md (#3981)
  • 5b45711 Security fix for ReDoS (#3980)
  • 5bc9ea2 Update ECOSYSTEM.md (#3817)
  • e72813a Fixing README.md (#3818)
  • e10a027 Fix README typo under Request Config (#3825)
  • e091491 Update README.md (#3936)
  • b42fbad Removed un-needed bracket
  • 520c8dc Updating CI status badge (#3953)
  • 4fbeecb Adding CI on Github Actions. (#3938)
  • e9965bf Fixing the sauce labs tests (#3813)
  • dbc634c Remove charset in tests (#3807)
  • 3958e9f Add explanation of cancel token (#3803)
  • 69949a6 Adding custom return type support to interceptor (#3783)
  • 49509f6 Create FUNDING.yml (#3796)
  • 199c8aa Adding parseInt to config.timeout (#3781)
  • 94fc4ea Adding isAxiosError typeguard documentation (#3767)
  • 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
  • a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
  • 59fa614 [Updated] follow-redirects to the latest version (#3771)
  • 7821ed2 Feat/json improvements (#3763)

See the full diff

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2		 Prototype Pollution
SNYK-JS-LODASH-567746 		Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution 🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn

Merge request reports