[Snyk] Upgrade @tensorflow/tfjs-node from 3.14.0 to 4.14.0

[aravindvnair99]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @tensorflow/tfjs-node from 3.14.0 to 4.14.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 26 versions ahead of your current version.
• The recommended version was released 23 days ago, on 2023-11-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @tensorflow/tfjs-node

• 4.14.0 - 2023-11-30
  

  Core (4.13.0 ==> 4.14.0)

  Misc

  • Update monorepo to 4.14.0. (#8085).
  • webgpu: apply the new timestampWrites format (#8048). Thanks, @ qjia7.
  • Fix worker tests using the wrong paths in importScripts (#8050).

  Data (4.13.0 ==> 4.14.0)

  Misc

  • Update monorepo to 4.14.0. (#8085).

  Layers (4.13.0 ==> 4.14.0)

  Misc

  • Update monorepo to 4.14.0. (#8085).

  Converter (4.13.0 ==> 4.14.0)

  Documentation

  • Update correct links for Keras HDF5 and tf.keras SavedModel in README.md (#8051). Thanks, @ gaikwadrahul8.

  Misc

  • Update lockfiles branch tfjs_4.14.0_lockfiles lock files. (#8086). Thanks, @ dbcp1.
  • Update monorepo to 4.14.0. (#8085).
  • Update broken link for Frozen Model hyperlink in README.md (#8063). Thanks, @ gaikwadrahul8.

  Node (4.13.0 ==> 4.14.0)

  Misc

  • Update lockfiles branch tfjs_4.14.0_lockfiles lock files. (#8086). Thanks, @ dbcp1.
  • Update monorepo to 4.14.0. (#8085).

  Wasm (4.13.0 ==> 4.14.0)

  Misc

  • Update lockfiles branch tfjs_4.14.0_lockfiles lock files. (#8086). Thanks, @ dbcp1.
  • Update monorepo to 4.14.0. (#8085).

  Cpu (4.13.0 ==> 4.14.0)

  Misc

  • Update monorepo to 4.14.0. (#8085).

  Webgl (4.13.0 ==> 4.14.0)

  Misc

  • Update lockfiles branch tfjs_4.14.0_lockfiles lock files. (#8086). Thanks, @ dbcp1.
  • Update monorepo to 4.14.0. (#8085).

  WebGPU (4.13.0 ==> 4.14.0)

  Bug fixes

  • Fix isWebGPUSupported throwing an error in node (#8070).

  Misc

  • Update lockfiles branch tfjs_4.14.0_lockfiles lock files. (#8086). Thanks, @ dbcp1.
  • Update monorepo to 4.14.0. (#8085).
  • webgpu: apply the new timestampWrites format (#8048). Thanks, @ qjia7.
• 4.14.0-rc.0 - 2023-11-18
• 4.13.0 - 2023-11-08
  

  Core (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).
  • feat: fix tensor class import (#7947). Thanks, @ paradite.

  Data (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).

  Layers (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).
  • [tfjs-layers] Fix outputs and mask mismatch (#7993). Thanks, @ axinging.

  Converter (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).

  Node (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).

  Wasm (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).

  Cpu (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).

  Webgl (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).

  WebGPU (4.12.0 ==> 4.13.0)

  Misc

  • Update monorepo to 4.13.0. (#8054).
  • fix browser check (#8001). Thanks, @ crowlKats.
• 4.13.0-rc.0 - 2023-10-30
  

  Core (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update lockfiles branch tfjs_4.13.0-rc.0_lockfiles lock files. (#8046).
  • Update monorepo to 4.13.0-rc.0. (#8043).
  • feat: fix tensor class import (#7947). Thanks, @ paradite.

  Data (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update monorepo to 4.13.0-rc.0. (#8043).

  Layers (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update monorepo to 4.13.0-rc.0. (#8043).
  • [tfjs-layers] Fix outputs and mask mismatch (#7993). Thanks, @ axinging.

  Converter (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update lockfiles branch tfjs_4.13.0-rc.0_lockfiles lock files. (#8046).
  • Update monorepo to 4.13.0-rc.0. (#8043).

  Node (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update lockfiles branch tfjs_4.13.0-rc.0_lockfiles lock files. (#8046).
  • Update monorepo to 4.13.0-rc.0. (#8043).

  Wasm (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update lockfiles branch tfjs_4.13.0-rc.0_lockfiles lock files. (#8046).
  • Update monorepo to 4.13.0-rc.0. (#8043).

  Cpu (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update monorepo to 4.13.0-rc.0. (#8043).

  Webgl (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update lockfiles branch tfjs_4.13.0-rc.0_lockfiles lock files. (#8046).
  • Update monorepo to 4.13.0-rc.0. (#8043).

  WebGPU (4.12.0 ==> 4.13.0-rc.0)

  Misc

  • Update lockfiles branch tfjs_4.13.0-rc.0_lockfiles lock files. (#8046).
  • Update monorepo to 4.13.0-rc.0. (#8043).
  • fix browser check (#8001). Thanks, @ crowlKats.
• 4.12.0 - 2023-10-18
  

  Core (4.11.0 ==> 4.12.0)

  Misc

  • Update lockfiles branch tfjs_4.12.0_lockfiles lock files. (#8017).
  • Update monorepo to 4.12.0. (#8013).

  Data (4.11.0 ==> 4.12.0)

  Misc

  • Update monorepo to 4.12.0. (#8013).

  Layers (4.11.0 ==> 4.12.0)

  Misc

  • Update monorepo to 4.12.0. (#8013).
  • [layers] Import arraysEqual from the public import path (#7959).

  Converter (4.11.0 ==> 4.12.0)

  Misc

  • Update lockfiles branch tfjs_4.12.0_lockfiles lock files. (#8017).
  • Update monorepo to 4.12.0. (#8013).
  • [converter] fixed py import for auto tracking (#7982).

  Node (4.11.0 ==> 4.12.0)

  Misc

  • Update lockfiles branch tfjs_4.12.0_lockfiles lock files. (#8017).
  • Update monorepo to 4.12.0. (#8013).
  • [converter] fixed py import for auto tracking (#7982).

  Wasm (4.11.0 ==> 4.12.0)

  Misc

  • Update lockfiles branch tfjs_4.12.0_lockfiles lock files. (#8017).
  • Update monorepo to 4.12.0. (#8013).
  • Update broken link for Benchmarks page (#7796). Thanks, @ gaikwadrahul8.
  • Infer dtype in wasm fill (#7953). Thanks, @ sklum.

  Cpu (4.11.0 ==> 4.12.0)

  Misc

  • Update monorepo to 4.12.0. (#8013).

  Webgl (4.11.0 ==> 4.12.0)

  Misc

  • Update lockfiles branch tfjs_4.12.0_lockfiles lock files. (#8017).
  • Update monorepo to 4.12.0. (#8013).

  WebGPU (4.11.0 ==> 4.12.0)

  Bug fixes

  • webgpu: Enable importExternalTexture (#7976). Thanks, @ gyagp.

  Misc

  • Update lockfiles branch tfjs_4.12.0_lockfiles lock files. (#8017).
  • Update monorepo to 4.12.0. (#8013).
  • [WebGPU] Fix shader key for ScatterProgram (#7932).
• 4.12.0-rc.0 - 2023-10-11
  Read more
• 4.11.0 - 2023-09-13
  Read more
• 4.10.0 - 2023-08-01
  Read more
• 4.9.0 - 2023-07-18
• 4.8.0 - 2023-06-20
• 4.7.0 - 2023-06-06
• 4.6.0 - 2023-05-17
• 4.5.0 - 2023-05-05
• 4.4.0 - 2023-04-06
• 4.3.0 - 2023-03-17
• 4.2.0 - 2023-01-03
• 4.1.0 - 2022-11-20
• 4.0.0 - 2022-10-13
• 3.21.1 - 2022-10-06
• 3.21.0 - 2022-10-06
• 3.20.0 - 2022-08-23
• 3.19.0 - 2022-07-22
• 3.18.0 - 2022-05-21
• 3.17.0 - 2022-05-12
• 3.16.0 - 2022-04-19
• 3.15.0 - 2022-03-22
• 3.14.0 - 2022-03-03

from @tensorflow/tfjs-node GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarqubecloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[guardrails]

⚠️ We detected 7 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in 3c31f1f path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in 3c31f1f result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

Vulnerable Libraries (5)

Severity	Details
Critical	pkg:npm/@tensorflow/[email protected] upgrade to: > 3.14.0
Medium	pkg:npm/[email protected] upgrade to: 1.6.0
Critical	pkg:npm/[email protected] upgrade to: > 11.3.0
High	pkg:npm/[email protected] upgrade to: > 0.3.1
High	pkg:npm/[email protected] upgrade to: > 4.2.1

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Automatically closed due to lack of recent activity. Tag @aravindvnair99 to reopen. Thank you for your contributions.