[Snyk] Fix for 8 vulnerabilities #43

snyk-bot · 2021-11-22T19:57:53Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- functions/package.json
- functions/package-lock.json

Issue	Breaking Change	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
Prototype Pollution SNYK-JS-FIREBASEUTIL-1038324	Yes	Proof of Concept
Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
Command Injection SNYK-JS-SSH2-1656673	No	No Known Exploit

Commit messages

Package name: snyk

The new version differs by 250 commits.

4cc1a94 Merge pull request #2105 from snyk/feat/webpack
7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
95631e7 test: migrate is-docker to jest
babe22a test: migrate old-snyk-format to jest
e22e94f feat: Snyk CLI is bundled with Webpack
dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
e7c314f Merge pull request #2178 from snyk/test/server-close
5e824c0 fix(protect): skip previously patched files
ca2177a fix(protect): catch and log unexpected errors
c9ddb44 chore(protect): move api url warnings to stderr
e8fed38 refactor(protect): move stdout logs to top level
55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
1522c5f test: server.close uses callbacks, not promises
13dce51 test: increase timeout for slow oauth test
65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
a1e3992 chore: don't run tests on master
20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
1ed7d11 refactor: replace cc parser with split functions
707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
7973015 fix: support quoted keys in inline tables
18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

commit-lint · 2021-11-22T19:57:56Z

functions/package.json & functions/package-lock.json to reduce vulnerabilities (8efc55f)

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR:

@Commit-Lint merge patch will merge dependabot PR on "patch" versions (X.X.Y - Y change)
@Commit-Lint merge minor will merge dependabot PR on "minor" versions (X.Y.Y - Y change)
@Commit-Lint merge major will merge dependabot PR on "major" versions (Y.Y.Y - Y change)
@Commit-Lint merge disable will desactivate merge dependabot PR
@Commit-Lint review will approve dependabot PR
@Commit-Lint stop review will stop approve dependabot PR

mergify · 2021-11-22T20:00:39Z