Skip to content

[Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11

Sean Clarke requested to merge snyk-fix-2ecab1746454bb442f1ab06720658cb7 into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 899/1000
Why? Mature exploit, Has a fix available, CVSS 9.4		 Arbitrary File Write via Archive Extraction (Zip Slip)
npm:adm-zip:20180415 		No Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: adm-zip The new version differs by 50 commits.
  • 80d259f Version bump
  • 3f00a03 Fixed #176
  • 650e752 Fixed wrong date on files (issue #203)
  • d01fa8c Fixed bugs introduced with 0.4.9
  • c0cc85d Merge pull request #219 from jontore/master
  • 39c83a2 Merge pull request #209 from poshta1900/fix
  • b94c5dd Merge pull request #227 from hhaidar/master
  • c95c553 Merge pull request #228 from jmcollin78/patch-1
  • cda668c Fix issue #218
  • 0f2cb41 Fix octal literals so they work in strict mode
  • 888931d To support strict mode use 0o prefix to octal numbers
  • 89b6f67 Update package.json
  • 9592298 Update README.md
  • ce59e5a Merge pull request #215 from grnd/master
  • 38cb4a4 fix: resolve both target and entry path
  • 18c3d31 Update package.json
  • 666adec Update package.json
  • 499d59b Update package.json
  • 62f6400 Merge pull request #212 from aviadatsnyk/master
  • 6f4dfeb fix: prevent extracting archived files outside of target path
  • ef0abe6 add try-catch around fs.writeSync
  • e116bc1 Merge pull request #208 from pmuens/patch-1
  • 12d2099 Fix data accessing example in README
  • 032566b Merge pull request #204 from BridgeAR/master

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Merge request reports