René's URL Explorer Experiment

Title: [Snyk] Fix for 7 vulnerabilities by awaisab172 · Pull Request #39 · awaisab172/iClient-JavaScript · GitHub

Open Graph Title: [Snyk] Fix for 7 vulnerabilities by awaisab172 · Pull Request #39 · awaisab172/iClient-JavaScript

X Title: [Snyk] Fix for 7 vulnerabilities by awaisab172 · Pull Request #39 · awaisab172/iClient-JavaScript

Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes included in this PR Changes to the following files to upgrade the vulnerable dependencies to a fixed version: package.json Vulnerabilities that will be fixed With an upgrade: Severity Priority Score (*) Issue Breaking Change Exploit Maturity 506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 Prototype Pollution SNYK-JS-MINIMIST-2429795 No Proof of Concept 601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 Prototype Pollution SNYK-JS-MINIMIST-559764 No Proof of Concept 646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 Yes Proof of Concept 646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 Yes Proof of Concept 539/1000 Why? Has a fix available, CVSS 6.5 Improper Input Validation SNYK-JS-XMLDOM-1534562 Yes No Known Exploit 639/1000 Why? Has a fix available, CVSS 8.5 Prototype Pollution SNYK-JS-XMLDOM-3042242 Yes No Known Exploit 811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8 Improper Input Validation SNYK-JS-XMLDOM-3092935 Yes Proof of Concept (*) Note that the real score may have changed since the PR was raised. Commit messages Package name: canvg The new version differs by 100 commits. 98a12cb Merge pull request #712 from canvg/2.0.0 9eb51a5 rm beta 435d906 npm audit 4b9dee3 build 088abbe wip d04bb60 Merge pull request #710 from IronGeek/issue_709 c2b43c6 fix build 67e33ec Merge pull request #711 from canvg/fix_build 4a9c313 lock node version 4eb5337 Parse number with scientific notation fbebf8e Merge pull request #707 from fargyriou/702-font-parsing 55d67f0 Issue 702: Fixed font parsing when defined as "font" and not through font properties cef40f0 Merge pull request #689 from canvg/2.0.0-beta.1 aa8e62e 2.0.0-beta.1 4497122 Merge pull request #684 from bz2/browser_optional 2d75e00 Update docs for 2.0 dependency changes a98c42d Support browser dist without canvas dependency f79c146 Merge pull request #687 from canvg/dgorbash_master d9a772e adding test fe49c3b Merge branch 'textPath_support' fecc100 Backport upstream/master, minor code format fix 79c85e5 Sync master with upstream f236319 Merge pull request #678 from canvg/beta_readme b9c9223 spacing See the full diff Package name: mapbox-gl The new version differs by 250 commits. 9df0494 v1.10.0 (#9634) 4632600 Reverse tap-drag-zoom direction (#9618) (#9633) ffd5b5d Documentation improvements sprint (#9607) (#9629) a60e952 Add changelog for 1.10.0 (#9542) 65b914d update changlogs to add 1.9.1 and style-spec@v13.13.1 (#9541) 5be4ca3 fix mapTouchEvent.point for touchend events (#9536) 516f44f export isExpressionFilter from spec (#9530) (#9534) 388424a [master] Fix style-spec isolation for within expression (#9522) f4c148f fix #9519 click map event on touch devices (#9526) 3f08a28 Fix for issue 9518 (#9520) acb48ab remove handler event listeners when map is removed (#9508) (#9517) 97037a4 fix DragRotateHandler#isActive (#9511) (#9515) 164b0be refactor and expand gesture handling (#9365) 6088941 Remove docs pages from .gitignore file (#9504) c10c618 Add methods to mapboxgl namespace to allow preloading of workers. (#9391) e7deb5c Fix several listener leaks in popups (#9498) d912efb Allow client to retry RTLTextPlugin load after NetworkError (#9489) 274d215 Add `slice` and `index-of` expressions (#9450) 469b9ff Ensure each tile symbol tile uses its own unique Program based on its state (#9493) cfc57d7 fix documented type of the locale option to Map (#9486) 0a7ecc5 Update per mdn webgl recommendations (#9474) 928f3dd optimize tail calls in feature state sorting (#9463) 2faf0ab Fix pattern attributes vertex layout (#9482) 8131815 Ensure padding is not propagated from fitBounds to transform padding (#9481) See the full diff Check the changes in this PR to ensure they won't cause issues with your project. Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: 🧐 View latest project report 🛠 Adjust project settings 📚 Read more about Snyk's upgrade and patch logic Learn how to fix vulnerabilities with free interactive lessons: 🦉 Prototype Pollution 🦉 Server-side Request Forgery (SSRF) 🦉 Improper Input Validation

Open Graph Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...

X Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...

Opengraph URL: https://github.com/awaisab172/iClient-JavaScript/pull/39

X: @github

direct link

Domain: patch-diff.githubusercontent.com

Links:

Viewport: width=device-width