search

captainyarr / popcorntime-ce-desktop

official desktop repository of original popcorn time community edition
Other
21 stars 2 forks source link

[Snyk] Fix for 1 vulnerabilities #230

Closed captainyarr closed 3 months ago

captainyarr commented 12 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: rimraf The new version differs by 40 commits.
  • 3b6b098 4.0.0
  • e0cffea ci: reduce workload even more
  • 0e6646d ci: remove unnecessary lint filter
  • 546e017 update action versions
  • 6d88a65 tone down benchmark intensity
  • 842a8d2 fix benchmark workflow yaml
  • 1b91697 chore: add copyright year to license
  • 08bbb06 rewrite in TS, export hybrid, update changelog, docs
  • 1b3f46e drop support for node versions below 14
  • 2e1f003 gh actions workflow for benchmarks
  • 52f9370 tests for retry-busy behavior
  • 188e3ed don't test on very old node versions
  • d1d5495 test for fix-eperm
  • e7501cd prettier formatting
  • 40f64ec windows: only fall back to move-remove when absolutely necessary
  • b6f7819 update tap
  • 99496cd test: run posix test on windows, why not?
  • 51d43c1 benchmarks
  • 6b8aa29 doc: correct os.tmp default
  • 4b228c9 do not ever actually try to rmdir /
  • 2442655 consolidate all the spellings of 'opt' into one
  • d4eec2e add cli script
  • 0c82d74 accept strings, arrays of strings, and no other types
  • ad4f2db Do not rimraf /, override with preserveRoot:false
See the full diff
Package name: webtorrent The new version differs by 250 commits.
  • 71d1894 chore(release): 1.9.0
  • 9abd966 fix(deps): update dependency fs-chunk-store to v3 (#2380)
  • fca48ee chore: require Node.js 14
  • 7ef22f7 feat: add chitchatter link (#2388)
  • d533ee0 chore(deps): update dependency @ webtorrent/semantic-release-config to v1.0.8
  • 274ab97 chore(release): 1.8.32
  • 8fadd4f fix(deps): update dependency torrent-discovery to ^9.4.14
  • c6c4fa8 chore(release): 1.8.31
  • 34089f8 fix(deps): update dependency bittorrent-dht to ^10.0.6 (#2384)
  • 024f397 Change link of repojacking vulnerable link (#2382)
  • 7918b9c chore(deps): update actions/stale action to v6 (#2378)
  • ea3ce20 chore(deps): update dependency tape to v5.6.1
  • 75f5bb7 chore(release): 1.8.30
  • 05d27bf fix: return duplicate torrent on Webtorrent.add() (#2372)
  • f17a40f chore(release): 1.8.29
  • 03a0f50 fix(deps): update dependency create-torrent to ^5.0.6
  • fa9129d chore(release): 1.8.28
  • 681a7b3 Merge pull request #2367 from webtorrent/renovate_join-async-iterator-1.x
  • d080939 Merge pull request #2365 from webtorrent/renovate_fast-blob-stream-1.x
  • e873b9f chore(release): 1.8.27
  • 09b9958 fix(deps): update dependency join-async-iterator to ^1.1.1
  • 18aec60 Merge pull request #2349 from ThaUnknown/multistream
  • 6666eb4 Merge pull request #2339 from ThaUnknown/streamx
  • a441dea fix(deps): update dependency fast-blob-stream to ^1.1.1
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/captainyarr/project/93cfe595-604d-45b5-a6c9-04ccc80b8ae2?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/captainyarr/project/93cfe595-604d-45b5-a6c9-04ccc80b8ae2?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"6b518261-c8c1-4623-acb6-bfdb016f30fb","prPublicId":"6b518261-c8c1-4623-acb6-bfdb016f30fb","dependencies":[{"name":"rimraf","from":"3.0.2","to":"4.0.0"},{"name":"webtorrent","from":"0.115.4","to":"1.9.0"}],"packageManager":"npm","projectPublicId":"93cfe595-604d-45b5-a6c9-04ccc80b8ae2","projectUrl":"https://app.snyk.io/org/captainyarr/project/93cfe595-604d-45b5-a6c9-04ccc80b8ae2?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-INFLIGHT-6095116"],"upgrade":["SNYK-JS-INFLIGHT-6095116"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)