[Snyk] Fix for 33 vulnerabilities #38

baby636 · 2023-11-28T02:00:01Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- www/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6056521	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	No	Proof of Concept
704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	No	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ember-cli-babel

The new version differs by 250 commits.

0b83e42 7.0.0
fcf317f Merge pull request Is it OK to run unlock and payout modules together? sammy007/open-ethereum-pool#140 from babel/babel-7
d01d724 Prevent issues with @ babel/preset-env getting unknown options.
1ea60c3 Merge branch 'master' into babel-7
6955f46 Drop support for ember-cli < 2.13.
eb03764 Merge changes from master...
c58ae85 6.17.0
5486b3e Add recent releases to changelog...
ec3f25c Merge pull request Unlock Suspended sammy007/open-ethereum-pool#241 from arthirm/master
af16202 Bumping broccoli-babel-transpiler
b4528ff Update test to properly match plugin style.
2ea0e47 Remove brittle (and unneeded) tests.
9671601 7.0.0-beta.5
1167211 Remove stray .only.
cf8f7ee Fix issue with @ babel/polyfill update.
b4ea00d 7.0.0-beta.4
e53e927 Update dependencies.
1e494d6 Update babel-polyfill -> @ babel/polyfill.
7008a5f Use release version of broccoli-babel-transpiler.
932a1d0 Merge pull request ERROR[12-01|08:38:08] write tcp 127.0.0.1:8545->127.0.0.1:57762: write: broken pipe sammy007/open-ethereum-pool#239 from dfreeman/green-tests
a185133 Get tests passing with throwUnlessParallelizable: true
6d11f44 Merge pull request Unable to process payouts: invalid argument 0: json: cannot unmarshal hex string of odd length into Go value of type common.Address sammy007/open-ethereum-pool#237 from babel/rwjblue-patch-1
b96e5cb Use correct preset env...
f9e4f17 Fix file: reference in package.json.

See the full diff

Package name: ember-cli-htmlbars-inline-precompile

The new version differs by 30 commits.

ae552eb 0.4.0
133cd0a Release 0.4.0 final.
705f173 0.4.0-beta.2
335e4c5 Update CHANGELOG.
62e44bd Update minimum version of babel plugin.
d86edac 0.4.0-beta.1
74fd184 Merge pull request [Question] My pool block is 0 sammy007/open-ethereum-pool#69 from rwjblue/babel-6
ffafb16 Remove welcome page.
99aad43 Add ember-cli-shims back to ember-source scenario.
3ae7891 Update min engine version.
d8cb4a1 Make function properly for babel@6 version.
f68e8b6 Update minimum versions of deps and devDeps.
c18f6d3 fixup! Add babel@6 to devDeps for test harness.
8f92b23 Remove unused directories.
1e9f66e Set ember-cli to 2.11.1.
edeceaa Add babel@6 to devDeps for test harness.
c113ff3 fixup! Update minimum node version.
06f4fc7 ES6ify
1f9d121 Update for babel@6.
e157867 Update minimum node version.
a8e851b Merge pull request [Question] Please tell me how to change coin from eth to etc pool sammy007/open-ethereum-pool#68 from samselikoff/patch-1
d1763d7 Ensure super call is bounded
083ae62 Merge pull request npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue sammy007/open-ethereum-pool#67 from Turbo87/ci-deploy
5fa9b15 CI: Enable automatic NPM deployment for tags

See the full diff

Package name: ember-export-application-global

The new version differs by 7 commits.

3641991 Release 2.0.1
84999a5 Remove ember-cli-babel dependency.
2e335cf 2.0.0
d8904dd Merge pull request [Snyk] Fix for 14 vulnerabilities #24 from ember-cli/update-babel-6
cf11f03 Update to Babel 6.
bf21819 Merge pull request [Snyk] Security upgrade ember-cli from 2.9.1 to 2.12.0 #23 from ember-cli/clean-up
06605c5 addon cleanup

See the full diff

Package name: ember-resolver

The new version differs by 250 commits.

4a4aff7 BUMP changelog
dcba9a7 release v6.0.0 🎉
0a03a9c Merge pull request Block reward is x2 less than expected sammy007/open-ethereum-pool#449 from ember-cli/upgrades
fb6ebde upgrade deps
06a6be7 Bump ember-load-initializers from 2.1.0 to 2.1.1
c5e0fa2 Bump ember-cli-inject-live-reload from 2.0.1 to 2.0.2
56e4304 Release 5.3.0
fd8701e Add support for nested colocated components. (Unified nicehash+eth-proxy sammy007/open-ethereum-pool#417)
28ef51e Add resolution for engine.io.
a2be8db Upgrade to xenial
e63891d Add support for nested colocated components.
98dc24f [Security] Bump mixin-deep from 1.3.1 to 1.3.2
2b698fe Bump ember-load-initializers from 2.0.0 to 2.1.0
f7e4237 [Security] Bump eslint-utils from 1.3.1 to 1.4.2
cd2e16b Release 5.2.1
307ce67 Add v5.2.1 to CHANGELOG.
403bb72 Component and their templates should be normalized the same. (Please help me pool hashrate sammy007/open-ethereum-pool#396)
422b1c7 Component and their templates should be normalized the same.
6f9793b Bump eslint-plugin-ember from 6.7.1 to 6.8.2
910af15 Release 5.2.0
e9e1b92 Add v5.2.0 to CHANGELOG.md.
9ee661c Add components to dasherisation exception (Any plans to support multiple API endpoint for pool frontend?? sammy007/open-ethereum-pool#392)
718e066 Bump resolve from 1.11.1 to 1.12.0
35890e0 Add components to dasherisation exception