search

Watemlifts / hydrogen

:atom: Run code interactively, inspect data, and plot. All the power of Jupyter kernels, inside your favorite text editor.
https://nteract.gitbooks.io/hydrogen/
MIT License
1 stars 0 forks source link

[Snyk] Fix for 11 vulnerabilities #49

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-JS-MOMENT-2440688		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Input Validation
SNYK-JS-URLPARSE-1078283		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Open Redirect
SNYK-JS-URLPARSE-1533425		 Yes Proof of Concept
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4		 Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 Yes Proof of Concept
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4		 Authorization Bypass
SNYK-JS-URLPARSE-2407759		 Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Improper Input Validation
SNYK-JS-URLPARSE-2407770		 Yes Proof of Concept
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697		 Yes Proof of Concept
low severity 410/1000
Why? Has a fix available, CVSS 3.7		 Insecure Configuration
SNYK-JS-VEGAEMBED-567898		 Yes No Known Exploit
medium severity 531/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.2		 Prototype Pollution
SNYK-JS-VEGAUTIL-559223		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @jupyterlab/services The new version differs by 250 commits.
  • bdee06a bump version
  • 8c97d20 New version
  • 12e22df Update milestone git commit range
  • 36e0512 Merge pull request #9505 from jasongrout/linkcheck
  • 14cf824 Fix another broken link
  • 2fc3c9c Add back in the changelog link checks
  • 146ffe2 Fix broken link
  • 136d2ec Merge pull request #9252 from jasongrout/extdevdocs
  • e76cf90 Prime link cache by ignoring changelog
  • e2a7951 Cache requests when doing the linkcheck ci test.
  • 6b245e5 Merge pull request #9503 from jasongrout/jlabserver
  • 86d336c Fix typo
  • 3fdb311 Update jupyterlab_server dependency to 2.0 final release.
  • 85f84ee Mention property inspector moved to right sidebar.
  • 1d07008 Delete duplicate docs.
  • 0378597 Fix JLab docs to point to new generated typedoc docs.
  • 4d0d373 Add typedoc module names in ensure-package script.
  • 64fbeaa Add blank line after copyright
  • 717266d Fix typo
  • a45b789 Edit user-level documentation to consistently use source and prebuilt terms.
  • 642a906 Change user-facing terminology from federated to prebuilt.
  • 04c32ef More editing about prebuilt workflow
  • c0316e3 Delete outdated information on packaging extensions
  • ecda1b7 Continuing editing about css files and prebuilt extensions.
See the full diff
Package name: ws The new version differs by 94 commits.
  • 6dd88e7 [dist] 5.2.3
  • 76d47c1 [security] Fix ReDoS vulnerability
  • 5d55e52 [dist] 5.2.2
  • 8aba871 [fix] Fix use after invalidation bug
  • 175ce46 [dist] 5.2.1
  • 307be7a [fix] Remove the `'data'` listener when the receiver emits an error
  • 6046a28 [fix] Do not prematurely remove the listener of the `'data'` event
  • bf9b2ec chore(package): update nyc to version 12.0.2 (#1395)
  • bcab531 chore(package): update eslint-plugin-promise to version 3.8.0 (#1389)
  • e4d032c [dist] 5.2.0
  • e7bfe5f chore(package): update mocha to version 5.2.0 (#1385)
  • 6dae94b chore(package): update eslint-plugin-import to version 2.12.0 (#1384)
  • aebda2b chore(package): update nyc to version 11.8.0 (#1382)
  • d871bdf [feature] Add `headers` argument to `verifyClient()` callback (#1379)
  • bb9c21c [test] Fix failing test on node 10
  • 6d8f1f4 [ci] Test on node 10
  • 4385c78 [doc] Add `request` to emit arguments in shared server example (#1372)
  • 690b3f2 [minor] Replace bound function with arrow function
  • 9dc25a3 chore(package): update nyc to version 11.7.1 (#1364)
  • a81e580 chore(package): update mocha to version 5.1.0 (#1362)
  • 3215cf3 chore(package): update eslint-plugin-import to version 2.11.0 (#1361)
  • 0100d82 [doc] Improve FAQ example for X-Forwarded-For header (#1360)
  • c801e99 [doc] Improve docs and examples (#1355)
  • 10c92ff [dist] 5.1.1
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal 🦉 Open Redirect