[Snyk] Upgrade ipfs-http-server from 0.1.4 to 0.15.1 #509

X-oss-byte · 2024-03-28T09:33:24Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade ipfs-http-server from 0.1.4 to 0.15.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 231 versions ahead of your current version.
The recommended version was released 10 months ago, on 2023-05-25.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAPISTATEHOOD-2769251	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-NANOID-2332193	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: ipfs-http-server

0.15.1 - 2023-05-25
Bug Fixes
- add deprecation notice to readmes (#4362) (7b79c1b)
Dependencies
- The following workspace dependencies were updated
  - dependencies
    - ipfs-core-types bumped from ^0.14.0 to ^0.14.1
    - ipfs-message-port-protocol bumped from ^0.15.0 to ^0.15.1
0.15.0 - 2023-01-12
0.15.0-e64813f6 - 2023-05-24
0.15.0-b64d4af0 - 2023-02-01
0.15.0-ab02e8f8 - 2023-01-17
0.15.0-7b79c1b8 - 2023-05-25
0.15.0-6eeb1be5 - 2023-01-13
0.15.0-6d95ce08 - 2023-05-25
0.15.0-4694e806 - 2023-05-25
0.15.0-3bcabe38 - 2023-01-17
0.14.1-a77e40cc.0 - 2022-10-25
0.14.1-6be59068.0 - 2022-11-17
0.14.1-6ae5eb7d.0 - 2022-10-28
0.14.1-58e6f468.0 - 2022-10-25
0.14.0 - 2022-10-24
0.14.0-fa578bac - 2023-01-11
0.14.0-d1c3abb3 - 2023-01-11
0.14.0-789ee585 - 2023-01-11
0.14.0-5f73ecad - 2023-01-10
0.14.0-4b4c124c - 2023-01-11
0.13.3-dfc43d4e.0 - 2022-09-26
0.13.3-d75e0a39.0 - 2022-09-22
0.13.3-d1b0a8a7.0 - 2022-09-22
0.13.3-acbc1c62.0 - 2022-09-22
0.13.3-0cee4a4c.0 - 2022-10-24
0.13.2 - 2022-09-21
0.13.2-7304a0f4.0 - 2022-09-21
0.13.2-2a830bf5.0 - 2022-09-21
0.13.1 - 2022-09-21
Bug Fixes
- add deprecation notice to readmes (#4362) (7b79c1b)
Dependencies
- The following workspace dependencies were updated
  - dependencies
    - ipfs-core-types bumped from ^0.14.0 to ^0.14.1
    - ipfs-http-response bumped from ^6.0.0 to ^6.0.1
0.13.1-b5456882.0 - 2022-09-16
0.13.1-7c676f63.0 - 2022-09-21
0.13.0 - 2022-09-07
0.12.6-a05695fc.0 - 2022-07-20
0.12.6-8f351a89.0 - 2022-08-17
0.12.6-83f9882e.0 - 2022-09-06
0.12.6-39dbf708.0 - 2022-08-17
0.12.6-051da161.0 - 2022-09-07
0.12.5 - 2022-06-24
0.12.5-00bd3dd0.0 - 2022-06-24
0.12.4 - 2022-06-23
0.12.4-7be50bd1.0 - 2022-06-22
0.12.3 - 2022-06-14
0.12.3-70e142ac.0 - 2022-06-13
0.12.2 - 2022-06-01
0.12.2-be025c89.0 - 2022-06-01
0.12.2-87e00a69.0 - 2022-06-01
0.12.2-764b4adc.0 - 2022-06-01
0.12.1 - 2022-05-30
