akamai / cli-edgeworkers

Akamai CLI for EdgeWorkers, allows you to interact with EdgeWorkers APIs via a command line interface
Apache License 2.0
19 stars 24 forks source link

[Snyk] Security upgrade crypto-js from 4.1.1 to 4.2.0 #138

Open hkambham opened 1 year ago

hkambham commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **716/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 8.6 | Use of Weak Hash
[SNYK-JS-CRYPTOJS-6028119](https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: crypto-js The new version differs by 23 commits.
  • ac34a5a Merge branch 'release/4.2.0' into develop
  • d5af3ae Update release notes.
  • 9496e07 Bump version.
  • 421dd53 Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.
  • d1f4f4d Update grunt.
  • 1da3dab Discontinued
  • 4dcaa7a Merge pull request #380 from Alanscut/dev
  • 762feb2 chore: rename BF to Blowfish
  • fb81418 feat: blowfish support
  • c8a2312 Merge pull request #379 from Alanscut/dev
  • 09ee2ab feat: custom KDF hasher
  • 0229694 Merge branch 'develop' of ssh://github.com/brix/crypto-js into develop
  • df09288 Remove travis status, as travis is not used anymore.
  • 6703e79 Merge pull request #285 from paulmwatson/develop
  • d50d964 No es default param.
  • 4840268 Merge pull request #378 from Elity/develop
  • f92ddc0 Merge pull request #377 from Alanscut/dev
  • fe84967 fix: es-check error
  • ca7384f test: add test case,using salt in the config
  • dcc3848 fix:The "cfg.salt" parameter don't work
  • ecfe2e4 Update dev dependencies.
  • a4dac50 Merge branch 'release/4.1.1' into develop
  • 71ad0bc Minor typo fix: varialbes => variables
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/swathimr/project/3a8aa828-322c-4f2d-be2f-668fae598e09?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/swathimr/project/3a8aa828-322c-4f2d-be2f-668fae598e09?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"09b3d400-3329-4d03-b23e-c120f7c5c0bf","prPublicId":"09b3d400-3329-4d03-b23e-c120f7c5c0bf","dependencies":[{"name":"crypto-js","from":"4.1.1","to":"4.2.0"}],"packageManager":"npm","projectPublicId":"3a8aa828-322c-4f2d-be2f-668fae598e09","projectUrl":"https://app.snyk.io/org/swathimr/project/3a8aa828-322c-4f2d-be2f-668fae598e09?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-CRYPTOJS-6028119"],"upgrade":["SNYK-JS-CRYPTOJS-6028119"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[716],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Use of Weak Hash](https://learn.snyk.io/lesson/insecure-hash/?loc=fix-pr)