Skip to content
This repository has been archived by the owner on Dec 16, 2023. It is now read-only.

Update dependencies to fix some vulnerabilities #1212

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

striezel
Copy link

@striezel striezel commented Jun 1, 2021

These commits fix some vulnerabilities in several dependencies.

While this still does not fix all vulnerabilities that currently exist in dependencies, it should be a step in the right direction.

This fixes several vulnerabilities in lodash.

- several prototype pollution issues in lodash
  - see <https://www.npmjs.com/advisories/1065>
  - see <https://www.npmjs.com/advisories/1523>
- command injection vulnerability (CVE-2021-23337),
  see <https://www.npmjs.com/advisories/1673>
This fixes a prototype pollution vulnerability in mixin-deep.
See <https://www.npmjs.com/advisories/1013> for more information.
Fixes a prototype pollution vulnerability in set-value,
see <https://www.npmjs.com/advisories/1012> for more information.
Fixes a regular expression denial of service vulnerability,
see <https://www.npmjs.com/advisories/1488> for more info.
This fixes an arbitrary code execution vulnerability,
see <https://www.npmjs.com/advisories/1118> for more info.
Fixes a regular expression denial of service vulnerability,
see <https://www.npmjs.com/advisories/1677> for more info.
Fixes a path traversal vulnerability in url-parse.
See <https://www.npmjs.com/advisories/1678> for more information.
This update fixes a prototype pollution vulnerability in y18n.
See <https://www.npmjs.com/advisories/1654> for more information.
@striezel
Copy link
Author

striezel commented Jun 1, 2021

@assaf Sorry if the force pushes make this PR a bit more complicated than necessary, but the previously pushed commits were missing some changes.

This fixes a prototype pollution vulnerability in ini.
See <https://www.npmjs.com/advisories/1589> for more information.
@striezel
Copy link
Author

striezel commented Jul 3, 2021

@assaf
Since there has been no response here for a month now: Is there anything wrong with this pull request? If that is the case, please let me know and I will try to fix it.

I've also added another update for ini, because why not? :)

@andress134
Copy link

@assaf
Since there has been no response here for a month now: Is there anything wrong with this pull request? If that is the case, please let me know and I will try to fix it.

I've also added another update for ini, because why not? :)

that lib look dead when try to get cookies, can u try to update it sir ?
thanks

@striezel
Copy link
Author

@assaf
Since there has been no response here for a month now: Is there anything wrong with this pull request? If that is the case, please let me know and I will try to fix it.
I've also added another update for ini, because why not? :)

that lib look dead when try to get cookies, can u try to update it sir ?
thanks

@andress134:
I do not understand the question. This pull request tries to get some of the project's dependencies updated. However, it has nothing to do with cookies and how they are handled, as far as I can tell.

And yes, the assaf/zombie project seems to be "dead" or at least the owner is very slow to respond, but I will keep this pull request open anyway. Maybe it will get merged later.

@andress134
Copy link

@assaf
Since there has been no response here for a month now: Is there anything wrong with this pull request? If that is the case, please let me know and I will try to fix it.
I've also added another update for ini, because why not? :)

that lib look dead when try to get cookies, can u try to update it sir ?
thanks

@andress134:
I do not understand the question. This pull request tries to get some of the project's dependencies updated. However, it has nothing to do with cookies and how they are handled, as far as I can tell.

And yes, the assaf/zombie project seems to be "dead" or at least the owner is very slow to respond, but I will keep this pull request open anyway. Maybe it will get merged later.

I'm try to bypass a cloudflare page but can't
My english is bad xD
I'm using zombie to generate a browser session open the target get the html page and extract cookies from here but it look dead

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants