Skip to content

[Snyk] Security upgrade arweave from 1.10.23 to 1.12.3 #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade arweave from 1.10.23 to 1.12.3 #41

wants to merge 1 commit into from

Conversation

MikeHibbert
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/package.json
    • test/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: arweave The new version differs by 109 commits.
  • acd31e2 1.12.3
  • d6a5df2 fix: request payload was getting double stringified in certain cases
  • 41658e1 task: remove `cross-env NODE_OPTIONS='--experimental-fetch'`
  • 0ef79a2 Merge branch 'feat/is-gateway' into fetch-node16
  • 03b3941 task: cleanup
  • e0f5190 task: remove .npmrc & cleanup package.json
  • e863221 task: remove util dependency
  • dc47ece task: remove axios dependency
  • e4826e3 task: update deps
  • 99dc8a2 Merge pull request #193 from ArweaveTeam/update-12-minor
  • 5afc775 axios => fetch api
  • e30eb07 fix: test times out
  • 97fb098 fix: engine version correction
  • 1b1dcae axios => fetch api
  • b322c4b fix: node engine-strict not being obeyed
  • 379feb4 axios => fetch api
  • 735f3e6 task: misc fix
  • c44237e Merge pull request #192 from arconnectio/fix/mv-3
  • 6e7184a fix: make cross-env work for Windows
  • 6676706 fix: test scripts for Windows
  • b2ac720 fix: some typing
  • b0d8e95 task: remove node 14 from github test action
  • 02e2b69 task: update tsconfig.node.json & package.json for node v16 with Fetch API
  • 087d315 feat: try polyfilling headers

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MikeHibbert @snyk-bot