[Snyk] Upgrade: , jssha, locutus, openpgp, papaparse, webextension-polyfill, passbolt-styleguide, validator #12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @xmldom/xmldom from 0.7.9 to 0.8.10.
See this package in npm: https://www.npmjs.com/package/@xmldom/xmldom
- jssha from 3.2.0 to 3.3.1.
See this package in npm: https://www.npmjs.com/package/jssha
- locutus from 2.0.16 to 2.0.32.
See this package in npm: https://www.npmjs.com/package/locutus
- openpgp from 5.2.1 to 5.11.2.
See this package in npm: https://www.npmjs.com/package/openpgp
- papaparse from 5.3.2 to 5.4.1.
See this package in npm: https://www.npmjs.com/package/papaparse
- webextension-polyfill from 0.9.0 to 0.12.0.
See this package in npm: https://www.npmjs.com/package/webextension-polyfill
- passbolt-styleguide from 3.12.1 to 3.12.3.
See this package in npm: https://www.npmjs.com/package/passbolt-styleguide
- validator from 13.7.0 to 13.12.0.
See this package in npm: https://www.npmjs.com/package/validator
See this project in Snyk:
https://app.snyk.io/org/snowcittysecuritysolutions/project/e73061f2-8cbc-4f0b-b8f0-7e8763b77a13?utm_source=github&utm_medium=referral&page=upgrade-pr
|
|
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@xmldom/[email protected]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@xmldom/xmldom
from 0.7.9 to 0.8.10 | 15 versions ahead of your current version | a year ago
on 2023-07-19
jssha
from 3.2.0 to 3.3.1 | 2 versions ahead of your current version | a year ago
on 2023-08-04
locutus
from 2.0.16 to 2.0.32 | 4 versions ahead of your current version | 5 months ago
on 2024-04-06
openpgp
from 5.2.1 to 5.11.2 | 14 versions ahead of your current version | 3 months ago
on 2024-06-19
papaparse
from 5.3.2 to 5.4.1 | 2 versions ahead of your current version | a year ago
on 2023-03-23
webextension-polyfill
from 0.9.0 to 0.12.0 | 3 versions ahead of your current version | 4 months ago
on 2024-05-14
passbolt-styleguide
from 3.12.1 to 3.12.3 | 2 versions ahead of your current version | a year ago
on 2023-03-28
validator
from 13.7.0 to 13.12.0 | 3 versions ahead of your current version | 4 months ago
on 2024-05-09
Issues fixed by the recommended upgrade:
SNYK-JS-OPENPGP-5871276
Release notes
Package name: @xmldom/xmldom
-
0.8.10 - 2023-07-19
- dom: prevent iteration over deleted items
-
0.8.9 - 2023-07-13
- Set nodeName property in ProcessingInstruction
-
0.8.8 - 2023-05-30
-
0.8.7 - 2023-03-31
-
0.8.6 - 2022-11-05
-
0.8.5 - 2022-10-31
-
0.8.4 - 2022-10-29
-
0.8.3 - 2022-10-11
-
0.8.2 - 2022-04-05
-
0.8.1 - 2022-02-14
-
0.8.0 - 2021-12-22
-
0.7.13 - 2023-07-19
- dom: prevent iteration over deleted items
-
0.7.12 - 2023-07-13
- Set nodeName property in ProcessingInstruction
-
0.7.11 - 2023-05-30
-
0.7.10 - 2023-03-31
-
0.7.9 - 2022-11-05
from @xmldom/xmldom GitHub release notesCommits
Fixed
#514/#499Thank you, @ qtow, for your contributions
Commits
Fixed
#509/#505Thank you, @ cjbarth, for your contributions
Commits
Fixed
#514/#499Thank you, @ qtow, for your contributions
Commits
Fixed
#509/#505Thank you, @ cjbarth, for your contributions
Package name: jssha
-
3.3.1 - 2023-08-04
- Support latest method of defining type imports (#103, thanks @ faljse!).
-
3.3.0 - 2022-10-10
- Correct bad URL in README (#99, thanks @ jbjulia!).
-
3.2.0 - 2020-12-07
- Added ESM versions of all variants (thanks wKovacs64!).
from jssha GitHub release notes.update()method now returns a reference to the jsSHA object to allow for method chaining (#100, thanks @ ADTC!).Changelog for this release:
Package name: locutus
-
2.0.32 - 2024-04-06
-
2.0.31 - 2024-04-05
-
2.0.30 - 2024-04-05
-
2.0.29 - 2024-04-04
-
2.0.16 - 2022-01-27
from locutus GitHub release notesRelease v2.0.32
Release v2.0.31
Release v2.0.30
Release v2.0.29
Package name: openpgp
-
5.11.2 - 2024-06-19
-
5.11.1 - 2024-02-19
- Patch for Node v18.19.1+, 20.11.1+ and 21.6.2+: use JS fallback code for RSA decryption on Node when PKCS#1 is not supported (see #1728).
-
5.11.0 - 2023-10-25
- Introduce
- Introduce
- Fix stream closure when using Node's stream.pipeline (#1691)
- Fix binding signature generation using shorter hash than expected for some ECDSA subkeys
- Always use NodeCrypto over WebCrypto in Node 20 (#1692)
- TS: Allow nullable date in
-
5.10.2 - 2023-09-18
- Fix CFB decryption performance in JS fallback for ciphers other than AES (#1679)
- Minor: fix packet validity check for new curve25519 keys without key flags
-
5.10.1 - 2023-08-29
-
5.10.0 - 2023-08-29
- Support parsing encrypted key with unknown s2k types or cipher algos (#1658)
- Fix forward compatibility of keys, SKESKs, and detached/cleartext signatures and ECDH (#1656)
-
5.9.0 - 2023-05-15
-
5.8.0 - 2023-04-18
-
5.7.0 - 2023-02-21
-
5.6.0 - 2023-02-16
-
5.5.0 - 2022-08-31
-
5.4.0 - 2022-08-08
-
5.3.1 - 2022-06-29
-
5.3.0 - 2022-06-08
-
5.2.1 - 2022-03-15
from openpgp GitHub release notesWhat's Changed
openpgp.verify: fix bug preventing verification of detached signatures over streamed data (#1762)Full Changelog: v5.11.1...v5.11.2
What's Changed
Full Changelog: v5.11.0...v5.11.1
What's Changed
crypto-refresh: minor fixes and updates for X25519/Ed25519 (new format) (#1687)enums.publicKey.eddsaLegacy, set to replaceenums.publicKey.eddsain v6enums.curve.ed25519Legacyand.curve25519Legacy, set to replaceenums.curve.ed25519and.curve25519in v6VerifyOptions(#1644)Full Changelog: v5.10.2...v5.11.0
What's Changed
Full Changelog: v5.10.1...v5.10.2
Reject cleartext messages with extraneous data preceeding hash, addressing: GHSA-ch3c-v47x-4pgp.
crypto-refresh: add support for new Ed25519/X25519 keys, signatures and messages (#1620)This release does not include any breaking changes.
Full Changelog: v5.9.0...v5.10.0
Package name: papaparse
-
5.4.1 - 2023-03-23
-
5.4.0 - 2023-03-02
-
5.3.2 - 2022-03-15
from papaparse GitHub release notesBugfix version bump
We are happy to annunce a new minor release of PapaParse.
This release includes the following change:
Handle parsing utf-8 bom encoded files (See #961)
Rename duplicate headers (See #956)
Improve iso-date regex (See #959)
Thanks to @ peteruithoven @ fortydegrees @ ChALkeR for contributing such features
Minor version bump
Package name: webextension-polyfill
-
0.12.0 - 2024-05-14
- Removed unnecessary webpack and webpack-cli npm packages from webextension-polyfill npm package dependencies (#614) (#604)
- https://unpkg.com/[email protected]/dist/
-
0.11.0 - 2024-04-16
- Fix no-op check to work with Safari and support of old browsers (#582) (#364)
- https://unpkg.com/[email protected]/dist/
-
0.10.0 - 2022-08-12
- Removed obsolete deprecation warning logged on sendResponse callback calls (#386)
- https://unpkg.com/[email protected]/dist/
-
0.9.0 - 2022-03-25
- enable webextension-polyfill usage via webpack ProvidePlugin (#351)
- https://unpkg.com/[email protected]/dist/
from webextension-polyfill GitHub release notesBug Fixes
See all changes for 0.12.0
Bug Fixes
See all changes for 0.11.0
Bug Fixes
See all changes for 0.10.0
Bug Fixes
See all changes for 0.9.0
Package name: passbolt-styleguide
-
3.12.3 - 2023-03-28
-
3.12.2 - 2023-03-28
-
3.12.1 - 2023-03-15
from passbolt-styleguide GitHub release notesv3.12.3
v3.12.2
v3.12.1
Package name: validator
What's Changed
New Features / Validators
isAbaRouting@ songyuewFixes, New Locales and Enhancements
isLicensePlateadd Pakistanien-PKlocale @ anasshakilisPortfix invalid leading zeros @ anasshakilisTaxIDadded Argentinaes-ARlocale @ estefrareisDatetimezone offset fix @ tomaspanekisPassportNumberaddedZAlocale @ GMorris-professionalisMobilePhone:en-MWlocale @ SimranSiddiquiam-AMlocale @ AlexKrupkoisPostalAddressfixNLlocale @ RobinvanderVlietisISO4217addSLEcurrency @ urgisStrongPasswordfix symbolRegex to include\@ nandavikasisVATfixedKZlocale @ MatthieuLemoineisAlpha,isAlphanumericaddedeolocale @ RobinvanderVlietisIBANadd AlgeriaDZlocale @ thibault-lrisVATimproveAUlocale @ matthewberrymanisUUIDadd support for v7 @ rusconisTaxIDadd Ukraineuk-UAlocale @ arttigerisDatedisallow hiphen before year @ Sumit-tech-joshiNew Contributors
Full Changelog: 13.11.0...13.12.0
New Features / Validators
isFreightContainerID: for shipping containers IDs @ songyuewisMailtoURI@ uksarkarFixes, New Locales and Enhancements
isIBANaddMAlocale @ lroudgeisCreditCardrefactor @ pano9000isLocaleadd support for more language tags @ kwahomeisVATforCU@ jimmyorpheusisJWT@ Prathamesh061IsFQDNtest enhancements @ aalekhpatel07isAlpha,isAlphanumericforkk-KZ@ BekStar7isEmailsupportallow_underscores@ guspowerisDateenhance Date declaration compatibility across multiple environments @ CiprianSisIBANadd white and blacklist options to the isIBAN validator @ edilsonisEmaildo not allow non-breaking space in user part @ jeremy21212121isMobilePhone:so-SO@ ohersifr-CF@ cheboies-CU@ klaframboisepl-PL@ czerwony03fr-WF@ aidos42ar-SD@ HussienmaNew Contributors 🎉