[Snyk] Security upgrade node-hid from 0.5.4 to 0.5.5 #11

snyk-bot · 2021-08-11T21:48:11Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- dapp/package.json
- dapp/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	481/1000 Why? Recently disclosed, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-hid

The new version differs by 43 commits.

ec24a3d version to 0.5.5
7919fb7 travis config fix again sigh2
f5e1f5b travis config fix again sigh
e20c451 travis config fix again sigh
8339942 travis config fix again
09ea5d6 travis config x86 enable try again
6c9bd11 travis config x86 enable try again
1d0ae87 travis config x86 enable
bbbb70c travis config x86 enable
c603748 travis config matching to node-serialport
b34f0e5 trying to fix travis x86 build
a370021 add prebuild_upload env var
1f21738 fix some deprecation warnings in NAN C code
e3dadba set beta
f26afa0 appveyor and travis cleanup
8791a1a simple test script added
3803cea fix error type
78c7d4c more blatant appveyor and travis config copying from node-serialport, because their stuff is great
e9159ea prelim docs about move to prebuild from node-pre-gyp
86ed480 fix rebuild and add prebuild-upload
7a4835d cleanup appveyor for prebuild
2c9afee apparently npmignore is a thing now
f44e960 Migrate from node-pre-gyp to prebuild and bindings, yay!
3b83233 do not kill node process at init/exit, issue 1.4.0 Release gnosis/MultiSigWallet#217

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…ties The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TAR-1536758

fix: dapp/package.json & dapp/package-lock.json to reduce vulnerabili…

f23cb03

…ties The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TAR-1536758

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade node-hid from 0.5.4 to 0.5.5 #11

[Snyk] Security upgrade node-hid from 0.5.4 to 0.5.5 #11

snyk-bot commented Aug 11, 2021

[Snyk] Security upgrade node-hid from 0.5.4 to 0.5.5 #11

Are you sure you want to change the base?

[Snyk] Security upgrade node-hid from 0.5.4 to 0.5.5 #11

Conversation

snyk-bot commented Aug 11, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: