OpenZeppelin / defender-client

Monorepo for all defender-client npm packages
https://docs.openzeppelin.com/defender/
MIT License
56 stars 47 forks source link

[Snyk] Fix for 4 vulnerabilities #607

Open tirumerla opened 1 month ago

tirumerla commented 1 month ago

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning ``` Failed to update the yarn.lock, please update manually before merging. ```

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916
  848  
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917
  848  
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918
  848  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793
  833  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher

🚮 Removed packages: npm/@babel/code-frame@7.24.2, npm/@babel/helper-validator-identifier@7.24.5, npm/@babel/highlight@7.24.5, npm/@eslint-community/eslint-utils@4.4.0, npm/@eslint-community/regexpp@4.10.0, npm/@eslint/eslintrc@2.1.4, npm/@eslint/js@8.57.0, npm/@humanwhocodes/config-array@0.11.14, npm/@humanwhocodes/module-importer@1.0.1, npm/@jest/expect-utils@29.7.0, npm/@jest/schemas@29.6.3, npm/@jest/types@29.6.3, npm/@nodelib/fs.scandir@2.1.5, npm/@nodelib/fs.stat@2.0.5, npm/@nodelib/fs.walk@1.2.8, npm/@npmcli/fs@3.1.0, npm/@nx/nx-darwin-arm64@16.10.0, npm/@nx/nx-darwin-x64@16.10.0, npm/@nx/nx-freebsd-x64@16.10.0, npm/@nx/nx-linux-arm-gnueabihf@16.10.0, npm/@nx/nx-linux-arm64-gnu@16.10.0, npm/@nx/nx-linux-arm64-musl@16.10.0, npm/@nx/nx-linux-x64-gnu@16.10.0, npm/@nx/nx-linux-x64-musl@16.10.0, npm/@nx/nx-win32-arm64-msvc@16.10.0, npm/@nx/nx-win32-x64-msvc@16.10.0, npm/@sinclair/typebox@0.27.8, npm/@types/glob@8.1.0, npm/@types/istanbul-lib-coverage@2.0.6, npm/@types/istanbul-lib-report@3.0.3, npm/@types/istanbul-reports@3.0.4, npm/@types/jest@29.5.12, npm/@types/json-schema@7.0.15, npm/@types/lodash@4.17.4, npm/@types/minimatch@5.1.2, npm/@types/node@16.18.97, npm/@types/semver@7.5.8, npm/@types/stack-utils@2.0.3, npm/@types/yargs-parser@21.0.3, npm/@types/yargs@17.0.32, npm/@typescript-eslint/eslint-plugin@5.62.0, npm/@typescript-eslint/parser@5.62.0, npm/@typescript-eslint/scope-manager@5.62.0, npm/@typescript-eslint/type-utils@5.62.0, npm/@typescript-eslint/types@5.62.0, npm/@typescript-eslint/typescript-estree@5.62.0, npm/@typescript-eslint/utils@5.62.0, npm/@typescript-eslint/visitor-keys@5.62.0, npm/@ungap/structured-clone@1.2.0, npm/@yarnpkg/parsers@3.0.0-rc.46, npm/@zkochan/js-yaml@0.0.6, npm/ajv@6.12.6, npm/ansi-colors@4.1.3, npm/ansi-regex@5.0.1, npm/ansi-styles@4.3.0, npm/argparse@1.0.10, npm/array-union@2.1.0, npm/axios@1.7.2, npm/balanced-match@1.0.2, npm/bl@4.1.0, npm/brace-expansion@1.1.11, npm/braces@3.0.3, npm/chalk@4.1.2, npm/ci-info@3.9.0, npm/cli-cursor@3.1.0, npm/cli-spinners@2.6.1, npm/cliui@8.0.1, npm/color-convert@2.0.1, npm/color-name@1.1.4, npm/concat-map@0.0.1, npm/debug@4.3.4, npm/define-lazy-prop@2.0.0, npm/diff-sequences@29.6.3, npm/dir-glob@3.0.1, npm/dotenv-expand@10.0.0, npm/dotenv@16.3.2, npm/duplexer@0.1.2, npm/emoji-regex@8.0.0, npm/end-of-stream@1.4.4, npm/enquirer@2.3.6, npm/escalade@3.1.2, npm/escape-string-regexp@1.0.5, npm/eslint-scope@5.1.1, npm/eslint-visitor-keys@3.4.3, npm/eslint@8.57.0, npm/esprima@4.0.1, npm/esrecurse@4.3.0, npm/estraverse@5.3.0, npm/expect@29.7.0, npm/fast-glob@3.3.2, npm/fastq@1.17.1, npm/figures@3.2.0, npm/fill-range@7.1.1, npm/flat@5.0.2, npm/follow-redirects@1.15.6, npm/fs-constants@1.0.0, npm/fs-extra@11.2.0, npm/fs.realpath@1.0.0, npm/get-caller-file@2.0.5, npm/glob-parent@5.1.2, npm/glob@7.1.4, npm/globby@11.1.0, npm/graceful-fs@4.2.11, npm/graphemer@1.4.0, npm/has-flag@4.0.0, npm/ignore@5.3.1, npm/inflight@1.0.6, npm/inherits@2.0.4, npm/is-docker@2.2.1, npm/is-extglob@2.1.1, npm/is-fullwidth-code-point@3.0.0, npm/is-glob@4.0.3, npm/is-number@7.0.0, npm/is-wsl@2.2.0, npm/jest-diff@29.7.0, npm/jest-get-type@29.6.3, npm/jest-matcher-utils@29.7.0, npm/jest-message-util@29.7.0, npm/jest-util@29.7.0, npm/js-tokens@4.0.0, npm/js-yaml@3.14.1, npm/json5@2.2.3, npm/jsonc-parser@3.2.0, npm/jsonfile@6.1.0, npm/lines-and-columns@2.0.4, npm/lru-cache@6.0.0, npm/merge2@1.4.1, npm/micromatch@4.0.7, npm/mimic-fn@2.1.0, npm/minimatch@3.1.2, npm/minimist@1.2.8, npm/ms@2.1.2, npm/natural-compare-lite@1.4.0, npm/node-addon-api@3.2.1, npm/node-gyp-build@4.8.1, npm/node-machine-id@1.1.12, npm/npm-run-path@4.0.1, npm/once@1.4.0, npm/onetime@5.1.2, npm/open@8.4.2, npm/path-is-absolute@1.0.1, npm/path-key@3.1.1, npm/path-type@4.0.0, npm/picocolors@1.0.1, npm/picomatch@2.3.1, npm/pretty-format@29.7.0, npm/queue-microtask@1.2.3, npm/react-is@18.3.1, npm/readable-stream@3.6.2, npm/require-directory@2.1.1, npm/restore-cursor@3.1.0, npm/reusify@1.0.4, npm/run-parallel@1.2.0, npm/semver@7.5.3, npm/signal-exit@3.0.7, npm/slash@3.0.0, npm/sprintf-js@1.0.3, npm/stack-utils@2.0.6, npm/string-width@4.2.3, npm/string_decoder@1.3.0, npm/strip-ansi@6.0.1, npm/strip-bom@3.0.0, npm/strong-log-transformer@2.1.0, npm/tar-stream@2.2.0, npm/through@2.3.8, npm/tmp@0.2.3, npm/to-regex-range@5.0.1, npm/tsconfig-paths@4.2.0, npm/tsutils@3.21.0, npm/undici-types@5.26.5, npm/universalify@2.0.1, npm/util-deprecate@1.0.2, npm/v8-compile-cache@2.3.0, npm/wrap-ansi@7.0.0, npm/wrappy@1.0.2, npm/y18n@5.0.8, npm/yallist@4.0.0, npm/yargs-parser@21.1.1, npm/yargs@17.7.2

View full report↗︎