New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 5 vulnerabilities #1

Merged

SheIITear merged 1 commit into master from snyk-fix-329f99bb939fedbd6c6132af6a01c80d

Feb 18, 2022

snyk-bot commented Feb 18, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	416/1000 Why? Recently disclosed, Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-SWAGGERUIDIST-2314884	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @open-wa/wa-automate

The new version differs by 250 commits.

5f27d4b 🔧 deps and config updates
91d800d Merge branch 'master' of https://github.com/open-wa/wa-automate-nodejs
2bce736 🔖 bump supported wa version
4b2bdf5 🔊 added new logger to client and launch controllers #2272
b00b99c 🔇 implemented `noop` transport for logger #2272
63704ce 🔊 ✨ improved sensitive data redaction for new logger #2272
82fb99d 🙈 added `log.gz` to .gitignore #2272
466e252 Bump swagger-ui-dist from 3.52.3 to 4.1.3 (#2349)
c1ea456 Bump typescript from 4.3.5 to 4.5.4 (#2354)
a9a8c55 Bump typedoc from 0.21.6 to 0.22.10 (#2322)
eb6419a build(deps-dev): bump ts-node from 10.2.1 to 10.4.0 (#2245)
3b6ef76 build(deps): bump open from 8.2.1 to 8.4.0 (#2240)
0c8bdfa Bump @ typescript-eslint/eslint-plugin from 4.32.0 to 5.8.0 (#2365)
1d2cbf3 Merge branch 'master' of https://github.com/open-wa/wa-automate-nodejs
12fd112 🔧 CLI: skip swagger collection save when `skipSavePostmanCollection` is `true`
02a426d 🙈 update gitignore for new logging system
cf9f7e1 ✨ feat: implemented `winston` for remote, file and `ev` logging #2272
bdf6e50 updated types-only package
39b1f0e Release 4.27.8
edf26d9 Merge branch 'master' of https://github.com/open-wa/wa-automate-nodejs
92cf311 🐛 fix: #2367
8cce0de updated types-only package
4e453b0 Release 4.27.7
172ff26 Merge branch 'master' of https://github.com/open-wa/wa-automate-nodejs

See the full diff

Package name: @open-wa/wa-decrypt

The new version differs by 24 commits.

4ba0ce3 build + bump version
b42c08a added 404 documentation Leveling and limit SomnathDas/Whatsapp-Botto-Re#66
51ba99c Bump typescript from 4.0.5 to 4.1.2 (Update config.json SomnathDas/Whatsapp-Botto-Re#77)
ae21e01 Bump @ types/node from 14.14.8 to 14.14.9 (Error with stickers SomnathDas/Whatsapp-Botto-Re#76)
9ab0dd1 Bump @ types/node from 14.14.7 to 14.14.8 (Fix Sticker (Decrypt) SomnathDas/Whatsapp-Botto-Re#75)
3a82ae1 Bump @ types/node from 14.14.6 to 14.14.7 (Request fiture claim character anime & gallery claimed character SomnathDas/Whatsapp-Botto-Re#74)
ebbd563 Bump @ types/node from 14.14.5 to 14.14.6 (in V3.2.0 open-wa you can now set sticker metadata [add resource to BOT] SomnathDas/Whatsapp-Botto-Re#73)
59f3c95 Bump @ types/node from 14.14.3 to 14.14.5 (Can we get a news option [feature request] SomnathDas/Whatsapp-Botto-Re#72)
098ae1d Bump typescript from 4.0.3 to 4.0.5 (BUG VIDEO/GIF TO STICKER SomnathDas/Whatsapp-Botto-Re#71)
fceb480 Bump @ types/node from 14.14.2 to 14.14.3 (how to add it to wp SomnathDas/Whatsapp-Botto-Re#70)
d55ff0a Bump axios from 0.20.0 to 0.21.0 (Ask SomnathDas/Whatsapp-Botto-Re#69)
fa43a82 Bump @ types/node from 14.14.0 to 14.14.2 (how can i add the antilink feature in this bot, please someone help me SomnathDas/Whatsapp-Botto-Re#68)
55a4126 Bump @ types/node from 14.11.10 to 14.14.0 (Failed to launch browser process SomnathDas/Whatsapp-Botto-Re#67)
838b148 Bump @ types/node from 14.11.9 to 14.11.10 (Get random wallpaper SomnathDas/Whatsapp-Botto-Re#65)
c3efe75 Bump @ types/node from 14.11.8 to 14.11.9 (Tts path change SomnathDas/Whatsapp-Botto-Re#64)
4bd3237 Bump @ types/node from 14.11.5 to 14.11.8 (New tts code SomnathDas/Whatsapp-Botto-Re#63)
13c608f Bump @ types/node from 14.11.1 to 14.11.5 (Error Sticker GIF SomnathDas/Whatsapp-Botto-Re#62)
04d5625 Bump ts-node from 8.10.2 to 9.0.0 (WhatsApp Number Link SomnathDas/Whatsapp-Botto-Re#55)
8f6e5b5 Bump axios from 0.19.2 to 0.20.0 (AS OF VERSION 3+ YOU CAN NO LONGER SET THE SESSION ID AS THE FIRST PARAMETER OF CREATE. CREATE CAN ONLY TAKE A CONFIG OBJECT. IF YOU STILL HAVE CONFIGS AS A SECOND PARA METER, THEY WILL HAVE NO EFFECT! PLEASE SEE DOCS. #175 SomnathDas/Whatsapp-Botto-Re#53)
f1cca25 Bump @ types/node from 14.0.24 to 14.11.1 (Error: Could not find browser revision 818858. SomnathDas/Whatsapp-Botto-Re#59)
71e31c8 Bump typescript from 3.9.7 to 4.0.3 (Update help.js SomnathDas/Whatsapp-Botto-Re#60)
51fb6d4 refactor options to increace code quality
7163fb4 Bump typescript from 3.9.6 to 3.9.7 (Pokemon name SomnathDas/Whatsapp-Botto-Re#47)
4daa061 Bump @ types/node from 14.0.23 to 14.0.24 (Ban not working SomnathDas/Whatsapp-Botto-Re#48)

See the full diff

Package name: axios

The new version differs by 115 commits.

e367be5 [Releasing] 0.21.3
83ae383 Correctly add response interceptors to interceptor chain (#4013)
c0c8761 [Updating] changelog to include links to issues and contributors
619bb46 [Releasing] v0.21.2
82c9455 Create SECURITY.md (#3981)
5b45711 Security fix for ReDoS (#3980)
5bc9ea2 Update ECOSYSTEM.md (#3817)
e72813a Fixing README.md (#3818)
e10a027 Fix README typo under Request Config (#3825)
e091491 Update README.md (#3936)
b42fbad Removed un-needed bracket
520c8dc Updating CI status badge (#3953)
4fbeecb Adding CI on Github Actions. (#3938)
e9965bf Fixing the sauce labs tests (#3813)
dbc634c Remove charset in tests (#3807)
3958e9f Add explanation of cancel token (#3803)
69949a6 Adding custom return type support to interceptor (#3783)
49509f6 Create FUNDING.yml (#3796)
199c8aa Adding parseInt to config.timeout (#3781)
94fc4ea Adding isAxiosError typeguard documentation (#3767)
0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
59fa614 [Updated] follow-redirects to the latest version (#3771)
7821ed2 Feat/json improvements (#3763)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json to reduce vulnerabilities

55e2d04

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884

SheIITear merged commit 13c694a into master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet