[Snyk] Upgrade is-ipfs from 2.0.0 to 6.0.2

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade is-ipfs from 2.0.0 to 6.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released a year ago, on 2021-08-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: is-ipfs

• 6.0.2 - 2021-08-23
  No content.
• 6.0.1 - 2021-07-07
  No content.
• 6.0.0 - 2021-07-07
  

  chore

  • update to new multiformats (#42) (22bf9b7)

  BREAKING CHANGES

  • uses the CID class from the new multiformats module
• 5.0.0 - 2021-04-19
  

  BREAKING CHANGES

  • Major version bumps of multiaddr mafmt and aegir dependencies
• 4.0.0 - 2021-03-03
  

  Bug Fixes

  • peerMultiaddr: require /p2p/{key} (#40) (25a2436), closes #38

  Features

  • add types (#39) (4a96bde)

  BREAKING CHANGES

  • peerMultiaddr: /dnsaddr without explicit /p2p/{libp2p-key} is no longer a valid peer multiaddr.
    See #38 for rationale why.
• 3.0.0 - 2021-02-03
  

  Features

  • dnsaddr support in peerMultiaddr (#35) (4a4710d)
  • subdomain: support inlined DNSLink names (#36) (7ab7125)

  (potentially) BREAKING CHANGES:

  • peerMultiaddr returns true for /dnsaddr/bootstrap.libp2p.io (without explicit /p2p/{libp2p-key} suffix)
  • ipnsSubdomain returns true for inlined DNSLink names (ipfs/kubo#7847) and false for invalid DNS labels
• 2.0.0 - 2020-08-10
  

  Bug Fixes

  • replace node buffers with uint8arrays (#34) (ac5ec19)

  BREAKING CHANGES

  • this module now only has deps that use Uint8Arrays and not Buffers

from is-ipfs GitHub release notes

Commit messages

Package name: is-ipfs

• 393859a chore: release version v6.0.2
• aad6aac chore: update contributors
• db04c9c chore: update deps ([Snyk] Upgrade ipfs-or-gateway from 2.1.0 to 4.1.0 #46)
• bb4420e chore: release version v6.0.1
• 7f51db2 chore: update contributors
• 6d9433b chore: update deps ([Snyk] Upgrade delay from 4.3.0 to 5.0.0 #43)
• 18de404 docs: updated cid check
• 9c92207 chore: release version v6.0.0
• 12f1e44 chore: update contributors
• 22bf9b7 chore: update to new multiformats ([Snyk] Upgrade countly-sdk-nodejs from 19.8.0 to 22.2.0 #42)
• f7fe63c chore: release version v5.0.0
• ae1cb3a chore: update contributors
• 9e69af5 chore: update deps ([Snyk] Upgrade it-all from 1.0.2 to 1.0.6 #41)
• 4d232b7 chore: release version v4.0.0
• 2ce4287 chore: update contributors
• 172599a chore: bump deps
• 25a2436 fix(peerMultiaddr): require /p2p/{key} ([Snyk] Upgrade fs-extra from 9.0.1 to 10.1.0 #40)
• 4a96bde feat: add types ([Snyk] Upgrade electron-notarize from 1.0.0 to 1.2.1 #39)
• ec5868b docs: clarify peerMultiaddr match
• 7c52ad8 docs: ipnsSubdomain with inlined DNSLink
• a52916a chore: release version v3.0.0
• 12ec6bb chore: update contributors
• 9a313aa docs: peerMultiaddr with /dnsaddr
• d251cdb chore: dependency updates

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs