[Snyk] Fix for 1 vulnerabilities

[adamlaska]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ipns

The new version differs by 68 commits.

• 4d1aff1 chore: release version v0.8.0
• a41f809 chore: update contributors
• 06ee535 fix: replace node buffers with uint8arrays ([Snyk] Security upgrade electron from 2.0.18 to 8.5.4 #67)
• 2ae9525 chore(deps-dev): bump ipfs from 0.48.2 to 0.49.0 ([Snyk] Fix for 1 vulnerabilities #65)
• 4fe0828 chore(deps-dev): bump ipfs-http-client from 45.0.0 to 46.0.0 ([Snyk] Security upgrade electron from 2.0.18 to 10.4.4 #66)
• fd238f9 chore: release version v0.7.4
• 315ee78 chore: update contributors
• 1843a23 chore(deps): bump multihashes from 1.0.1 to 3.0.1 ([Snyk] Fix for 1 vulnerabilities #59)
• d027162 chore(deps): bump multibase from 1.0.1 to 3.0.0 ([Snyk] Security upgrade ipfs from 0.30.0 to 0.34.0 #57)
• 64e892e chore(deps-dev): bump ipfs-http-client from 44.3.0 to 45.0.0 ([Snyk] Security upgrade ipfs from 0.30.0 to 0.36.0 #52)
• 42edb64 chore(deps-dev): bump ipfs from 0.47.0 to 0.48.1 ([Snyk] Security upgrade update-notifier from 2.5.0 to 3.0.0 #53)
• 260afcd chore(deps-dev): bump ipfs from 0.46.0 to 0.47.0 ([Snyk] Fix for 1 vulnerabilities #50)
• d771771 chore: release version v0.7.3
• c37ab19 chore: update contributors
• a3f8d38 chore: update deps ([Snyk] Fix for 1 vulnerabilities #49)
• 7c6c672 fix: key encoding ([Snyk] Security upgrade ipfs from 0.30.0 to 0.34.0 #48)
• 7d3c49c chore(deps-dev): bump aegir from 22.1.0 to 23.0.0 ([Snyk] Security upgrade libp2p-webrtc-star from 0.15.8 to 0.20.7 #43)
• 40d1df5 chore(deps-dev): bump ipfs from 0.44.0 to 0.46.0 ([Snyk] Security upgrade node from 9.5.0 to 14.16.1 #41)
• e8a9471 update contributing link ([Snyk] Fix for 1 vulnerabilities #38)
• 0dd3859 chore(deps-dev): bump ipfs from 0.43.3 to 0.44.0 ([Snyk] Security upgrade ipfs from 0.30.0 to 0.35.0 #39)
• f7ee71b chore: release version v0.7.2
• 0bae59c chore: update contributors
• 23a846e chore(deps): bump interface-datastore from 0.8.3 to 1.0.2 ([Snyk] Fix for 1 vulnerabilities #36)
• 3c8030b chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 ([Snyk] Security upgrade ipfs from 0.30.0 to 0.50.0 #37)

See the full diff

Package name: libp2p

The new version differs by 250 commits.

• bbf8ef7 chore: release version v0.29.0
• d6d1a74 chore: update contributors
• 28b79a7 test: fix pubsub intermittent test (#741)
• 81e70df chore: update interop version (#740)
• e9478ce chore: release version v0.29.0-rc.1
• 7be17a3 chore: update contributors
• 93dda74 fix: peer record interop with go (#739)
• cfbd52d chore: migration to 0.29 should use webrtc-star0.20
• 6cd23ea chore: use gossipsub0.6
• 9b75a0f chore: bump libp2p-webrtc-star
• b606ce0 chore: release version v0.29.0-rc.0
• 64c8c0f chore: update contributors
• 9be582e docs: migration 0.28 to 0.29 (#736)
• 55c9bfa feat: gossipsub 1.1 (#733)
• 1e86971 fix: replace node buffers with uint8arrays (#730)
• 9107efe chore: apply suggestions from code review
• cd09327 chore: add notice for addressBook.set
• ca57e65 chore: apply suggestions from code review
• f574e82 chore: apply suggestions from code review
• 15613cc fix: do not return self on peerstore.peers
• dab1c8b chore: increase bundle size
• d437def chore: rename isEqual to equals in tests
• 74d414c chore: add certified peer records to persisted peer store
• 8f2e690 feat: cerified addressbook

See the full diff

Package name: libp2p-bootstrap

The new version differs by 30 commits.

• 1d2ca16 chore: release version v0.12.0
• d38c837 chore: update contributors
• b59b7ad fix: replace node buffers with uint8arrays ([Snyk] Security upgrade ipfs-repo from 0.24.0 to 0.26.5 #106)
• d14bd1e chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 ([Snyk] Security upgrade electron from 2.0.18 to 15.5.6 #104)
• 189e2a7 chore: release version v0.11.0
• 3f992d5 chore: update contributors
• 01ce4ec Merge pull request [Snyk] Security upgrade aegir from 14.0.0 to 36.2.3 #103 from libp2p/chore/peer-discovery-not-using-peer-info
• 3a9200e chore: use new libp2p-interfaces release
• b782934 chore: add tests for peer-discovery interface
• 8a99f1b chore: peer-discovery not using peer-info
• a87c1f7 chore(deps-dev): bump aegir from 20.6.1 to 21.2.0 ([Snyk] Security upgrade webpack-dev-server from 2.11.5 to 3.1.10 #102)
• a0d96c5 chore: release version v0.10.4
• cfa0718 chore: update contributors
• 29b8aa6 fix: remove use of assert module ([Snyk] Security upgrade aegir from 14.0.0 to 31.0.0 #99)
• d38edfb chore: release version v0.10.3
• a2a1f20 chore: update contributors
• 5041f28 fix: validate list ([Snyk] Security upgrade electron-rebuild from 1.11.0 to 3.0.0 #97)
• 83201ca chore: update deps ([Snyk] Fix for 1 vulnerabilities #96)
• 37ed296 chore: release version v0.10.2
• c247d30 chore: update contributors
• 5ad84ff Revert "fix: use callback in start from js-libp2p ([Snyk] Security upgrade ipfs from 0.30.0 to 0.35.0 #93)"
• c2d9ae9 chore: release version v0.10.1
• 59b46ff chore: update contributors
• 74c305d fix: use callback in start from js-libp2p ([Snyk] Security upgrade ipfs from 0.30.0 to 0.35.0 #93)

See the full diff

Package name: libp2p-kad-dht

The new version differs by 207 commits.

• 6c85b6b chore: release version v0.20.6
• ded5639 chore: update contributors
• 6be6f32 chore: update deps ([Snyk] Fix for 1 vulnerabilities #213)
• 4321ae7 chore: release version v0.20.5
• 040136a chore: update contributors
• 3c2096e fix: do not throw on empty provider list ([Snyk] Security upgrade aegir from 14.0.0 to 37.0.0 #212)
• 5c39279 chore: release version v0.20.4
• 0905b74 chore: update contributors
• d0db16b feat: adds removeLocal function ([Snyk] Fix for 5 vulnerabilities #211)
• ba029ca chore: release version v0.20.3
• 24e3319 chore: update contributors
• c1f71f9 chore: add files to package json ([Snyk] Fix for 3 vulnerabilities #208)
• 20d57b5 feat: adds custom multicodec protocol option ([Snyk] Fix for 26 vulnerabilities #206)
• efd5e0f chore: release version v0.20.2
• 9e6e9cf chore: update contributors
• b28afdd feat: onPut and onRemove events ([Snyk] Fix for 5 vulnerabilities #205)
• 87f8511 chore: release version v0.20.1
• 5840ab2 chore: update contributors
• 1d6f0bd chore: update deps ([Snyk] Fix for 28 vulnerabilities #203)
• 61ee22b chore: release version v0.20.0
• d3d8256 chore: update contributors
• 989be87 fix: replace node buffers with uint8arrays ([Snyk] Security upgrade ipfs from 0.30.0 to 0.51.0 #202)
• 8eabccf chore: release version v0.19.9
• f8b041c chore: update contributors

See the full diff

Package name: libp2p-mdns

The new version differs by 29 commits.

• ddcc10b chore: release version v0.15.0
• 061c3f0 chore: update contributors
• 3cf0e75 chore: upgrade deps ([Snyk] Security upgrade electron-rebuild from 1.11.0 to 3.0.0 #97)
• e1087a9 chore: release version v0.14.3
• 0ecc116 chore: update contributors
• 9fea1f6 fix: ensure event handlers are removed on MulticastDNS.stop ([Snyk] Fix for 1 vulnerabilities #96)
• 9186dbf chore: release version v0.14.2
• 183c065 chore: update contributors
• 9f45f73 fix: actually check tcp multiaddrs ([Snyk] Fix for 1 vulnerabilities #94)
• 60a0dbe chore: release version v0.14.1
• edec51d chore: update contributors
• 3dc9475 test(fix): wait for the right peer in 3+ tests ([Snyk] Fix for 1 vulnerabilities #92)
• cfe90c6 chore: use address manager ([Snyk] Security upgrade electron from 2.0.18 to 15.5.3 #91)
• 5b46aaa chore: release version v0.14.0
• bcf3e44 chore: update contributors
• fca175e chore: peer-discovery not using peer-info ([Snyk] Fix for 1 vulnerabilities #90)
• ecdda6e chore: release version v0.13.3
• 28c0ae1 chore: update contributors
• cf180e1 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2
• e362b04 fix: remove use of assert module ([Snyk] Security upgrade electron from 2.0.18 to 16.0.10 #87)
• bea3dd1 chore: release version v0.13.2
• 0d2c1a1 chore: update contributors
• 084ee53 chore: remove unused dep async ([Snyk] Security upgrade electron from 2.0.18 to 13.6.8 #86)
• a9661bd chore: release version v0.13.1

See the full diff

Package name: libp2p-record

The new version differs by 5 commits.

• a396058 chore: release version v0.6.0
• b22a22e chore: update contributors
• 21c2e6a docs: add lead-maintainer ([Snyk] Security upgrade ipfs from 0.30.0 to 0.41.0 #9)
• 10177ae feat: new record definition ([Snyk] Security upgrade ipfs from 0.30.0 to 0.41.0 #8)
• cbdc360 chore: updating CI files ([Snyk] Fix for 1 vulnerabilities #7)

See the full diff

Package name: libp2p-secio

The new version differs by 36 commits.

• 2e37947 chore: release version v0.13.0
• a6a37f2 chore: update contributors
• c3f1f34 fix: replace node buffers with uint8arrays ([Snyk] Fix for 1 vulnerabilities #124)
• 328e68f chore: release version v0.12.6
• a7784bd chore: update contributors
• 34c4844 fix: comply with message framing spec ([Snyk] Security upgrade ipfs from 0.30.0 to 0.51.0 #123)
• 5649f44 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 ([Snyk] Security upgrade aegir from 14.0.0 to 20.0.0 #122)
• 0bb318d chore: release version v0.12.5
• dbc8077 chore: update contributors
• 70a8a98 fix: return public key ([Snyk] Security upgrade aegir from 14.0.0 to 20.0.0 #121)
• d2efc8c chore: remove commitlint from CI ([Snyk] Security upgrade electron from 2.0.18 to 17.4.8 #120)
• 7ef0f25 chore: release version v0.12.4
• 5da41f6 chore: update contributors
• 914eb4f fix: add buffer ([Snyk] Security upgrade update-notifier from 2.5.0 to 6.0.0 #118)
• ef5f09d chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 ([Snyk] Fix for 6 vulnerabilities #117)
• a0bfc86 chore: release version v0.12.3
• 4ef9b70 chore: update contributors
• 027e0ad fix: remove use of assert module ([Snyk] Security upgrade aegir from 14.0.0 to 17.0.0 #114)
• 74e95e2 chore: release version v0.12.2
• 2c2d467 chore: update contributors
• ab3fe44 chore: update deps ([Snyk] Security upgrade electron from 2.0.18 to 11.4.9 #113)
• b3a7040 chore: release version v0.12.1
• f1e79ce chore: update contributors
• b22152a chore: clean up published package ([Snyk] Security upgrade electron from 2.0.18 to 10.4.1 #110)

See the full diff

Package name: libp2p-webrtc-star

The new version differs by 77 commits.

• 2af1167 chore: release version v0.19.0
• 5ffbe88 chore: update contributors
• 306b453 fix: use relaxed webrtc check ([Snyk] Security upgrade ipld from 0.17.4 to 0.30.2 #249)
• 68805b0 fix: replace node buffers with uint8arrays ([Snyk] Security upgrade webpack-dev-server from 2.11.5 to 4.0.0 #244)
• 9b87e9b chore(deps): bump streaming-iterables from 4.1.2 to 5.0.2 (8efdc9273f9d25d3b725dbea4394e623a0e33c45 #239)
• 1d03c8a chore: add webrtc servers ([Snyk] Security upgrade ipfs from 0.30.0 to 0.66.1 #232)
• 4007894 chore: release version v0.18.6
• de4cd12 chore: update contributors
• 5795435 fix: use simple-peer fork that does not throw when setting error codes ([Snyk] Security upgrade libp2p-websocket-star from 0.8.1 to 0.10.2 #231)
• c07ac28 chore: release version v0.18.5
• 8a02859 chore: update contributors
• f09d007 chore: use ipfs utils for webrc support ([Snyk] Security upgrade electron from 2.0.18 to 26.6.7 #229)
• 79059da chore(deps-dev): bump aegir from 22.1.0 to 23.0.0 ([Snyk] Security upgrade electron from 2.0.18 to 26.6.5 #227)
• f89449a chore: release version v0.18.4
• 130da90 chore: update contributors
• 74e9059 fix: do not signal if channel destroyed ([Snyk] Security upgrade webpack from 4.47.0 to 5.1.1 #226)
• dc9bfa6 fix: add error handler for incoming connections ([Snyk] Security upgrade electron from 2.0.18 to 26.6.3 #224)
• 50dd42d chore: make the docker image much smaller. ([Snyk] Security upgrade aegir from 14.0.0 to 37.0.0 #223)
• 7fc8a8b chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 ([Snyk] Security upgrade libp2p-webrtc-star from 0.15.8 to 0.20.4 #221)
• bb781a3 chore: release version v0.18.3
• 7357362 chore: update contributors
• fe14c96 chore: release version v0.18.2
• d571fd0 chore: update contributors
• 830507d chore: update aegir ([Snyk] Security upgrade electron from 2.0.18 to 22.3.24 #220)

See the full diff

Package name: peer-id

The new version differs by 85 commits.

• 5468ee0 chore: release version v0.14.3
• f895151 chore: update contributors
• e7d0eaa chore: update deps ([Snyk] Security upgrade electron from 2.0.18 to 19.0.15 #137)
• 41ab96c docs: correct case for RSA keyType ([Snyk] Security upgrade ipfs from 0.30.0 to 0.64.0 #136)
• 4178e53 docs: add documentation for isPeerId(id) ([Snyk] Security upgrade aegir from 14.0.0 to 37.5.2 #134) ([Snyk] Security upgrade electron from 2.0.18 to 15.5.3 #135)
• 10ead07 chore: release version v0.14.2
• d940099 chore: update contributors
• b2ee342 feat: has inline public key method ([Snyk] Fix for 72 vulnerabilities #132)
• ecc1e5b chore: release version v0.14.1
• 153bc8e chore: update contributors
• d40d588 fix: ts constructor types ([Snyk] Security upgrade electron from 2.0.18 to 18.3.9 #130)
• 224b30c fix: privKey possible undefined ([Snyk] Security upgrade electron from 2.0.18 to 17.4.11 #129)
• 6d571ae fix: typo in readme ([Snyk] Security upgrade electron from 2.0.18 to 17.4.9 #128)
• ff4bd96 chore: release version v0.14.0
• 427b46c chore: update contributors
• d16ce9c fix: replace node buffers with uint8arrays ([Snyk] Security upgrade electron from 2.0.18 to 17.4.11 #127)
• cd99cb2 chore: release version v0.13.13
• c295329 chore: update contributors
• bb32b12 chore: update deps ([Snyk] Security upgrade electron from 2.0.18 to 16.2.6 #126)
• 6fd5ca2 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 ([Snyk] Fix for 1 vulnerabilities #124)
• 020b963 chore: release version v0.13.12
• e3da29a chore: update contributors
• 8cd9dfb feat(cli): add support for specifying type and size ([Snyk] Security upgrade aegir from 14.0.0 to 20.0.0 #122)
• 3598a43 chore: release version v0.13.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic