[Snyk] Security upgrade cmake-js from 3.5.0 to 6.2.0 #17

ismailrei · 2023-12-24T18:29:18Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
756/1000 Why? Mature exploit, Has a fix available, CVSS 7.4	Uninitialized Memory Exposure npm:npmconf:20180512	No	Mature
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept
646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cmake-js

The new version differs by 83 commits.

1ce692c v6.2 - fixes + PRs
8f83606 mistake fixed
2ac0ef3 toolset fix
fede2f1 Merge branch 'fixes'
85cbf66 Merge branch 'master' of https://github.com/cmake-js/cmake-js
3ee62bb minor fixes
fb2a144 Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/y18n-3.2.2'
3a67521 Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/lodash-4.17.21'
722764b Update documentation for Node-API (#239)
490a093 Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/y18n-3.2.2'
3c60cb5 Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/lodash-4.17.21'
e311b71 handle case when microsoft barfs on itself (#234)
e1d5141 Bump lodash from 4.17.19 to 4.17.21
195571f Bump y18n from 3.2.1 to 3.2.2
18f4cbe Bump lodash from 4.17.15 to 4.17.19 (#220)
6c9c718 Bump ini from 1.3.5 to 1.3.8 (#228)
9687dba chore: replace request with axios (#233)
10c5b98 Correctly handle spaces in paths (#227)
8369e17 v6.1.0
34170dc Auto-detect Visual Studio 2019 platform (#201)
2013117 fix typo (#198)
a67bdd5 Update README.md
48315e3 v6
b0f9a09 Implement --cc and --cxx flags for overriding compiler detection (#191)