Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: ethereumjs-util, source-map-support, ganache-core, sha3, webpack, webpack-cli, yargs #45

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Upgrade: ethereumjs-util, source-map-support, ganache-core, sha3, webpack, webpack-cli, yargs #45

wants to merge 1 commit into from

Conversation

satoshinakamoto007
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

ethereumjs-util
from 6.1.0 to 6.2.1 | 2 versions ahead of your current version | 4 years ago
on 2020-07-16
source-map-support
from 0.5.12 to 0.5.21 | 9 versions ahead of your current version | 3 years ago
on 2021-11-19
ganache-core
from 2.10.2 to 2.13.2 | 33 versions ahead of your current version | 4 years ago
on 2021-01-12
sha3
from 1.2.2 to 1.2.6 | 4 versions ahead of your current version | 5 years ago
on 2019-12-05
webpack
from 4.35.3 to 4.47.0 | 28 versions ahead of your current version | a year ago
on 2023-09-06
webpack-cli
from 3.1.0 to 3.3.12 | 19 versions ahead of your current version | 4 years ago
on 2020-06-18
yargs
from 13.2.4 to 13.3.2 | 2 versions ahead of your current version | 4 years ago
on 2020-03-13

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 624 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 624 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 624 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 624 No Known Exploit
high severity Prototype Pollution
SNYK-JS-AJV-584908		 624 No Known Exploit
high severity Prototype Pollution
SNYK-JS-AJV-584908		 624 No Known Exploit
high severity Prototype Pollution
SNYK-JS-Y18N-1021887		 624 Proof of Concept
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 624 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 624 No Known Exploit
high severity Prototype Pollution
SNYK-JS-COPYPROPS-1082870		 624 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 624 Proof of Concept
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 624 Proof of Concept
high severity Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 624 Proof of Concept
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 624 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 624 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 624 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 624 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 624 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 624 No Known Exploit
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 624 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 624 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746		 624 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 624 Proof of Concept
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 624 No Known Exploit
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683		 624 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 624 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239		 624 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 624 No Known Exploit
high severity Remote Memory Exposure
SNYK-JS-BL-608877		 624 Proof of Concept
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 624 Proof of Concept
high severity Prototype Pollution
SNYK-JS-INI-1048974		 624 Proof of Concept
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 624 No Known Exploit
high severity Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 624 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		 624 Proof of Concept
high severity Command Injection
SNYK-JS-GLOBALMODULESPATH-3167973		 624 Proof of Concept
high severity Prototype Pollution
SNYK-JS-Y18N-1021887		 624 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 624 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 624 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 624 Proof of Concept
medium severity Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-DECOMPRESS-557358		 624 Proof of Concept
medium severity Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-DECOMPRESSTAR-559095		 624 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 624 No Known Exploit
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 624 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		 624 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 624 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 624 No Known Exploit
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 624 No Known Exploit
medium severity Timing Attack
SNYK-JS-ELLIPTIC-511941		 624 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 624 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		 624 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 624 No Known Exploit
medium severity Timing Attack
SNYK-JS-ELLIPTIC-511941		 624 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		 624 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 624 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 624 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 624 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 624 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 624 No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 624 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 624 No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 624 Proof of Concept
low severity Validation Bypass
SNYK-JS-KINDOF-537849		 624 Proof of Concept
Release notes
Package name: ethereumjs-util
  • 6.2.1 - 2020-07-16

    Other Features

    • Stricter prefixed hex typing, PRs #3348, #3427 and #3357 (some changes removed in PR #3382 for backwards compatibility reasons, will be reintroduced along upcoming breaking releases)

    Bugfixes

    • Fixes an issue in the delete operation used for unhashed tries and pruning activated which resulted in a wrong state root (bad!), PR #3333
  • 6.2.0 - 2019-11-07
  • 6.1.0 - 2019-02-12
from ethereumjs-util GitHub release notes
Package name: source-map-support from source-map-support GitHub release notes
Package name: ganache-core
  • 2.13.2 - 2021-01-12

     Highlights    How to Upgrade    Changelog    Related Releases 

    We're moving to a betalatest release pipeline, where all non-hotfix changes are first released in a beta before being promoted to a stable release.

