Minor security and code fixes#305
Open
Kartikey-Mishra1 wants to merge 1 commit intologlabs:masterfrom
Open
Conversation
- Upgrade axios and pin minimist,node-fetch and jsprim - Bind updateHistoryState() Signed-off-by: Kartikey Mishra <kartikeymishra.211199@gmail.com>
Author
|
Hi , this is the first pull request I have made to this repo , I am not familiar with the process , can one of the admin please take a look at this PR and help me out here , thanks in advance |
Collaborator
|
Thank you for making this! Will take a look today or tomorrow :) |
Author
|
Hi,sorry to ping again just wanted to know if you had a chance to look at this PR and if there's something further you would like me to do here |
Collaborator
|
Thanks for this---got caught up in a paper deadline; will merge shortly :) |
Collaborator
|
Looks like tests are failing, I'll take a look when I next get on the computer |
Author
|
Sure thanks a lot for taking your time out for this and helping me out here . Feel free to request any changes or anything else you would like me to do in the PR |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of change
Description
What does this PR do?
yarn auditthere are currently 116 vulnerabilities, this PR mostly tries to remediate some of the critical and high vulnerabilities by:axiosto0.21.4to avoid the ReDoS attack (High Vulnerability) - https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269minimistto1.2.6to avoid Prototype pollution (yarn auditseems to think it's a critical vulnerability while synk says it's a low severity vulnerability ) - https://snyk.io/test/npm/minimist/1.2.5cross-fetchto3.1.5to upgrade node-fetch to2.6.7to avoid DoS(Denial of Service) and Information exposure (High vulnerability) - https://snyk.io/vuln/npm:node-fetchjsprimto1.4.2to upgradejson-schemato0.4.0to avoid Prototype pollution (Critical vulnerability) - https://snyk.io/vuln/npm:json-schemaupdateHistoryState()method inhistory.jsSigned-off-by: Kartikey Mishra kartikeymishra.211199@gmail.com