[Snyk] Fix for 63 vulnerabilities #33

sirinartk · 2023-12-20T04:33:10Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	No	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	Yes	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	No	Proof of Concept
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-JSONPOINTER-598804	No	Proof of Concept
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	Yes	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	Yes	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	Yes	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	Yes	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	Proof of Concept
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	Yes	Proof of Concept
561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	Yes	Proof of Concept
791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	Yes	Proof of Concept
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	No	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYK-3037342	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYK-3038622	Yes	Proof of Concept
504/1000 Why? Has a fix available, CVSS 5.8	Code Injection SNYK-JS-SNYK-3111871	Yes	No Known Exploit
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	Yes	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	Yes	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: addons-linter

The new version differs by 250 commits.

58e1cd3 ⬆️ release 4.1.0
819adb3 Merge mozilla/dispensary into this project (#4006)
05a2c14 chore(deps): lock file maintenance (#4033)
b16cdd2 add script to automate l10n extraction (#4027)
5879309 Pontoon: Update Dutch (nl) localization of AMO Linter
4cf977f chore(deps): lock file maintenance (#4032)
ae72e5d chore(deps): lock file maintenance (#4031)
9671f97 Pontoon: Update Vietnamese (vi) localization of AMO Linter
531318f Pontoon: Update Swedish (sv-SE) localization of AMO Linter
2280236 Pontoon: Update Hungarian (hu) localization of AMO Linter
2c1c3c4 Pontoon: Update Ukrainian (uk) localization of AMO Linter
63ff228 fix(deps): update dependency eslint-visitor-keys to v3.1.0 (#4029)
3b39486 fix(deps): update dependency eslint to v8.2.0 (#4028)
fcb8bf8 Pontoon: Update Italian (it) localization of AMO Linter
59b45a3 Pontoon: Update French (fr) localization of AMO Linter
56b4e81 chore(deps): update dependency webpack to v5.62.1 (#4023)
aa8f306 Pontoon: Update Albanian (sq) localization of AMO Linter
92b77d2 Pontoon: Update Albanian (sq) localization of AMO Linter
8a1b61a Pontoon: Update German (de) localization of AMO Linter
4108a8b Pontoon: Update Sorbian, Lower (dsb) localization of AMO Linter
2a6efe2 Pontoon: Update Sorbian, Upper (hsb) localization of AMO Linter
1342a3d Pontoon: Update Interlingua (ia) localization of AMO Linter
b66485b Pontoon: Update Frisian (fy-NL) localization of AMO Linter
ea9ca2c Pontoon: Update Chinese (Taiwan) (zh-TW) localization of AMO Linter

See the full diff

Package name: watchpack

The new version differs by 22 commits.

d5b9c58 1.7.1
1cacc77 add chokidar2 package to package.json files
2db42a7 1.7.0
59a4990 Merge pull request Update eslint to version 2.5.1 🚀 mozilla/web-ext#153 from coreyward/update-chokidar
f53f6c7 run CI with node.js 14
e95336f add additional assumption test to ensure chokidar do not emit events after close
e27a81f Update chokidar to 3.4.0
11caedf use chokidar 2 or 3 depending on node.js version
f6d5f77 log out watching errors
da8c244 catch errors on closing
9efbb97 enforce [email protected]
7dd76d9 Update chokidar to 3.3.0
88e13a6 Merge pull request Update babel-eslint to version 5.0.1 🚀 mozilla/web-ext#155 from webpack/ci/appveyor-yarn
1403402 run appveyor with yarn too
c5a3346 Merge pull request Update babel-eslint to version 6.0.0 🚀 mozilla/web-ext#154 from webpack/ci/fix
0e6a867 update lockfile to be node 6 compatible in CI
4097e48 1.6.1
4fd09bc add lockfile
31500fb Merge pull request Update babel-core to version 6.7.4 🚀 mozilla/web-ext#148 from mjziolko/chokidar-vuln
669aaa1 Merge pull request Command to sign web extensions mozilla/web-ext#151 from webpack/ci/node-version
4ea9ed2 remove outdated node.js version, add latest ones
1549c44 Update Chokidar to the new minor version that fixes the prototype pollution vulnerability through minimist: https://npmjs.com/advisories/1179