Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade tap from 11.1.5 to 18.5.1 #1062

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade tap from 11.1.5 to 18.5.1 #1062

wants to merge 1 commit into from

Conversation

akanchhaS
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade tap from 11.1.5 to 18.5.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 223 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2023-10-15.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MIXINDEEP-450212		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-1540541		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-173692		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-174183		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962463		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-450213		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Denial of Service (DoS)
npm:mem:20180117		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Validation Bypass
SNYK-JS-KINDOF-537849		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: tap
  • 3dbd113 update versions
  • 7e12f1e explicitly depend on ts-node temp fork
  • 264f9cf update versions
  • 7fd2e13 changelog 18.5
  • 615c297 typescript: default tsconfig to test-named file
  • df9cd70 ci: produce slightly more output when testing
  • 161c736 docs: 'not ok' in yaml confuses the syntax highlighter
  • af8f822 node-serialize: report on test points
  • fd38e59 parser: add closingTestPoint flag to Result
  • ee4c50a add sponsor link to website
  • 1d4d7ef changelog: fix versions 18.4.5 -> 18.4.6
  • 6495cd7 update versions
  • b56993c fix test snapshots modified by prettier updating code
  • 898a562 un-prettier the test-built tshy config
  • a5d677b clock: inherit prettier config
  • 8991d7d fix the //@ ts-ignore lines that prettier moved around
  • 0da51ea changelog 18.4.5
  • f9470d5 prettier formatting, throw away throwaway scripts
  • 72018e9 fix: mock result type
  • f6e01a1 add tapjs org to funding list
  • aea87b2 reporter: use test.counts, not assertTotals
  • 87c479a unify the test.counts and test.assertTotals fields
  • 6307a02 ci: -Rmin is for tap, not npm
  • b81859b build: resolve test script to module, not the bin

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@akanchhaS @snyk-bot