caiquesergio / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade juicy-chat-bot from 0.6.6 to 0.7.1 #17

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 816/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.9
Sandbox Escape
SNYK-JS-VM2-5415299
No Proof of Concept
critical severity 883/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.8
Sandbox Escape
SNYK-JS-VM2-5422057
No Proof of Concept
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8
Improper Handling of Exceptional Conditions
SNYK-JS-VM2-5426093
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: juicy-chat-bot The new version differs by 8 commits.
  • 11bbd8b Bump CI/CD to Node.js 18
  • 3b677b5 Bump to v0.7.1
  • 4a90dc5 Merge remote-tracking branch 'origin/develop' into develop
  • 7b32e43 Pin version of VM2 to 3.9.17 without vulnerability (#14)
  • 8e63414 Pin version of VM2 to 3.9.17 without vulnerability (#14)
  • 61a1f1a Bump version
  • 5ef0011 Add typescript definition for juicy-chat-bot
  • d816d29 Bump copyright notes to include 2023
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication