Title: [Snyk] Security upgrade xml2js from 0.4.23 to 0.5.0 by rfelber · Pull Request #1680 · secureCodeBox/secureCodeBox · GitHub
Open Graph Title: [Snyk] Security upgrade xml2js from 0.4.23 to 0.5.0 by rfelber · Pull Request #1680 · secureCodeBox/secureCodeBox
X Title: [Snyk] Security upgrade xml2js from 0.4.23 to 0.5.0 by rfelber · Pull Request #1680 · secureCodeBox/secureCodeBox
Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes included in this PR Changes to the following files to upgrade the vulnerable dependencies to a fixed version: scanners/nmap/parser/package.json scanners/nmap/parser/package-lock.json Vulnerabilities that will be fixed With an upgrade: Severity Priority Score (*) Issue Breaking Change Exploit Maturity 758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3 Prototype Pollution SNYK-JS-XML2JS-5414874 No Proof of Concept (*) Note that the real score may have changed since the PR was raised. Commit messages Package name: xml2js The new version differs by 18 commits. bd0f780 Bump dependency versions to fix security issues 3a8d46e Update lockfile 9f730bb Update package.json with latest PR 50a492a Merge pull request #603 from autopulated/master 7bc3c5d Merge pull request #598 from fnimick/master f412a12 Merge pull request #635 from wisesimpson/patch-1 d318ce0 Update README.md 581b19a use Object.create(null) to create all parsed objects (prevent prototype replacement) a212950 Add documentation for `explicitCharkey` option 1832e0b Merge pull request #512 from economia/master 198063c Merge pull request #556 from Omega-Ariston/fix-issue544 0d71785 Merge pull request #562 from Omega-Ariston/addDocExample a44bad4 Update README.md a3ae596 append example to README for issue #552 aad6dd6 fix issue554 fa32064 readme updated with default empty tag as function f074644 cr fixes (will be squashed after another cr) 19a4c2f Call function for emptyTag if specified See the full diff Check the changes in this PR to ensure they won't cause issues with your project. Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: 🧐 View latest project report 🛠 Adjust project settings 📚 Read more about Snyk's upgrade and patch logic Learn how to fix vulnerabilities with free interactive lessons: 🦉 Prototype Pollution
Open Graph Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...
X Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...
Opengraph URL: https://github.com/secureCodeBox/secureCodeBox/pull/1680
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:9558206f-7572-238c-8883-fce34479c96f |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | BFD6:336334:15F1C0:1EE23F:69789429 |
| html-safe-nonce | 0b3772ca04a743ec7d1863e03a28674b85654771b5096e8bd7537cf00e5f58dc |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCRkQ2OjMzNjMzNDoxNUYxQzA6MUVFMjNGOjY5Nzg5NDI5IiwidmlzaXRvcl9pZCI6IjYyNTA2NDIzNjIwNzQ2OTg3OTMiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 6013c91490e38ccac04da103cb54021d437ea206ac0416ed44ae44b96a5b18bd |
| hovercard-subject-tag | pull_request:1306775591 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/secureCodeBox/secureCodeBox/pull/1680/files |
| twitter:image | https://avatars.githubusercontent.com/u/7081348?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/7081348?s=400&v=4 |
| og:image:alt | This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 2981c597c945c1d90ac6fa355ce7929b2f413dfe7872ca5c435ee53a24a1de50 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/secureCodeBox/secureCodeBox git https://github.com/secureCodeBox/secureCodeBox.git |
| octolytics-dimension-user_id | 34573705 |
| octolytics-dimension-user_login | secureCodeBox |
| octolytics-dimension-repository_id | 80711933 |
| octolytics-dimension-repository_nwo | secureCodeBox/secureCodeBox |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 80711933 |
| octolytics-dimension-repository_network_root_nwo | secureCodeBox/secureCodeBox |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 14920c7cb7d7c207b5e72684d0e6f23b65b849b3 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width