[Snyk] Upgrade localforage from 1.9.0 to 1.10.0 #5

karthik-js · 2023-08-25T04:05:41Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade localforage from 1.9.0 to 1.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 2 years ago, on 2021-08-18.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Command Injection SNYK-JS-LODASH-1040724	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Prototype Pollution SNYK-JS-OBJECTPATH-1017036	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Prototype Pollution SNYK-JS-OBJECTPATH-1585658	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Prototype Pollution SNYK-JS-UNSETVALUE-2400660	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Prototype Pollution SNYK-JS-OBJECTPATH-1569453	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Open Redirect SNYK-JS-NEXT-1540422	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	467/1000 Why? Proof of Concept exploit, CVSS 7.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: localforage

1.10.0 - 2021-08-18
- Avoid uncaught error in dropInstance. You can now catch errors thrown by dropInstance, see #807.
1.9.0 - 2020-08-01
- Fixed TypeScript definition for getItem. It now notes that getItem can return null, so this change may cause TypeScript code that didn't account for null values to fail. See #980.
This was shipped as a minor release as it has the potential to break TypeScript checks that weren't checking for a null return value from getItem. Note that this version otherwise introduces no new features, so you can upgrade later when you're ready to fix code to check for null return values for getItem calls.

from localforage GitHub release notes

Commit messages

Package name: localforage

7323475 chore: Release 1.10.0
ff5e392 Merge pull request #807 from AdamStone/dropInstance-onblocked
5511168 Close open connections in onversionchanged to prevent blocked open/delete requests

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade localforage from 1.9.0 to 1.10.0. See this package in npm: https://www.npmjs.com/package/localforage See this project in Snyk: https://app.snyk.io/org/karthik-js/project/23423621-3a08-4506-845f-b6ca93304a47?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade localforage from 1.9.0 to 1.10.0 #5

[Snyk] Upgrade localforage from 1.9.0 to 1.10.0 #5

Uh oh!

karthik-js commented Aug 25, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Upgrade localforage from 1.9.0 to 1.10.0 #5

Are you sure you want to change the base?

[Snyk] Upgrade localforage from 1.9.0 to 1.10.0 #5

Uh oh!

Conversation

karthik-js commented Aug 25, 2023

Snyk has created this PR to upgrade localforage from 1.9.0 to 1.10.0.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants