node-libnmap
node-libnmap copied to clipboard
jas-
[Snyk] Security upgrade netmask from 1.0.6 to 2.0.1
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
778/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.7 |
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: netmask
The new version differs by 13 commits.- d1bd7d3 Bump revision to 2.0.1
- 2052165 Avoid some useless allocs
- 3f19a05 Rewrite byte parsing in full JS without depending on parseInt
- 6a3169c Add checks on spaces before and after bytes
- accd535 Merge pull request #36 from kaoudis/master
- 1af3bb4 message
- 04ecdc4 adds CREDITS, plus mocha tests for transpiled node
- 7008f45 Set version in package.json
- 9f9fc38 BREAKING CHANGE: fix parsing of IPs with less than 4 bytes
- ec1b5b5 Fix improper parsing of hex bytes
- 4678fd8 Fix improper parsing of octal bytes
- b95d113 Merge pull request #34 from dschenkelman/prBranch
- a4ee31c Avoid large memory allocations when doing forEach in case netmask is large (e.g. /8)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
