Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #130

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Omrisnyk
Copy link
Owner

@Omrisnyk Omrisnyk commented Dec 1, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • large-file/package.json
    • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 125/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: add-asset-html-webpack-plugin from add-asset-html-webpack-plugin GitHub release notes
Package name: cacache
  • 17.0.5 - 2023-03-21

    17.0.5 (2023-03-21)

    Dependencies

  • 17.0.4 - 2022-12-15

    17.0.4 (2022-12-14)

    Dependencies

  • 17.0.3 - 2022-12-07

    17.0.3 (2022-12-07)

    Dependencies

  • 17.0.2 - 2022-11-04

    17.0.2 (2022-11-04)

    Bug Fixes

  • 17.0.1 - 2022-10-17

    17.0.1 (2022-10-17)

    Dependencies

  • 17.0.0 - 2022-10-13

    17.0.0 (2022-10-13)

    ⚠️ BREAKING CHANGES

    • this module no longer attempts to change file ownership automatically
    • this package is now async only, all synchronous methods have been removed
    • cacache is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

    Features

  • 16.1.3 - 2022-08-23

    16.1.3 (2022-08-23)

    Dependencies

    • bump unique-filename from 1.1.1 to 2.0.0 (#123) (6235554)
  • 16.1.2 - 2022-08-15

    16.1.2 (2022-08-15)

    Bug Fixes

  • 16.1.1 - 2022-06-02

    16.1.1 (2022-06-02)

    Bug Fixes

    • read: change lstat to stat to correctly evaluate file size (#114) (e3a2928)
  • 16.1.0 - 2022-05-17

    16.1.0 (2022-05-17)

    Features

    • allow external integrity/size source (#110) (61785e1)

    Bug Fixes

    • move to async functions where possible (#106) (71d4389)
  • 16.0.7 - 2022-04-27
  • 16.0.6 - 2022-04-21
  • 16.0.5 - 2022-04-20
  • 16.0.4 - 2022-04-05
  • 16.0.3 - 2022-03-22
  • 16.0.2 - 2022-03-17
  • 16.0.1 - 2022-03-15
  • 16.0.0 - 2022-03-14
  • 15.3.0 - 2021-08-26
  • 15.2.0 - 2021-05-25
  • 15.1.0 - 2021-05-19
  • 15.0.6 - 2021-03-22
  • 15.0.5 - 2020-07-11
  • 15.0.4 - 2020-06-03
  • 15.0.3 - 2020-04-28
  • 15.0.2 - 2020-04-28
  • 15.0.1 - 2020-04-28
  • 15.0.0 - 2020-02-18
  • 14.0.0 - 2020-01-28
  • 13.0.1 - 2019-09-30
  • 13.0.0 - 2019-09-25
  • 12.0.4 - 2020-03-24
  • 12.0.3 - 2019-08-19
  • 12.0.2 - 2019-07-19
  • 12.0.1 - 2019-07-19
  • 12.0.0 - 2019-07-15
  • 11.3.3 - 2019-06-17
  • 11.3.2 - 2018-12-21
  • 11.3.1 - 2018-11-05
  • 11.3.0 - 2018-11-05
  • 11.2.0 - 2018-08-08
  • 11.1.0 - 2018-08-01
  • 11.0.3 - 2018-08-01
  • 11.0.2 - 2018-05-07
  • 11.0.1 - 2018-04-10
  • 11.0.0 - 2018-04-09
  • 10.0.4 - 2018-02-16
from cacache GitHub release notes
Package name: compression-webpack-plugin
  • 7.0.0 - 2020-12-02

    7.0.0 (2020-12-02)

    ⚠ BREAKING CHANGES

    • minimum supported webpack version is ^5.1.0
    • the cache option was removed, the plugin respects caching from configurations, please read
  • 6.1.1 - 2020-11-12

    6.1.1 (2020-11-12)

    Bug Fixes

    • compatibility with child compilations (5e3bb95)
  • 6.1.0 - 2020-11-09

    6.1.0 (2020-11-09)

    Features

    • added the keep-source-maps value to the deleteOriginalAssets option (#216) (bd60650)
  • 6.0.5 - 2020-11-02

    6.0.5 (2020-11-02)

    Bug Fixes

    • allowed compressed assets to overwrite original assets using the deleteOriginalAssets option (62d3d0a)
  • 6.0.4 - 2020-10-26

    6.0.4 (2020-10-26)

    Bug Fixes

    • always set compression level to maximum for the custom algorithm (483f328)
  • 6.0.3 - 2020-10-09

    6.0.3 (2020-10-09)

    Chore

    • update schema-utils
  • 6.0.2 - 2020-09-19

    6.0.2 (2020-09-19)

    Bug Fixes

  • 6.0.1 - 2020-09-16

    6.0.1 (2020-09-16)

    Bug Fixes

  • 6.0.0 - 2020-09-14

    ⚠ BREAKING CHANGES

    • default value of the filename option was changed to "[path][base].gz"
    • removed the [dir] placeholder, please use the [path] placeholder
    • the Function type of the filename option should return value with placeholders, please see an example

    Features

    • added [fragment], [base] and [path] placeholders for the filename option

    Bug Fixes

    • caching (#194) (9de2a88)
    • respect immutable flag for assets
  • 5.0.2 - 2020-09-02

    5.0.2 (2020-09-02)

    Bug Fixes

    • do not crash when the algorithm option return non Buffer (#190) (81bf601)
  • 5.0.1 - 2020-08-22
  • 5.0.0 - 2020-08-17
  • 4.0.1 - 2020-08-12
  • 4.0.0 - 2020-05-12
from compression-webpack-plugin GitHub release notes
Package name: del from del GitHub release notes
Package name: eslint
  • 6.0.0 - 2019-06-22
    • 81aa06b Upgrade: espree@6.0.0 (#11869) (Teddy Katz)
    • 5f022bc Fix: no-else-return autofix produces name collisions (fixes #11069) (#11867) (Milos Djermanovic)
    • ded9548 Fix: multiline-comment-style incorrect message (#11864) (golopot)
    • cad074d Docs: Add JSHint W047 compat to no-floating-decimal (#11861) (Timo Tijhof)
    • 41f6304 Upgrade: sinon (#11855) (Toru Nagashima)
    • 167ce87 Chore: remove unuseable profile command (#11854) (Toru Nagashima)
    • c844c6f Fix: max-len properly ignore trailing comments (fixes #11838) (#11841) (ZYSzys)
    • 1b5661a Fix: no-var should not fix variables named 'let' (fixes #11830) (#11832) (Milos Djermanovic)
    • 4d75956 Build: CI with Azure Pipelines (#11845) (Toru Nagashima)
    • 1db3462 Chore: rm superfluous argument & fix perf-multifiles-targets (#11834) (薛定谔的猫)
    • c57a4a4 Upgrade: @ babel/polyfill => core-js v3 (#11833) (薛定谔的猫)
    • 65faa04 Docs: Clarify prefer-destructuring array/object difference (fixes #9970) (#11851) (Oliver Sieweke)
    • 81c3823 Fix: require-atomic-updates reports parameters (fixes #11723) (#11774) (Toru Nagashima)
    • aef8ea1 Sponsors: Sync README with website (ESLint Jenkins)
  • 6.0.0-rc.0 - 2019-06-10
    • f403b07 Update: introduce minKeys option to sort-keys rule (fixes #11624) (#11625) (Christian)
    • 87451f4 Fix: no-octal should report NonOctalDecimalIntegerLiteral (fixes #11794) (#11805) (Milos Djermanovic)
    • e4ab053 Update: support "bigint" in valid-typeof rule (#11802) (Colin Ihrig)
    • e0fafc8 Chore: removes unnecessary assignment in loop (#11780) (Dimitri Mitropoulos)
    • 20908a3 Docs: removed '>' prefix from from docs/working-with-rules (#11818) (Alok Takshak)
    • 1c43eef Sponsors: Sync README with website (ESLint Jenkins)
    • 21f3131 Fix: overrides handle relative paths as expected (fixes #11577) (#11799) (Toru Nagashima)
    • 5509cdf Fix: fails the test case if autofix made syntax error (fixes #11615) (#11798) (Toru Nagashima)
    • cb1922b Fix: show custom message for namespace import (fixes #11580) (#11791) (Pig Fang)
    • 37e5193 Update: add endColumn to no-useless-escape (fixes #11629) (#11790) (Pig Fang)
    • ad4b048 Build: Fix typo in blog post template (fixes #11614) (#11782) (Kai Cataldo)
    • 9590587 Update: improve reported location of arrow-parens (fixes #11773) (#11775) (Pig Fang)
    • d662b17 New: Add classname attribute to JUnit testcase (refs #11068) (#11683) (Fabio Pitino)
    • 8eaa9b2 Chore: remove incorrect comment (#11769) (薛定谔的猫)
    • 4039a49 Chore: add .github/funding.yml (#11764) (Toru Nagashima)
  • 6.0.0-alpha.2 - 2019-05-25
    • 9b87fee Chore: Fix formatter documentation generation (#11767) (Ilya Volodin)
    • f116208 Chore: Fix site generation script for releases (#11766) (Ilya Volodin)
    • cf9cce8 Update: Add never option for new-parens (refs #10034) (#11379) (pfgithub)
    • b5fa149 New: multiple processors support (fixes #11035, fixes #11725) (#11552) (Toru Nagashima)
    • 2d32a9e Breaking: stricter rule config validating (fixes #9505) (#11742) (薛定谔的猫)
    • 71716eb Update: add fixer for no-div-regex rule (fixes #11355) (#11744) (joe-re)
    • 53f7f4c Update: Uniform messages for the rules in "complexity" section (#11759) (Igor Novozhilov)
    • 0a801d7 Chore: improve perf test (#11756) (薛定谔的猫)
    • 45bd336 Docs: add about RuleTester's parser to migration guide (fixes #11728) (

… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment