swarmcity / SwarmCityDapp

Swarm City dApp FrontEnd
MIT License
28 stars 10 forks source link

[Snyk] Security upgrade ipfs-api from 24.0.2 to 26.0.3 #920

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-NODEFORGE-598677
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ipfs-api The new version differs by 21 commits.
  • f382ac0 chore: release version v26.0.3
  • 2856afe chore: update contributors
  • 7fb2cff chore: release version v26.0.2
  • 75e0771 chore: update contributors
  • ddf8bee chore: release version v26.0.1
  • a8f37d6 chore: update contributors
  • 0b46750 fix: pin.ls ignored opts when hash was present (#875)
  • 9eaaea3 chore: release version v26.0.0
  • 3f927a9 chore: update contributors
  • 979d8b5 fix: add missing and remove unused dependencies (#879)
  • 0652ac0 chore: update to ipld-dag-cbor 0.13
  • c534375 chore: remove ipld formats re-export (#872)
  • ef49e95 feat: ipns over pubsub (#846)
  • 14a4471 chore: release version v25.0.0
  • 07d6351 chore: update contributors
  • 834934f fix: add bl module to package dependencies (#853) (#854)
  • 68503cc chore: require just functions needed from lodash (#865)
  • c510cb7 fix: add lodash dependency (#873)
  • 180da77 fix: >150mb bodies no longer crashing Chromium (#868)
  • afc5724 chore: set minimal node version to 8 (#847)
  • 118a965 small fix to bundle-browserify for recent js-ipfs-api (#849)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic