PatOnTheBack
Repos
31
Followers
1

Events

[Snyk] Security upgrade web-ext from 2.9.2 to 7.5.0

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 599/1000 Why? Has a fix available, CVSS 7.7 | Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020 | Yes | No Known Exploit medium severity | 534/1000 Why? Has a fix available, CVSS 6.4 | Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022 | Yes | No Known Exploit medium severity | 539/1000 Why? Has a fix available, CVSS 6.5 | Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024 | Yes | No Known Exploit medium severity | 554/1000 Why? Has a fix available, CVSS 6.8 | Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026 | Yes | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

Created at 1 week ago

fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020
  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022
  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024
  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026
Created at 1 week ago
PatOnTheBack create branch snyk-fix-7c0ce7790e4fc47b809b9255396d634a
Created at 1 week ago
pull request opened
[Snyk] Security upgrade phantomas from 1.19.0 to 1.20.1

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- low severity | 461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433 | No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Created at 4 weeks ago
PatOnTheBack create branch snyk-fix-e5649e43c2347e4b35cfdc68400f173e
Created at 4 weeks ago

fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

  • https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
Created at 4 weeks ago
PatOnTheBack create branch snyk-fix-9d7c8eb170f8b6aba6aae4501f940104
Created at 4 weeks ago
pull request opened
[Snyk] Security upgrade github from 2.6.0 to 12.0.4

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • utils/labeller/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- low severity | 461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433 | Yes | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Created at 4 weeks ago

fix: utils/labeller/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

  • https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
Created at 4 weeks ago
PatOnTheBack create branch snyk-fix-4ddae876cddb9461d430e433dbe98942
Created at 1 month ago

fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

  • https://snyk.io/vuln/SNYK-JS-JSZIP-3188562
Created at 1 month ago
PatOnTheBack create branch snyk-fix-8a10120ed8ae987f2623a34958255ce6
Created at 1 month ago

fix: test/rules/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:

  • https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
Created at 1 month ago
pull request opened
[Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/rules/requirements.txt

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-SETUPTOOLS-3180412 | setuptools: 39.0.1 -> 65.5.1 | No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Created at 1 month ago
pull request opened
[Snyk] Security upgrade probot from 6.2.1 to 11.0.0

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • utils/issue-format-bot/package.json
    • utils/issue-format-bot/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7 | Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020 | Yes | No Known Exploit medium severity | 611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 | Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022 | Yes | No Known Exploit medium severity | 611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 | Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024 | Yes | No Known Exploit medium severity | 526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8 | Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026 | Yes | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

Created at 1 month ago
PatOnTheBack create branch snyk-fix-59dbc5d8ece5e2e1a448f8b57f65ba60
Created at 1 month ago

fix: utils/issue-format-bot/package.json & utils/issue-format-bot/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020
  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022
  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024
  • https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026
Created at 1 month ago
PatOnTheBack create branch snyk-fix-92606f76f201ddf71b77f525075f9f12
Created at 1 month ago

fix: test/rules/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:

  • https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749
Created at 1 month ago
PatOnTheBack delete branch snyk-fix-92606f76f201ddf71b77f525075f9f12
Created at 1 month ago
pull request opened
[Snyk] Fix for 1 vulnerabilities

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution SNYK-JS-QS-3153490 | No | Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

See the full diff

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Created at 2 months ago
PatOnTheBack create branch snyk-fix-b276613f40203f8df15106cf711e1b7f
Created at 2 months ago

fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:

  • https://snyk.io/vuln/SNYK-JS-QS-3153490
Created at 2 months ago
PatOnTheBack create branch snyk-fix-0327537c588c053af7dc6ad5d91bedd8
Created at 2 months ago

fix: test/rules/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:

  • https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904
Created at 2 months ago
pull request opened
[Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/rules/requirements.txt

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- low severity | 441/1000 Why? Recently disclosed, Has a fix available, CVSS 3.1 | Regular Expression Denial of Service (ReDoS) SNYK-PYTHON-SETUPTOOLS-3113904 | setuptools: 39.0.1 -> 65.5.1 | No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Created at 2 months ago