[Snyk] Fix for 8 vulnerabilities

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPCGRPCJS-1038818	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: passport

The new version differs by 31 commits.

c33067b 0.6.0
3052bb4 Update changelog.
42630cb Merge pull request #900 from jaredhanson/fix-fixation
8dd79fe Use utils-merge rather than Object.assign for compatibility.
4f6bd5b Change keepSessionData to keepSessionData.
46756e5 Silence verbose logging.
987b191 Add tests.
f8a175f Add tests.
29a90d6 No need to guard callback existence.
bfba8a1 Add tests.
17111d7 Add option to keep session data on logout.
a349c2b Add option to keep session data.
e69834e Add optional options to login and logout.
8825a9a Add tests.
c1991cf Add tests.
294f22c Better session detection and exceptions.
80cc4e3 Add tests.
3001654 Add tests.
b395106 Clean up tests.
cfa8259 Add tests.
ee0bf81 Add tests.
cc7606c Add tests.
71c54f6 Add test.
88c1f1b Handle logout without session manager.

See the full diff

Package name: redact-pii

The new version differs by 9 commits.

12377e9 Update npm packages
e405af9 Merge pull request #65 from solvvy/feature/updating-libraries
1f1688e bumped version to 3.3.0
fc7d26a ran prettier
d8a3d16 updated change log
22f0757 updating the dependent libraries
3a3f076 Create pull_request_template.md
8b705fa Bump version to 3.2.3
860d459 Downgrade @ google-cloud/dlp to avoid memory leak

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution 🦉 Prototype Pollution 🦉 Open Redirect 🦉 More lessons are available in Snyk Learn

CLAassistant commented 1 year ago

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

jrhender commented 1 year ago

Related to #342

nichonien commented 1 year ago

passport`` updated as part of https://github.com/energywebfoundation/passport-did-auth/pull/347. redact-pii` updated as part of https://github.com/energywebfoundation/passport-did-auth/pull/354.

energywebfoundation / passport-did-auth