[Snyk] Upgrade ipfsd-ctl from 7.0.0 to 12.0.0 #39

MarcelRaschke · 2022-08-20T00:27:32Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade ipfsd-ctl from 7.0.0 to 12.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 20 versions ahead of your current version.
The recommended version was released 2 months ago, on 2022-06-28.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-I18NEXT-1065979	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-EJS-2803307	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-NANOID-2332193	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-I18NEXT-585930	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Buffer Overflow SNYK-JS-I18NEXT-575536	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAPISTATEHOOD-2769251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-EJS-1049328	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: ipfsd-ctl

12.0.0 - 2022-06-28
12.0.0 (2022-06-28)

⚠ BREAKING CHANGES
- pulls in new peer-id interface
Features
- update deps (#756) (1355786)
11.0.1 - 2022-05-25
11.0.1 (2022-05-25)

Trivial Changes
- bump @ libp2p/interfaces from 1.3.32 to 2.0.2 (#734) (cc91981)
11.0.0 - 2022-05-09
11.0.0 (2022-05-09)

⚠ BREAKING CHANGES
- the controller.api.peerId property is now at controller.peer
Features
- convert to ESM (#731) (c6ad54d)
10.0.6 - 2022-02-22
Features
- expose apiAddr property (#720) (2501f19)
10.0.5 - 2021-11-19
Bug Fixes
- silence deprecation warning for fs.rmdir (#697) (45ef5ca)
10.0.4 - 2021-09-28
No content.
10.0.3 - 2021-08-04
No content.
10.0.2 - 2021-08-03
Bug Fixes
- add factory opts and use ipfs api (#655) (a09661d)
10.0.1 - 2021-07-30
Bug Fixes
- types again (#652) (afe87c2)
10.0.0 - 2021-07-30
Features
- add types (#651) (0f30547)
BREAKING CHANGES
- things are now typed which may be suprising
9.0.0 - 2021-07-10
8.0.2 - 2021-04-17
8.0.1 - 2021-04-09
8.0.0 - 2021-03-26
7.2.0 - 2020-12-18
7.1.1 - 2020-12-03
7.1.0 - 2020-10-28
7.0.3 - 2020-10-23
7.0.2 - 2020-10-10
7.0.1 - 2020-09-17
7.0.0 - 2020-08-25

from ipfsd-ctl GitHub release notes

Commit messages

Package name: ipfsd-ctl

c467bfe chore(release): 12.0.0 [skip ci]
1355786 feat!: update deps (Menu bar always open in the main display ipfs/ipfs-desktop#756)
8c44cb4 Update .github/workflows/stale.yml
7c6a7fd update .github/workflows/js-test-and-release.yml (refactor: restructure and remove unused code ipfs/ipfs-desktop#748)
ec2ee01 Add .github/workflows/stale.yml
7db48f7 update .github/workflows/js-test-and-release.yml (Improve UX when API port is already in use ipfs/ipfs-desktop#739)
7262645 chore(release): 11.0.1 [skip ci]
cc91981 chore: bump @ libp2p/interfaces from 1.3.32 to 2.0.2 (Merge master onto feat/add-electron-tests ipfs/ipfs-desktop#734)
f5f8bf1 sync: update CI config files (Remove React from the menubar ipfs/ipfs-desktop#732)
4b9fa87 chore(release): 11.0.0 [skip ci]
c6ad54d feat: convert to ESM (fix: flash of white while menubar loads ipfs/ipfs-desktop#731)
70dff97 chore: release version v10.0.6
1622903 chore: update contributors
2501f19 feat: expose apiAddr property (Make external links open in the system browser. ipfs/ipfs-desktop#720)
66a9470 chore: release version v10.0.5
d7296b5 chore: update contributors
45ef5ca fix: silence deprecation warning for fs.rmdir (feat: handle errors better ipfs/ipfs-desktop#697)
6b616e0 chore: release version v10.0.4
b7747bc chore: update contributors
c316cb6 chore: update deps (fix: do not add CORS Credentials header ipfs/ipfs-desktop#694)
abc1cfb chore: release version v10.0.3
eb0f1cc chore: update contributors
97c0ef5 chore: make ipfs core types a dev dep (new version, install ipfs, path error ipfs/ipfs-desktop#656)
5d14fa4 chore: release version v10.0.2

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade ipfsd-ctl from 7.0.0 to 12.0.0. See this package in npm: https://www.npmjs.com/package/ipfsd-ctl See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr

MarcelRaschke mentioned this pull request Sep 28, 2022

[Snyk] Upgrade is-ipfs from 2.0.0 to 6.0.2 meonBot/ipfs-desktop#37

Merged

MarcelRaschke merged commit 609c2f0 into master Sep 28, 2022

delete-merged-branch bot deleted the snyk-upgrade-739b227ce3012acf92ac5b9b263c7bdc branch September 28, 2022 23:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade ipfsd-ctl from 7.0.0 to 12.0.0 #39

[Snyk] Upgrade ipfsd-ctl from 7.0.0 to 12.0.0 #39

MarcelRaschke commented Aug 20, 2022

12.0.0 (2022-06-28)

⚠ BREAKING CHANGES

Features

11.0.1 (2022-05-25)

Trivial Changes

11.0.0 (2022-05-09)

⚠ BREAKING CHANGES

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

BREAKING CHANGES

[Snyk] Upgrade ipfsd-ctl from 7.0.0 to 12.0.0 #39

[Snyk] Upgrade ipfsd-ctl from 7.0.0 to 12.0.0 #39

Conversation

MarcelRaschke commented Aug 20, 2022

Snyk has created this PR to upgrade ipfsd-ctl from 7.0.0 to 12.0.0.

12.0.0 (2022-06-28)

⚠ BREAKING CHANGES

Features

11.0.1 (2022-05-25)

Trivial Changes

11.0.0 (2022-05-09)

⚠ BREAKING CHANGES

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

BREAKING CHANGES