Bug Fixes
- add deprecation notice to readmes (#4362) (7b79c1b)
Dependencies
- The following workspace dependencies were updated
  - dependencies
    - ipfs-core-types bumped from ^0.14.0 to ^0.14.1
    - ipfs-grpc-protocol bumped from ^0.8.0 to ^0.8.1
  - devDependencies
    - ipfs-core bumped from ^0.18.0 to ^0.18.1
0.12.1-ddfb899f.0 - 2022-05-30
0.12.0 - 2022-05-30
0.11.4-919b27a8.0 - 2022-05-27
0.11.4-7165bf71.0 - 2022-05-16
0.11.4-4e93dd5d.0 - 2022-05-27
0.11.3 - 2022-04-26
0.11.3-e90b8f13.0 - 2022-04-05
0.11.3-8f7ce23c.0 - 2022-04-20
0.11.2 - 2022-04-05
0.11.2-df1bd1bb.0 - 2022-03-01
0.11.2-125d42ba.0 - 2022-03-01
0.11.2-1082fce9.0 - 2022-02-18
0.11.1 - 2022-02-07
0.11.1-8d260215.0 - 2022-01-27
0.11.1-709831f6.0 - 2022-02-06
0.11.1-3a74c110.0 - 2022-02-04
0.11.1-3a5d61d4.0 - 2022-01-27
0.11.1-383dc07d.0 - 2022-02-04
0.11.1-2c8ec080.0 - 2022-01-28
0.11.1-2afef2eb.0 - 2022-01-27
0.11.0 - 2022-01-27
0.10.1-rc.5 - 2022-01-21
0.10.1-rc.4 - 2022-01-20
0.10.1-rc.3 - 2022-01-13
0.10.1-rc.2 - 2021-12-17
0.10.1-rc.1 - 2021-12-16
0.10.1-rc.0 - 2021-12-15
0.10.1-fbe14923.0 - 2022-01-27
0.10.1-cca6e321.0 - 2022-01-27
0.10.1-a6b201af.0 - 2022-01-27
0.10.1-7fe0da57f.0 - 2022-01-26
0.10.1-6cb3a87e.0 - 2022-01-27
0.10.1-5439a0e.0 - 2022-01-26
0.10.0 - 2021-12-15
0.9.3-rc.13 - 2021-12-15
0.9.3-rc.12 - 2021-12-15
0.9.3-rc.11 - 2021-12-15
0.9.3-rc.10 - 2021-12-15
0.9.3-rc.9 - 2021-12-13
0.9.3-rc.8 - 2021-12-13
0.9.3-rc.7 - 2021-12-06
0.9.3-rc.6 - 2021-12-06
0.9.3-rc.5 - 2021-12-06
0.9.3-rc.4 - 2021-12-03
0.9.3-rc.3 - 2021-12-03
0.9.3-rc.2 - 2021-12-03
0.9.3-rc.1 - 2021-12-03
0.9.3-rc.0 - 2021-11-24
0.9.2 - 2021-11-24
0.9.2-rc.3 - 2021-11-24
0.9.2-rc.2 - 2021-11-22
0.9.2-rc.1 - 2021-11-19
0.9.2-rc.0 - 2021-11-19
0.9.1 - 2021-11-19
0.9.1-rc.1 - 2021-11-19
0.9.1-rc.0 - 2021-11-12
0.9.0 - 2021-11-12
0.8.2-rc.6 - 2021-11-12
0.8.2-rc.5 - 2021-11-04
0.8.2-rc.4 - 2021-10-08
0.8.2-rc.3 - 2021-10-02
0.8.2-rc.2 - 2021-09-30
0.8.2-rc.1 - 2021-09-30
0.8.2-rc.0 - 2021-09-28
0.8.1 - 2021-09-28
Bug Fixes
- add deprecation notice to readmes (#4362) (7b79c1b)
0.8.1-rc.5 - 2021-09-28
0.8.1-rc.3 - 2021-09-27
0.8.1-rc.2 - 2021-09-25
0.8.1-rc.1 - 2021-09-25
0.8.1-rc.0 - 2021-09-24
0.8.0 - 2021-09-24
0.7.7-rc.18 - 2021-09-24
0.7.7-rc.17 - 2021-09-24
0.7.7-rc.16 - 2021-09-23
0.7.7-rc.15 - 2021-09-23
0.7.7-rc.14 - 2021-09-23
0.7.7-rc.13 - 2021-09-23
0.7.7-rc.12 - 2021-09-23
0.7.7-rc.1 - 2021-09-21
0.7.7-rc.0 - 2021-09-17
0.7.6 - 2021-09-17
0.7.6-rc.0 - 2021-09-17
0.7.5 - 2021-09-17
0.7.5-rc.4 - 2021-09-17
0.7.5-rc.1 - 2021-09-14
0.7.4 - 2021-09-08
0.7.4-rc.5 - 2021-09-08
0.7.4-rc.4 - 2021-09-07
0.7.4-rc.2 - 2021-09-06
0.7.4-rc.1 - 2021-09-06
0.7.3 - 2021-09-02
0.7.3-rc.8 - 2021-09-02
0.7.3-rc.7 - 2021-09-02
0.7.3-rc.6 - 2021-08-31
0.7.3-rc.5 - 2021-08-26
0.7.3-rc.4 - 2021-08-26
0.7.3-rc.3 - 2021-08-26
0.7.3-rc.2 - 2021-08-26
0.7.2 - 2021-08-25
0.7.2-rc.7 - 2021-08-25
0.7.2-rc.6 - 2021-08-25
0.7.2-rc.4 - 2021-08-17
0.7.2-rc.1 - 2021-08-17
0.7.1 - 2021-08-17
0.7.1-rc.10 - 2021-08-17
0.7.1-rc.9 - 2021-08-17
0.7.1-rc.7 - 2021-08-16
0.7.1-rc.6 - 2021-08-12
0.7.1-rc.5 - 2021-08-12
0.7.1-rc.4 - 2021-08-12
0.7.0 - 2021-08-11
0.6.2-rc.11 - 2021-08-11
0.6.2-rc.10 - 2021-08-10
0.6.2-rc.8 - 2021-08-10
0.6.2-rc.6 - 2021-08-09
0.6.2-rc.3 - 2021-08-05
0.6.2-rc.2 - 2021-08-04
0.6.2-rc.1 - 2021-07-30
0.6.1 - 2021-07-30
0.6.1-rc.7 - 2021-07-30
0.6.1-rc.5 - 2021-07-28
0.6.1-rc.2 - 2021-07-28
0.6.1-rc.1 - 2021-07-28
0.6.0 - 2021-07-27
0.5.3-rc.17 - 2021-07-27
0.5.3-rc.14 - 2021-07-27
0.5.3-rc.11 - 2021-07-27
0.5.3-rc.9 - 2021-07-27
0.5.3-rc.8 - 2021-07-27
0.5.3-rc.6 - 2021-07-19
0.5.3-rc.3 - 2021-07-01
0.5.3-rc.2 - 2021-06-25
0.5.3-rc.1 - 2021-06-18
0.5.2 - 2021-06-18
0.5.2-rc.4 - 2021-06-18
0.5.2-rc.3 - 2021-06-18
0.5.2-rc.2 - 2021-06-15
0.5.2-rc.1 - 2021-06-10
0.5.1 - 2021-06-05
0.5.1-rc.4 - 2021-06-05
0.5.1-rc.3 - 2021-06-01
0.5.1-rc.1 - 2021-05-26
0.5.0 - 2021-05-26
0.4.1-rc.11 - 2021-05-25
0.4.1-rc.7 - 2021-05-25
0.4.1-rc.6 - 2021-05-13
0.4.1-rc.5 - 2021-05-11
0.4.1-rc.1 - 2021-05-11
0.4.0 - 2021-05-10
0.3.5 - 2021-05-07
0.3.5-rc.32 - 2021-05-10
0.3.5-rc.31 - 2021-05-10
0.3.5-rc.30 - 2021-05-07
0.3.5-rc.29 - 2021-05-07
0.3.5-rc.28 - 2021-05-06
0.3.5-rc.27 - 2021-05-06
0.3.5-rc.26 - 2021-05-04
0.3.5-rc.25 - 2021-05-04
0.3.5-rc.24 - 2021-05-04
0.3.5-rc.22 - 2021-05-04
0.3.5-rc.21 - 2021-05-02
0.3.5-rc.20 - 2021-05-01
0.3.5-rc.19 - 2021-04-30
0.3.5-rc.18 - 2021-04-30
0.3.5-rc.17 - 2021-04-29
0.3.5-rc.14 - 2021-04-28
0.3.5-rc.11 - 2021-04-28
0.3.5-rc.3 - 2021-03-31
0.3.4 - 2021-03-10
0.3.3 - 2021-03-09
0.3.3-rc.5 - 2021-02-22
0.3.3-rc.4 - 2021-02-21
0.3.2 - 2021-02-08
0.3.1 - 2021-02-02
0.3.0 - 2021-02-01
0.2.3-rc.3 - 2021-01-30
0.2.2 - 2021-01-22
0.2.1 - 2021-01-20
0.2.0 - 2021-01-15
0.1.5-rc.6 - 2021-01-15
0.1.5-rc.5 - 2021-01-13
0.1.5-rc.4 - 2020-12-18
0.1.5-rc.1 - 2020-12-18
0.1.4 - 2020-12-16

from ipfs-http-server GitHub release notes

Commit messages

Package name: ipfs-http-server

bf1bc8b chore: release master (#4364)
7b79c1b fix: add deprecation notice to readmes (feat: add --flavor feature (ganache chain plugins) trufflesuite/ganache#4362)
410725b chore: disable dependabot.yml (get help trufflesuite/ganache#4363)
b64d4af docs: update README.md (build(deps-dev): bump webpack from 5.65.0 to 5.76.0 in /src/chains/filecoin/options trufflesuite/ganache#4307)
3bcabe3 chore: fix link to ci results (Improve ganache interactive docs header so it says what it is in the header, not just the main body section trufflesuite/ganache#4299)
ab02e8f docs: update readmes to fix ci badges (System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache#4296)
c5e76b7 update-ipfs-http-client (Transaction simulation takes too long to return trufflesuite/ganache#4293)
6eeb1be deps(dev): update interop, ipfsd-ctl and kubo-rpc-client (interactive docs: backspacing at line 1 char 0 causes an issue with our export {/*magic*/};\n hack trufflesuite/ganache#4294)
6e94067 chore: release master (#4252)
d1c3abb deps: update libp2p to 0.42.x (#4288)
0cfcaf6 fix: allow reading rawLeaves in MFS (build(deps): bump dns-packet from 5.3.0 to 5.4.0 in /src/chains/filecoin/filecoin trufflesuite/ganache#4282)
fa578ba fix: disallow publishing pubsub messages to zero peers (Can ganache be used to run full privatenet? trufflesuite/ganache#4286)
789ee58 deps: update dag-jose to 4.0.0 (#4289)
4b4c124 deps: update ipfs-utils for node 18 compatibility (fix: use adjusted time on estimate gas when latest block is being used trufflesuite/ganache#4287)
5f73eca chore: do not double-build interface tests
1916ca8 chore: interface tests should run after build
115a405 fix: fix publish step
6d90cbf fix: use aegir to publish RCs (v7.7.6 trufflesuite/ganache#4284)
2a6fede fix: update lerna config for rc publishing (build(deps): bump minimist from 1.2.5 to 1.2.8 in /src/packages/core trufflesuite/ganache#4283)
e85e5b6 deps: update @ chainsafe/libp2p-gossipsub to 6.0.0 (build(deps): bump minimist from 1.2.5 to 1.2.8 in /src/chains/ethereum/ethereum trufflesuite/ganache#4280)
563806f fix: restore lerna for preleases (build(deps): bump minimist and mkdirp in /src/chains/filecoin/filecoin trufflesuite/ganache#4281)
521c84a fix!: update multiformats to v11.x.x and related depenendcies (build(deps): bump minimist from 1.2.5 to 1.2.8 in /src/chains/ethereum/transaction trufflesuite/ganache#4277)
6be5906 fix: mfs blob import for files larger than 262144b (Connecting MetaMask to remote detached Ganache CLI trufflesuite/ganache#4251)
b722041 docs: DisableNatPortMap should be true to disable port mapping (#4244)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade ipfs-http-server from 0.1.4 to 0.15.1. See this package in npm: https://www.npmjs.com/package/ipfs-http-server See this project in Snyk: https://app.snyk.io/org/sammytezzy/project/cb740484-0d66-4e31-bf96-998366f9aefa?utm_source=github&utm_medium=referral&page=upgrade-pr

stackblitz · 2024-03-28T09:33:28Z

Run & review this pull request in StackBlitz Codeflow.

changeset-bot · 2024-03-28T09:33:28Z

⚠️ No Changeset found

Latest commit: 2a3cd57

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sourcery-ai

We have skipped reviewing this pull request. Here's why:

It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
We don't review packaging changes - Let us know if you'd like us to change this.

sourcery-ai bot reviewed Mar 28, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade ipfs-http-server from 0.1.4 to 0.15.1 #509

[Snyk] Upgrade ipfs-http-server from 0.1.4 to 0.15.1 #509

X-oss-byte commented Mar 28, 2024

Bug Fixes

Dependencies

Bug Fixes

Dependencies

Bug Fixes

Dependencies

Bug Fixes

stackblitz bot commented Mar 28, 2024

changeset-bot bot commented Mar 28, 2024

sourcery-ai bot left a comment

[Snyk] Upgrade ipfs-http-server from 0.1.4 to 0.15.1 #509

Are you sure you want to change the base?

[Snyk] Upgrade ipfs-http-server from 0.1.4 to 0.15.1 #509

Conversation

X-oss-byte commented Mar 28, 2024

Snyk has created this PR to upgrade ipfs-http-server from 0.1.4 to 0.15.1.

Bug Fixes

Dependencies

Bug Fixes

Dependencies

Bug Fixes

Dependencies

Bug Fixes

stackblitz bot commented Mar 28, 2024

changeset-bot bot commented Mar 28, 2024

⚠️ No Changeset found

sourcery-ai bot left a comment

Choose a reason for hiding this comment