    We'd love it if you'd start using the latest betas and let us know early and often if you find any bugs or regressions!

    Highlights

    v2.13.2 – Taco Tuesday 🌮

    It's Tuesday. And you know what that means, don't you? Tacos! And tacos are delicious. And do you know what else is delicious? This release! It's got a couple of new bug fixes you'll want to check out, especially if you use the forking feature.

    Bon appetit!

    How to Upgrade

    Upgrade to the latest version of ganache-core by running:

    npm

    npm uninstall ganache-core
npm install ganache-core@latest

    yarn

    yarn remove ganache-core
yarn add ganache-core@latest

    Changelog

    Fixes:

    • fix: add removed field to Log JSON (#651)
    • fix: storage value encoding in forked trie. (#658)
    • fix: handle failure to retrieve net_version when forking (#676)

    Chores:

    • chore: update eth-sig-util to v3.0.0 (#711)

    Related Releases

    💖 The Truffle Team

  • 2.13.2-tezos.2 - 2021-02-16
  • 2.13.2-tezos.0 - 2021-02-03
  • 2.13.1 - 2020-10-26

     Highlights    How to Upgrade    Changelog    Related Releases 

    We're moving to a betalatest release pipeline, where all non-hotfix changes are first released in a beta before being promoted to a stable release.

    We'd love it if you'd start using the latest betas and let us know early and often if you find any bugs or regressions!

    Highlights

    v2.13.1 – Johnnycake Cobblers 2 🎂

    This release is exactly like the last one, but it works around an npm bug that causes installations to sometimes fail in Node v12 with npm v6. The rest of these notes are the same as the last release's.

    Johnnycake Cobblers: another dessert with a weird name. Someone really should cook up all the release names we've used for us Trufflers to try one day! 😋

    This release brings Node v14 compatibility and a new feature!

    How to Upgrade

    Upgrade to the latest version of ganache-core by running:

    npm

    npm uninstall ganache-core
npm install ganache-core@latest

    yarn

    yarn remove ganache-core
yarn add ganache-core@latest

    Changelog

    Features:

    • feat: add ability to use blockHash with eth_getLogs (#639) Thanks, @ tynes!

    Fixes:

    • fix: update merkle-patricia-tree to v3.0.0 to support Node v14 (#636)
    • fix: fix snapshots for forking (#627) Thanks, @ seesemichaelj!
    • fix: remove dev dependencies from published package's shrinkwrap (#640)
    • fix: patch keccak to prevent Node v14 segfault (c26ba24)
    • fix: bundle patched version of keccak (c5e6db6)

    Misc:

    • test: throw if test contracts fail compilation (#633)
    • chore: simply release process (#638)
    • test: increase infura test timeouts so they stop failing in CI (#642)
    • chore: update CI's Node version to 14.13.0 (#641)
    • try npm 7 to see if it can prune --production and shrinkwrap without creating an invalid shrinkwrap file (4b3f588)
    • update to npm v7.0.0-rc.0 (2af3122)
    • chore: fix prepublish script for npm 7 (b30a886)

    Related Releases

    💖 The Truffle Team

  • 2.13.1-beta.1 - 2020-10-26

    2.13.1-beta.1

  • 2.13.1-beta.0 - 2020-10-19

    2.13.1-beta.0

  • 2.13.1-alpha.4 - 2020-10-19

    2.13.1-alpha.4

  • 2.13.1-alpha.2 - 2020-10-19

    2.13.1-alpha.2

  • 2.13.1-alpha.1 - 2020-10-19

    2.13.1-alpha.1

  • 2.13.1-alpha.0 - 2020-10-19

    2.13.1-alpha.0

  • 2.13.0 - 2020-10-09
  • 2.13.0-rc.0 - 2020-10-09
  • 2.13.0-beta.1 - 2020-10-07
  • 2.13.0-beta.0 - 2020-10-06
  • 2.13.0-alpha.2 - 2020-10-01
  • 2.13.0-alpha.1 - 2020-10-01
  • 2.13.0-alpha.0 - 2020-10-01
  • 2.12.2-beta.0 - 2020-09-29
  • 2.12.1 - 2020-09-28
  • 2.12.0 - 2020-09-28
  • 2.12.0-tezos.0 - 2020-12-03

    2.12.0-tezos.0

  • 2.12.0-beta.0 - 2020-09-15
  • 2.11.3 - 2020-09-08
  • 2.11.3-forking.0 - 2020-08-18
  • 2.11.3-filecoin-alpha - 2020-08-06
  • 2.11.3-beta.0 - 2020-08-25
  • 2.11.2 - 2020-08-05
  • 2.11.1 - 2020-08-05
  • 2.11.0 - 2020-08-05
  • 2.11.0-tezos.2 - 2020-06-10
  • 2.11.0-tezos.1 - 2020-05-29
  • 2.11.0-tezos.0 - 2020-05-28
  • 2.11.0-beta.0 - 2020-06-24
  • 2.10.2 - 2020-02-13
from ganache-core GitHub release notes
Package name: sha3
  • 1.2.6 - 2019-12-05

    This administrative release is identical to v1.2.5.
    When v1.2.5 was published, the native tag was not set. Due to package version immutability in npm registry, applying this tag required a version increment.

  • 1.2.5 - 2019-12-05

    This is a bugfix release for older Linux versions.

    • 🐛 Fix compatibility with gcc 4.8 (the default version provided with Ubuntu Trusty LTS).
  • 1.2.4 - 2019-12-01
    • 🐛 Fix compatibility with Node.js 13.x.
  • 1.2.3 - 2019-05-08

    This is a maintenance release, to address compatibility issues with Node.js 12.x, which removed some deprecated functions from the V8 add-on API used by the 1.x branch of this library. No functional changes are included in this release.

  • 1.2.2 - 2018-04-30
from sha3 GitHub release notes
Package name: webpack
  • 4.47.0 - 2023-09-06

    New Features

    New Contributors

    Full Changelog: v4.46.0...v4.47.0

  • 4.46.0 - 2021-01-11
  • 4.45.0 - 2021-01-08
  • 4.44.2 - 2020-09-17
  • 4.44.1 - 2020-07-30
  • 4.44.0 - 2020-07-24
  • 4.43.0 - 2020-04-21
  • 4.42.1 - 2020-03-24
  • 4.42.0 - 2020-03-02
  • 4.41.6 - 2020-02-11
  • 4.41.5 - 2019-12-27
  • 4.41.4 - 2019-12-19
  • 4.41.3 - 2019-12-16
  • 4.41.2 - 2019-10-15
  • 4.41.1 - 2019-10-11
  • 4.41.0 - 2019-09-24
  • 4.40.3 - 2019-09-24
  • 4.40.2 - 2019-09-13
  • 4.40.1 - 2019-09-13
  • 4.40.0 - 2019-09-12
  • 4.39.3 - 2019-08-27
  • 4.39.2 - 2019-08-13
  • 4.39.1 - 2019-08-02
  • 4.39.0 - 2019-08-01
  • 4.38.0 - 2019-07-26
  • 4.37.0 - 2019-07-23
  • 4.36.1 - 2019-07-17
  • 4.36.0 - 2019-07-17
  • 4.35.3 - 2019-07-08
from webpack GitHub release notes
Package name: webpack-cli
  • 3.3.12 - 2020-06-18

    chore(release): 3.3.12

  • 3.3.11 - 2020-02-11
  • 3.3.10 - 2019-10-31
  • 3.3.9 - 2019-09-17
  • 3.3.8 - 2019-09-05
  • 3.3.7 - 2019-08-18
  • 3.3.6 - 2019-07-14
  • 3.3.5 - 2019-06-23
  • 3.3.4 - 2019-06-11
  • 3.3.3 - 2019-06-07
  • 3.3.2 - 2019-05-04
  • 3.3.1 - 2019-04-21
  • 3.3.0 - 2019-03-15
  • 3.2.3 - 2019-02-05
  • 3.2.2 - 2019-02-05
  • 3.2.1 - 2019-01-07
  • 3.2.0 - 2019-01-03
  • 3.1.2 - 2018-09-29
  • 3.1.1 - 2018-09-23
  • 3.1.0 - 2018-07-18
from webpack-cli GitHub release notes
Package name: yargs
  • 13.3.2 - 2020-03-13
  • 13.3.0 - 2019-06-10

    Bug Fixes

    • deps: yargs-parser update addressing several parsing bugs (#1357) (e230d5b)

    Features

    • i18n: swap out os-locale dependency for simple inline implementation (#1356) (4dfa19b)
    • support defaultDescription for positional arguments (812048c)
  • 13.2.4 - 2019-05-13
from yargs GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"ethereumjs-util","from":"6.1.0","to":"6.2.1"},{"name":"source-map-support","from":"0.5.12","to":"0.5.21"},{"name":"ganache-core","from":"2.10.2","to":"2.13.2"},{"name":"sha3","from":"1.2.2","to":"1.2.6"},{"name":"webpack","from":"4.35.3","to":"4.47.0"},{"name":"webpack-cli","from":"3.1.0","to":"3.3.12"},{"name":"yargs","from":"13.2.4","to":"13.3.2"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ACORN-559469","issue_id":"SNYK-JS-ACORN-559469","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-Y18N-1021887","issue_id":"SNYK-JS-Y18N-1021887","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COPYPROPS-1082870","issue_id":"SNYK-JS-COPYPROPS-1082870","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NORMALIZEURL-1296539","issue_id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-567746","issue_id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-608086","issue_id":"SNYK-JS-LODASH-608086","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGET-2361683","issue_id":"SNYK-JS-SIMPLEGET-2361683","priority_score":761,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SSRI-1246392","issue_id":"SNYK-JS-SSRI-1246392","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-6139239","issue_id":"SNYK-JS-LODASH-6139239","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BL-608877","issue_id":"SNYK-JS-BL-608877","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3043105","issue_id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-GLOBALMODULESPATH-3167973","issue_id":"SNYK-JS-GLOBALMODULESPATH-3167973","priority_score":691,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-Y18N-1021887","issue_id":"SNYK-JS-Y18N-1021887","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HOSTEDGITINFO-1088355","issue_id":"SNYK-JS-HOSTEDGITINFO-1088355","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","issue_id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COOKIEJAR-3149984","issue_id":"SNYK-JS-COOKIEJAR-3149984","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"pr...

@snyk-bot
fix: upgrade multiple dependencies with Snyk
8f21bed 
Snyk has created this PR to upgrade:
  - ethereumjs-util from 6.1.0 to 6.2.1.
    See this package in npm: https://www.npmjs.com/package/ethereumjs-util
  - source-map-support from 0.5.12 to 0.5.21.
    See this package in npm: https://www.npmjs.com/package/source-map-support
  - ganache-core from 2.10.2 to 2.13.2.
    See this package in npm: https://www.npmjs.com/package/ganache-core
  - sha3 from 1.2.2 to 1.2.6.
    See this package in npm: https://www.npmjs.com/package/sha3
  - webpack from 4.35.3 to 4.47.0.
    See this package in npm: https://www.npmjs.com/package/webpack
  - webpack-cli from 3.1.0 to 3.3.12.
    See this package in npm: https://www.npmjs.com/package/webpack-cli
  - yargs from 13.2.4 to 13.3.2.
    See this package in npm: https://www.npmjs.com/package/yargs

See this project in Snyk:
https://app.snyk.io/org/bram00767/project/e6427225-36da-46ef-b72e-b065692aa7ea?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@satoshinakamoto007 @snyk-bot