Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @ledgerhq/hw-transport-node-hid from 5.34.0 to 5.36.0 #517

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @ledgerhq/hw-transport-node-hid from 5.34.0 to 5.36.0 #517

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 471/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @ledgerhq/hw-transport-node-hid The new version differs by 21 commits.
  • 4409053 v5.36.0
  • 50806a2 Update libs
  • 4598c27 Merge pull request #551 from obsidiansystems/fix-eth-large-chainIDs
  • ec98646 Merge pull request #552 from LedgerHQ/dependabot/npm_and_yarn/ini-1.3.8
  • b85f178 Bump ini from 1.3.5 to 1.3.8
  • f0e9e47 fixes link
  • f081cf0 Move deprecated libraries in https://github.com/LedgerHQ/ledgerjs-legacy
  • 3f8d724 Update migrate_webusb.md
  • 9ee2f50 Update migrate_webusb.md
  • 4f5518f migrate_webusb.md draft
  • 1381016 Fix v in signatures returned from hw-app-eth.
  • 56a9227 v5.35.1
  • 5bcce6b Merge pull request #547 from Ledger-Coin-Integration-team/polkadot-abandonseed
  • 78cb6c3 polkadot add abandonseed
  • 9cdb423 v5.35.0
  • 281ffde ERC20 list update (generated)
  • 1986f9a v5.34.1
  • 0e227a1 lint
  • 1f34e7a Merge pull request #545 from LedgerHQ/workaround-reset
  • ba18a1d Change ticker for Venezuelan bolívar from VEF to VES (#546)
  • 0508350 Prevent throw if device reset is failing

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot