Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: mathjax-full, typescript, vm2 #34

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: mathjax-full, typescript, vm2 #34

wants to merge 1 commit into from

Conversation

samul-1
Copy link
Owner

@samul-1 samul-1 commented Sep 9, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

mathjax-full
from 3.2.0 to 3.2.2 | 2 versions ahead of your current version | 2 years ago
on 2022-06-08
typescript
from 4.6.2 to 4.9.5 | 261 versions ahead of your current version | 2 years ago
on 2023-01-30
vm2
from 3.9.9 to 3.9.19 | 10 versions ahead of your current version | a year ago
on 2023-05-16

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
critical severity Arbitrary Code Execution
SNYK-JS-VM2-2990237		 811 Proof of Concept
critical severity Sandbox Bypass
SNYK-JS-VM2-3018201		 811 Proof of Concept
critical severity Sandbox Escape
SNYK-JS-VM2-5415299		 811 Proof of Concept
critical severity Sandbox Escape
SNYK-JS-VM2-5422057		 811 Proof of Concept
critical severity Improper Handling of Exceptional Conditions
SNYK-JS-VM2-5426093		 811 No Known Exploit
medium severity Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
SNYK-JS-VM2-5537079		 811 Proof of Concept
critical severity Sandbox Bypass
SNYK-JS-VM2-5537100		 811 Proof of Concept
Release notes
Package name: mathjax-full
  • 3.2.2 - 2022-06-08

    This is a hot-fix release to correct three issues in the recent 3.2.1 release. These are listed below:

    • Prevent lazy typesetting from re-typeset expressions unnecessarily, which can cause duplicate-label error messages in the output, and degrade performance. (mathjax/MathJax#2873)

    • Improve method for obtaining the <math> element from mml3 conversion, allowing it to work better in an XHTML setting. (mathjax/MathJax#2879)

    • Make version.ts use a constant and create the file during the build process rather than dynamically determining the version. This allows easier packaging of MathJax into other applications. (#824)

  • 3.2.1 - 2022-05-19

    This is mostly a bug-fix release, resolving various display and input bugs and other issues. See the individual bugs linked below for more details, and the 3.2.1 milestone for the pull requests involved in this release.

    New Features in this Release

    Speech-Rule Engine

    MathJax now integrates version 4 of Speech Rule Engine (SRE). (#800)

    • SRE v4 is a full port to ES6 using TypeScript providing transpiled JavaScript for easier integration into third party projects via its npm package.
    • Uses webpack as the primary bundler to offer a single bundle file for both node and browser.
    • Major rewrite of rule handling and provision of locales.
      • Smaller locale files and memory footprint in the index structure.
      • Hierarchical locale setup that allows inheritance within rule sets.
      • Uses ES6 promises to handle locale loading and engine setup.
    • A number of new locales for Swedish, Norwegian (Bokmal and Nynorks), Danish (MathSpeak only), and Catalan (MathSpeak only)
    • Locale files are now served with a .json extension. (mathjax/MathJax#2403)

    For more details and a full list of all changes and additions see the SRE release notes.

    MathJax makes use of SRE v4 new features in the following ways:

    • Source integration
      • Integrates SRE directly via importing the relevant library files into its code and webpacks them into its components and bundles.
      • Replaces the timeout-driven SRE loading promise with SRE's new native promises.
      • The sre.ts module now imports and exports exclusively API methods necessary for SRE's use in MathJax
      • A new mathmaps.ts module provides a map for directly integrating and bundling locales (see more below).
    • Components integration
      • The sre component under components/src/sre now simply handles copying the locale files in the mathmaps directory.
      • The a11y/sre component under components/src/sre contains a configuration file sre_config.js that sets up the basic SRE configuration for MathJax, especially the correct path to the mathmaps folder (online or in the npm distribution).
      • Components can webpack SRE's locale files into bundles. See the components/src/tex-chtml-full-speech component as an example.
    • MathJax Configuration
      • The sre path in MathJax is now used exclusively for pointing to a directory containing the locale files.

    Most of these changes are internal and should remain unnoticeable. However, there are a couple of points to note when using SRE via MathJax:

    • Previously, MathJax would load SRE as a single library file, but now webpacks its source files, which, as a side-effect, closes several convenient loopholes you could have exploited in the past:
      • OLD: SRE's functionality was available to a developer as if running SRE standalone. That is, in both node and browser, all of SRE's API methods where available in the SRE namespace, and additionally, the full functionality was reachable in the browser through the sre namespace.
        NEW: Now only the explicitly exported API methods are available to import via the a11y/sre component.
        * OLD: You could easily change the version of SRE MathJax would use by:
        1. In the browser, pointing to an alternative copy of sre_browser.js using the sre path in the MathJax configuration, and
        2. In node, replacing the speech-rule-engine package with a different version in the node_modules folder.
          NEW: This is no longer possible.
    • The sreReady method is still exported but deprecated. In the future, you should use the corresponding method in the API bundle Sre.sreReady().
    • By default SRE comes without rules (or locales) preloaded, and pulls those in only when necessary. That is, it loads the relevant .json files via XML-HTTP-request in the browser, or via file loading in the node module. However, it is now possible to pre-bundle (some) locales directly into a custom distribution using webpack, which is particularly useful if you want to run MathJax offline while still using the full power of is assistive technology extension. See the tex-chtml-full-speech component as an example.

    Output Improvements

    • Properly handle border and padding CSS in CHTML and SVG output. (#799)

    Lazy Typesetting

    • Have lazy typesetter typeset all remaining math before printing. (#777)
    • Have lazy typesetting specify a (configurable) distance around the viewport for triggering typesetting. (#777)
    • Allow containers to be marked so that they are always typeset by the lazy typesetter. (#777)

    Bugs Addressed in this Release

    Output Bug Fixes

    • Update svg output to properly handle token elements with multiple child nodes. (mathjax/MathJax#2836)

    • Include CSS to reset border-collapse in CHTML output. (mathjax/MathJax#2861)

    • Prevent CHTML adaptive CSS from adding character CSS multiple times. (#796)

    • Make sure all character data is included when adaptiveCSS is false. (mathjax/MathJax#2724)

    • Place super- and subscripts properly around \vcenter elements. (#787)

    • Add a minimum height for accented characters. (mathjax/MathJax#2766)

    • Take relative scaling into account for CHTML output of non-MathJax fonts. (mathjax/MathJax#2818)

    • Fix placement of surd when root extends above the top of the root. (mathjax/MathJax#2764)

    • Fix problem with msubsup when subscript is blank (mathjax/MathJax#2765)

    TeX Input Fixes

    MathML Input Fixes

    • Fix problems with verification and repair of malformed mtables. (#779)

    • Add support for mglyph use of fontfamily/index. (mathjax/MathJax#2298)

    • Trim MathML string before parsing it. (mathjax/MathJax#2805)

    • Only process MJX-TeXAtom classes on mrow elements. (mathjax/MathJax#2822)

    • Move mml3 filter to an mmlFilter so that forceReparse isn't needed. (mathjax/MathJax#2718)

    • Make U+2061 through U+2064 have TeX class NONE so they don't affect spacing. (#806)

    Miscenaleous

    • Handle documents better when created by parsing in XHTML. (mathjax/MathJax#2788)

    • Add version numbers to component files and check them when loaded. (#738)

    • Fix problem where some menu settings weren't sticky (mathjax/MathJax#2786)

    • Add a linkedom adaptor (mathjax/MathJax#2833)

    • Refactor usage of all-packages to reduce redundant code in components. (#784)

    • Make variables local in legacy AsciiMath code. (mathjax/MathJax#2748)

    • Make safe extension properly handle scriptlevel of 0. (mathjax/MathJax#2745)

    • Update webpack files for empheq and cases. (mathjax/MathJax#2762)

    • Update build tools to work with extensions better. (#737)

    • Add defaultPageReady() to MathJaxObject interface. (#746)

  • 3.2.0 - 2021-06-17
from mathjax-full GitHub release notes
Package name: typescript
  • 4.9.5 - 2023-01-30
  • 4.9.4 - 2022-12-07
  • 4.9.3 - 2022-11-15
  • 4.9.2-rc - 2022-11-01
  • 4.9.1-beta - 2022-09-23
  • 4.9.0-dev.20221031 - 2022-10-31
  • 4.9.0-dev.20221030 - 2022-10-30
  • 4.9.0-dev.20221029 - 2022-10-29
  • 4.9.0-dev.20221028 - 2022-10-28
  • 4.9.0-dev.20221027 - 2022-10-27
  • 4.9.0-dev.20221026 - 2022-10-26
  • 4.9.0-dev.20221025 - 2022-10-25
  • 4.9.0-dev.20221024 - 2022-10-24
  • 4.9.0-dev.20221023 - 2022-10-23
  • 4.9.0-dev.20221022 - 2022-10-22
  • 4.9.0-dev.20221021 - 2022-10-21
  • 4.9.0-dev.20221020 - 2022-10-20
  • 4.9.0-dev.20221019 - 2022-10-19
  • 4.9.0-dev.20221018 - 2022-10-18
  • 4.9.0-dev.20221017 - 2022-10-17
  • 4.9.0-dev.20221016 - 2022-10-16
  • 4.9.0-dev.20221015 - 2022-10-15
  • 4.9.0-dev.20221014 - 2022-10-14
  • 4.9.0-dev.20221013 - 2022-10-13
  • 4.9.0-dev.20221012 - 2022-10-12
  • 4.9.0-dev.20221011 - 2022-10-11
  • 4.9.0-dev.20221007 - 2022-10-07
  • 4.9.0-dev.20221006 - 2022-10-06
  • 4.9.0-dev.20221005 - 2022-10-05
  • 4.9.0-dev.20221004 - 2022-10-04
  • 4.9.0-dev.20221003 - 2022-10-03
  • 4.9.0-dev.20221002 - 2022-10-02
  • 4.9.0-dev.20221001 - 2022-10-01
  • 4.9.0-dev.20220930 - 2022-09-30
  • 4.9.0-dev.20220929 - 2022-09-29
  • 4.9.0-dev.20220928 - 2022-09-28
  • 4.9.0-dev.20220927 - 2022-09-27
  • 4.9.0-dev.20220926 - 2022-09-26
  • 4.9.0-dev.20220925 - 2022-09-25
  • 4.9.0-dev.20220924 - 2022-09-24
  • 4.9.0-dev.20220923 - 2022-09-23
  • 4.9.0-dev.20220922 - 2022-09-22
  • 4.9.0-dev.20220921 - 2022-09-21
  • 4.9.0-dev.20220920 - 2022-09-20
  • 4.9.0-dev.20220919 - 2022-09-19
  • 4.9.0-dev.20220918 - 2022-09-18
  • 4.9.0-dev.20220917 - 2022-09-17
  • 4.9.0-dev.20220916 - 2022-09-16
  • 4.9.0-dev.20220915 - 2022-09-15
  • 4.9.0-dev.20220914 - 2022-09-14
  • 4.9.0-dev.20220913 - 2022-09-13
  • 4.9.0-dev.20220912 - 2022-09-12
  • 4.9.0-dev.20220911 - 2022-09-11
  • 4.9.0-dev.20220910 - 2022-09-10
  • 4.9.0-dev.20220909 - 2022-09-09
  • 4.9.0-dev.20220908 - 2022-09-08
  • 4.9.0-dev.20220907 - 2022-09-07
  • 4.9.0-dev.20220905 - 2022-09-05
  • 4.9.0-dev.20220904 - 2022-09-04
  • 4.9.0-dev.20220903 - 2022-09-03
  • 4.9.0-dev.20220902 - 2022-09-02
  • 4.9.0-dev.20220901 - 2022-09-01
  • 4.9.0-dev.20220831 - 2022-08-31
  • 4.9.0-dev.20220830 - 2022-08-30
  • 4.9.0-dev.20220829 - 2022-08-29
  • 4.9.0-dev.20220828 - 2022-08-28
  • 4.9.0-dev.20220827 - 2022-08-27
  • 4.9.0-dev.20220825 - 2022-08-25
  • 4.9.0-dev.20220824 - 2022-08-24
  • 4.9.0-dev.20220823 - 2022-08-23
  • 4.9.0-dev.20220822 - 2022-08-22
  • 4.9.0-dev.20220821 - 2022-08-21
  • 4.9.0-dev.20220820 - 2022-08-20
  • 4.9.0-dev.20220819 - 2022-08-19
  • 4.9.0-dev.20220818 - 2022-08-18
  • 4.9.0-dev.20220817 - 2022-08-17
  • 4.9.0-dev.20220816 - 2022-08-16
  • 4.9.0-dev.20220815 - 2022-08-15
  • 4.9.0-dev.20220814 - 2022-08-14
  • 4.9.0-dev.20220813 - 2022-08-13
  • 4.9.0-dev.20220812 - 2022-08-12
  • 4.9.0-dev.20220811 - 2022-08-11
  • 4.9.0-beta - 2022-09-23
  • 4.8.4 - 2022-09-27
  • 4.8.3 - 2022-09-08
  • 4.8.2 - 2022-08-25
  • 4.8.1-rc - 2022-08-11
  • 4.8.0-dev.20220809 - 2022-08-09
  • 4.8.0-dev.20220808 - 2022-08-08
  • 4.8.0-dev.20220807 - 2022-08-07
  • 4.8.0-dev.20220806 - 2022-08-06
  • 4.8.0-dev.20220805 - 2022-08-05
  • 4.8.0-dev.20220804 - 2022-08-04
  • 4.8.0-dev.20220803 - 2022-08-03
  • 4.8.0-dev.20220802 - 2022-08-02
  • 4.8.0-dev.20220801 - 2022-08-01
  • 4.8.0-dev.20220731 - 2022-07-31
  • 4.8.0-dev.20220730 - 2022-07-30
  • 4.8.0-dev.20220729 - 2022-07-29
  • 4.8.0-dev.20220728 - 2022-07-28
  • 4.8.0-dev.20220727 - 2022-07-27
  • 4.8.0-dev.20220726 - 2022-07-26
  • 4.8.0-dev.20220725 - 2022-07-25
  • 4.8.0-dev.20220724 - 2022-07-24
  • 4.8.0-dev.20220723 - 2022-07-23
  • 4.8.0-dev.20220722 - 2022-07-22
  • 4.8.0-dev.20220721 - 2022-07-21
  • 4.8.0-dev.20220720 - 2022-07-20
  • 4.8.0-dev.20220719 - 2022-07-19
  • 4.8.0-dev.20220718 - 2022-07-18
  • 4.8.0-dev.20220717 - 2022-07-17
  • 4.8.0-dev.20220716 - 2022-07-16
  • 4.8.0-dev.20220715 - 2022-07-15
  • 4.8.0-dev.20220714 - 2022-07-14
  • 4.8.0-dev.20220713 - 2022-07-13
  • 4.8.0-dev.20220712 - 2022-07-12
  • 4.8.0-dev.20220711 - 2022-07-11
  • 4.8.0-dev.20220710 - 2022-07-10
  • 4.8.0-dev.20220709 - 2022-07-09
  • 4.8.0-dev.20220708 - 2022-07-08
  • 4.8.0-dev.20220707 - 2022-07-07
  • 4.8.0-dev.20220706 - 2022-07-06
  • 4.8.0-dev.20220705 - 2022-07-05
  • 4.8.0-dev.20220704 - 2022-07-04
  • 4.8.0-dev.20220703 - 2022-07-03
  • 4.8.0-dev.20220701 - 2022-07-01
  • 4.8.0-dev.20220630 - 2022-06-30
  • 4.8.0-dev.20220629 - 2022-06-29
  • 4.8.0-dev.20220628 - 2022-06-28
  • 4.8.0-dev.20220627 - 2022-06-27
  • 4.8.0-dev.20220626 - 2022-06-26
  • 4.8.0-dev.20220625 - 2022-06-25
  • 4.8.0-dev.20220624 - 2022-06-24
  • 4.8.0-dev.20220623 - 2022-06-23
  • 4.8.0-dev.20220622 - 2022-06-22
  • 4.8.0-dev.20220621 - 2022-06-21
  • 4.8.0-dev.20220620 - 2022-06-20
  • 4.8.0-dev.20220619 - 2022-06-19
  • 4.8.0-dev.20220618 - 2022-06-18
  • 4.8.0-dev.20220617 - 2022-06-17
  • 4.8.0-dev.20220616 - 2022-06-16
  • 4.8.0-dev.20220615 - 2022-06-15
  • 4.8.0-dev.20220614 - 2022-06-14
  • 4.8.0-dev.20220613 - 2022-06-13
  • 4.8.0-dev.20220612 - 2022-06-12
  • 4.8.0-dev.20220611 - 2022-06-11
  • 4.8.0-dev.20220610 - 2022-06-10
  • 4.8.0-dev.20220609 - 2022-06-09
  • 4.8.0-dev.20220608 - 2022-06-08
  • 4.8.0-dev.20220606 - 2022-06-06
  • 4.8.0-dev.20220605 - 2022-06-05
  • 4.8.0-dev.20220604 - 2022-06-04
  • 4.8.0-dev.20220603 - 2022-06-03
  • 4.8.0-dev.20220602 - 2022-06-02
  • 4.8.0-dev.20220601 - 2022-06-01
  • 4.8.0-dev.20220531 - 2022-05-31
  • 4.8.0-dev.20220530 - 2022-05-30
  • 4.8.0-dev.20220529 - 2022-05-29
  • 4.8.0-dev.20220528 - 2022-05-28
  • 4.8.0-dev.20220527 - 2022-05-27
  • 4.8.0-dev.20220526 - 2022-05-26
  • 4.8.0-dev.20220525 - 2022-05-25
  • 4.8.0-dev.20220524 - 2022-05-24
  • 4.8.0-dev.20220523 - 2022-05-23
  • 4.8.0-dev.20220522 - 2022-05-22
  • 4.8.0-dev.20220521 - 2022-05-21
  • 4.8.0-dev.20220520 - 2022-05-20
  • 4.8.0-dev.20220519 - 2022-05-19
  • 4.8.0-dev.20220518 - 2022-05-18
  • 4.8.0-dev.20220517 - 2022-05-17
  • 4.8.0-dev.20220516 - 2022-05-16
  • 4.8.0-dev.20220515 - 2022-05-15
  • 4.8.0-dev.20220514 - 2022-05-14
  • 4.8.0-dev.20220513 - 2022-05-13
  • 4.8.0-dev.20220512 - 2022-05-12
  • 4.8.0-dev.20220511 - 2022-05-11
  • 4.8.0-dev.20220510 - 2022-05-10
  • 4.8.0-dev.20220509 - 2022-05-09
  • 4.8.0-dev.20220508 - 2022-05-08
  • 4.8.0-dev.20220507 - 2022-05-07
  • 4.8.0-beta - 2022-06-21
  • 4.7.4 - 2022-06-17
  • 4.7.3 - 2022-06-03
  • 4.7.2 - 2022-05-24
  • 4.7.1-rc - 2022-05-11
  • 4.7.0-dev.20220506 - 2022-05-06
  • 4.7.0-dev.20220505 - 2022-05-05
  • 4.7.0-dev.20220504 - 2022-05-04
  • 4.7.0-dev.20220503 - 2022-05-03
  • 4.7.0-dev.20220502 - 2022-05-02
  • 4.7.0-dev.20220501 - 2022-05-01
  • 4.7.0-dev.20220430 - 2022-04-30
  • 4.7.0-dev.20220429 - 2022-04-29
  • 4.7.0-dev.20220428 - 2022-04-28
  • 4.7.0-dev.20220427 - 2022-04-27
  • 4.7.0-dev.20220426 - 2022-04-26
  • 4.7.0-dev.20220425 - 2022-04-25
  • 4.7.0-dev.20220424 - 2022-04-24
  • 4.7.0-dev.20220423 - 2022-04-23
  • 4.7.0-dev.20220422 - 2022-04-22
  • 4.7.0-dev.20220421 - 2022-04-21
  • 4.7.0-dev.20220420 - 2022-04-20
  • 4.7.0-dev.20220419 - 2022-04-19
  • 4.7.0-dev.20220418 - 2022-04-18
  • 4.7.0-dev.20220417 - 2022-04-17
  • 4.7.0-dev.20220416 - 2022-04-16
  • 4.7.0-dev.20220415 - 2022-04-15
  • 4.7.0-dev.20220408 - 2022-04-08
  • 4.7.0-dev.20220406 - 2022-04-06
  • 4.7.0-dev.20220405 - 2022-04-05
  • 4.7.0-dev.20220404 - 2022-04-04
  • 4.7.0-dev.20220403 - 2022-04-03
  • 4.7.0-dev.20220402 - 2022-04-02
  • 4.7.0-dev.20220401 - 2022-04-01
  • 4.7.0-dev.20220331 - 2022-03-31
  • 4.7.0-dev.20220330 - 2022-03-30
  • 4.7.0-dev.20220329 - 2022-03-29
  • 4.7.0-dev.20220328 - 2022-03-28
  • 4.7.0-dev.20220327 - 2022-03-27
  • 4.7.0-dev.20220326 - 2022-03-26
  • 4.7.0-dev.20220325 - 2022-03-25
  • 4.7.0-dev.20220323 - 2022-03-23
  • 4.7.0-dev.20220322 - 2022-03-22
  • 4.7.0-dev.20220321 - 2022-03-21
  • 4.7.0-dev.20220320 - 2022-03-20
  • 4.7.0-dev.20220319 - 2022-03-19
  • 4.7.0-dev.20220318 - 2022-03-18
  • 4.7.0-dev.20220317 - 2022-03-17
  • 4.7.0-dev.20220316 - 2022-03-16
  • 4.7.0-dev.20220315 - 2022-03-15
  • 4.7.0-dev.20220314 - 2022-03-14
  • 4.7.0-dev.20220313 - 2022-03-13
  • 4.7.0-dev.20220312 - 2022-03-12
  • 4.7.0-dev.20220311 - 2022-03-11
  • 4.7.0-dev.20220310 - 2022-03-10
  • 4.7.0-dev.20220309 - 2022-03-09
  • 4.7.0-dev.20220308 - 2022-03-08
  • 4.7.0-dev.20220307 - 2022-03-07
  • 4.7.0-dev.20220306 - 2022-03-06
  • 4.7.0-dev.20220305 - 2022-03-05
  • 4.7.0-dev.20220304 - 2022-03-04
  • 4.7.0-dev.20220303 - 2022-03-03
  • 4.7.0-dev.20220302 - 2022-03-02
  • 4.7.0-dev.20220301 - 2022-03-01
  • 4.7.0-dev.20220228 - 2022-02-28
  • 4.7.0-dev.20220227 - 2022-02-27
  • 4.7.0-dev.20220226 - 2022-02-26
  • 4.7.0-dev.20220225 - 2022-02-25
  • 4.7.0-dev.20220224 - 2022-02-24
  • 4.7.0-dev.20220223 - 2022-02-23
  • 4.7.0-dev.20220222 - 2022-02-22
  • 4.7.0-dev.20220221 - 2022-02-21
  • 4.7.0-dev.20220220 - 2022-02-20
  • 4.7.0-dev.20220219 - 2022-02-19
  • 4.7.0-dev.20220218 - 2022-02-18
  • 4.7.0-dev.20220217 - 2022-02-17
  • 4.7.0-dev.20220216 - 2022-02-16
  • 4.7.0-dev.20220215 - 2022-02-15
  • 4.7.0-beta - 2022-04-08
  • 4.6.4 - 2022-04-28
  • 4.6.3 - 2022-03-24
  • 4.6.2 - 2022-02-28
from typescript GitHub release notes
Package name: vm2
  • 3.9.19 - 2023-05-16

    Fixes

    cfa3fc6: Fix resolver issue.

  • 3.9.18 - 2023-05-15

    New Features

    dd81ff6: Add resolver API to create a shared resolver for multiple NodeVM instances allowing to cache scripts and increase sandbox startup times.
    4d662e3: Allow to pass a function to require.context which is called with the filename allowing to specify the context pre file. (Thanks to @ blakebyrnes)

    Fixes

    d88105f: Fix issue leaking host array through Proxy. (Thanks to @ arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc.)
    5206ba2: Fix issue with inspect being writeable. (Thanks to @ arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc.)

  • 3.9.17 - 2023-04-17

    Fixes

    4b22e87: Fix issue in catch block protection. (Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab.)
    f3db4de: Fix issue with host exceptions thrown in async functions leaking though the Promise.

  • 3.9.16 - 2023-04-11

    Fixes

    24c724d: Fix issue in transformer issue by reworking replacement logic. (Thanky to Xion (SeungHyun Lee) of KAIST Hacking Lab.)

  • 3.9.15 - 2023-04-06

    Fixes

    d534e57: Ensure no host objects are passed through to Error.prepareStackTrace. (Thanky to Seongil Wi from KAIST WSP Lab)

  • 3.9.14 - 2023-02-05

    Fixes

    fe3ab68: Support conditional export resolution with custom resolver (thanks to nick-klaviyo).

  • 3.9.13 - 2022-12-08

    Fixes

    1c365f7: Fix typescript error in index.d.ts.

  • 3.9.12 - 2022-11-29

    New Features

    81f625d: Add file system API.

    Fixes

    442feea: Fix parsing error with object pattern in catch clause.

  • 3.9.11 - 2022-08-28

    New Features

    58478a5: Add option require.strict to allow to load required modules in non strict mode.

    Fixes

    d9a7f3c: Security fix.

  • 3.9.10 - 2022-07-05

    New Features

    61d240f: Add uptime to process.

    Fixes

    e3e573f: Security fix.
    245da82: Fix inspect showProxy.

  • 3.9.9 - 2022-02-24
from vm2 GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"mathjax-full","from":"3.2.0","to":"3.2.2"},{"name":"typescript","from":"4.6.2","to":"4.9.5"},{"name":"vm2","from":"3.9.9","to":"3.9.19"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-2990237","issue_id":"SNYK-JS-VM2-2990237","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-3018201","issue_id":"SNYK-JS-VM2-3018201","priority_score":816,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.9","score":495},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Sandbox Bypass"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5415299","issue_id":"SNYK-JS-VM2-5415299","priority_score":816,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.9","score":495},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Sandbox Escape"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5422057","issue_id":"SNYK-JS-VM2-5422057","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Sandbox Escape"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-VM2-5426093","issue_id":"SNYK-JS-VM2-5426093","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Handling of Exceptional Conditions"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5537079","issue_id":"SNYK-JS-VM2-5537079","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5537100","issue_id":"SNYK-JS-VM2-5537100","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Sandbox Bypass"}],"prId":"39dd58c1-0c97-4aff-96d5-cb8668ffe8ed","prPublicId":"39dd58c1-0c97-4aff-96d5-cb8668ffe8ed","packageManager":"npm","priorityScoreList":[811,816,816,811,704,586,811],"projectPublicId":"d5036e32-bca5-4e36-b958-25c2631f3737","projectUrl":"https://app.snyk.io/org/samul-1/project/d5036e32-bca5-4e36-b958-25c2631f3737?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-VM2-2990237","SNYK-JS-VM2-3018201","SNYK-JS-VM2-5415299","SNYK-JS-VM2-5422057","SNYK-JS-VM2-5426093","SNYK-JS-VM2-5537079","SNYK-JS-VM2-5537100"],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2022-06-08T17:29:04.841Z"},"vulns":["SNYK-JS-VM2-2990237","SNYK-JS-VM2-3018201","SNYK-JS-VM2-5415299","SNYK-JS-VM2-5422057","SNYK-JS-VM2-5426093","SNYK-JS-VM2-5537079","SNYK-JS-VM2-5537100"]}'

@snyk-bot
fix: upgrade multiple dependencies with Snyk
ccf29f7 
Snyk has created this PR to upgrade:
  - mathjax-full from 3.2.0 to 3.2.2.
    See this package in npm: https://www.npmjs.com/package/mathjax-full
  - typescript from 4.6.2 to 4.9.5.
    See this package in npm: https://www.npmjs.com/package/typescript
  - vm2 from 3.9.9 to 3.9.19.
    See this package in npm: https://www.npmjs.com/package/vm2

See this project in Snyk:
https://app.snyk.io/org/samul-1/project/d5036e32-bca5-4e36-b958-25c2631f3737?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samul-1 @snyk-bot