[Snyk] Fix for 1 vulnerabilities

[qmutz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: libp2p

The new version differs by 250 commits.

• d6bb967 chore: release version v0.32.0
• d48005b chore: update contributors
• 67b97e3 chore: add migration guide to 0.32 (#957)
• 664ba2d chore: release version v0.32.0-rc.0
• 608564b chore: update contributors
• af723b3 fix: do not allow dial to large number of multiaddrs (#954)
• 13cf476 chore: update to new multiformats (#948)
• 39b0358 chore: use libp2p-tcp with types (#952)
• f7183e8 chore: release version v0.31.7
• b9988ad chore: update contributors
• b291bc0 fix: dialer leaking resources after stopping (#947)
• 755eb90 chore: update gossipsub dep for example
• afe0f85 chore: use node 16
• 50f7f32 chore: update branch
• 052aad4 chore: use node 15 in ci
• 2c4b567 chore: restructure pubsub tests
• 2a6a635 chore: remove ipfs-utils dep (#953)
• cd152f1 chore: add secure websockets example (#930)
• 2959794 chore: add more details on DHT configuration in CONFIGURATION.md (#951)
• 2068c84 chore: configuration format fix
• d8ba284 fix: chat example with new multiaddr (#946)
• 869d35d chore: release version v0.31.6
• d6540bf chore: update contributors
• 478963a feat: keychain rotate passphrase (#944)

See the full diff

Package name: libp2p-webrtc-star

The new version differs by 234 commits.

• 590c5fc chore: release version v0.23.0
• e88d63d chore: update contributors
• e4360f2 chore: update deps (#365)
• c629cc1 chore: release version v0.22.4
• d01cd4a chore: update contributors
• 441a34e chore: update deps and use socket.io server v4 (#362)
• 4822c40 chore: release version v0.22.3
• a046a72 chore: update contributors
• 1076b5b chore: update ipfs-utils dep (#341)
• f61c4a1 chore: remove unecessary async fn in test (#336)
• 2eacc5f chore: release version v0.22.2
• 4ccf5be chore: update contributors
• 4c82721 chore: add err code for unknown signal server on dial (#335)
• c780457 chore: release version v0.22.1
• 68b206f chore: update contributors
• 5b7b142 feat: support multiple listeners (#330)
• 53cbde6 chore: release version v0.22.0
• 35ea046 chore: update contributors
• 44f4232 chore: update deps (#329)
• f644b08 chore: release version v0.21.2
• b8b3fd0 chore: update contributors
• 8ef0358 chore(deps): bump err-code from 2.0.3 to 3.0.1 (#302)
• aa9f08a chore: release version v0.21.1
• 1f080b2 chore: update contributors

See the full diff

Package name: libp2p-websockets

The new version differs by 87 commits.

• e9189bb chore: release version v0.16.0
• c4005b3 chore: update contributors
• 27f6c41 chore: update deps ([email protected] breaks build 🚨 ipfs-inactive/js-libp2p-ipfs-browser#134)
• db343b2 chore: use node 16 in ci ([email protected] breaks build 🚨 ipfs-inactive/js-libp2p-ipfs-browser#133)
• 19e6f59 chore: release version v0.15.9
• 6e6a90c chore: update contributors
• 7bfdcb9 chore: update ipfs-utils dep (feat: add argument options ipfs-inactive/js-libp2p-ipfs-browser#132)
• 62a3276 chore: release version v0.15.8
• a996e16 chore: update contributors
• ee47570 fix: listener get addrs with wss ([email protected] breaks build 🚨 ipfs-inactive/js-libp2p-ipfs-browser#130)
• 237fa15 chore: release version v0.15.7
• 488847e chore: update contributors
• 01ad18e chore: update ipfs-utils dep (Update libp2p-webrtc-star to version 0.7.0 🚀 ipfs-inactive/js-libp2p-ipfs-browser#128)
• e929104 chore: release version v0.15.6
• 47c234d chore: update contributors
• 76a4809 chore: update multiaddr to uri (#125)
• 90f13e9 chore: release version v0.15.5
• c7522a3 chore: update contributors
• 67a95cb chore: update deps ([email protected] breaks build ⚠️ ipfs-inactive/js-libp2p-ipfs-browser#124)
• f1a5d21 chore: release version v0.15.4
• c5ddb0b chore: update contributors
• ff4b764 chore: update deps (Update libp2p-webrtc-star to version 0.6.0 🚀 ipfs-inactive/js-libp2p-ipfs-browser#123)
• d07d1b7 chore: release version v0.15.3
• 9934161 chore: update contributors

See the full diff

Package name: mafmt

The new version differs by 107 commits.

• 41dfe7c chore: release version v10.0.0
• c522889 chore: update contributors
• 2785b23 chore: upgrade multiaddr (Update aegir to version 7.0.0 🚀 ipfs-inactive/js-libp2p-ipfs-browser#81)
• 14d8cae Upgrade to GitHub-native Dependabot (Update aegir to version 6.0.0 🚀 ipfs-inactive/js-libp2p-ipfs-browser#80)
• e80cbe6 chore: release version v9.0.0
• 58c3f55 chore: update contributors
• d20caf5 chore: update deps and types (Update aegir to version 5.0.1 🚀 ipfs-inactive/js-libp2p-ipfs-browser#79)
• 5c177cd chore: add util dev dep
• 1d9532a chore(deps-dev): bump aegir from 31.0.4 to 32.0.2
• 2524351 chore(deps-dev): bump aegir from 30.3.0 to 31.0.3 ([email protected] breaks build 🚨 ipfs-inactive/js-libp2p-ipfs-browser#74)
• 6a8b586 chore: fix lint
• 175e166 chore(deps-dev): bump aegir from 29.2.2 to 30.3.0
• e1dedc8 chore: release version v8.0.4
• edc37b4 chore: update contributors
• ac7d10c feat: add QUIC support ([email protected] breaks build 🚨 ipfs-inactive/js-libp2p-ipfs-browser#70)
• 38a1f1f chore: release version v8.0.3
• ce180cc chore: update contributors
• c8430c1 fix: add webrtc direct with p2p as valid P2P multiaddr (Update aegir to version 4.0.0 🚀 ipfs-inactive/js-libp2p-ipfs-browser#71)
• f5beeee chore: release version v8.0.2
• a4ee2a9 chore: update contributors
• 10e131d chore: fix json format ts config (update dependencies ipfs-inactive/js-libp2p-ipfs-browser#68)
• 810466c chore(deps-dev): bump uint8arrays from 1.1.0 to 2.0.5 (Update libp2p-spdy to version 0.8.0 🚀 ipfs-inactive/js-libp2p-ipfs-browser#66)
• 161aa30 chore(deps-dev): bump aegir from 28.2.0 to 29.0.1 (Standardize README ipfs-inactive/js-libp2p-ipfs-browser#64)
• b02922e chore: release version v8.0.1

See the full diff

Package name: multiaddr

The new version differs by 168 commits.

• 5f1e3d6 chore: release version v10.0.1
• 665ece7 chore: update contributors
• 1296370 chore: remove .DS_Store file
• 19e6f14 chore: update uint8arrays (#206)
• 3014294 chore: release version v10.0.0
• 755d494 chore: update contributors
• 7e3aff9 chore: update to new multiformats (#200)
• 0b3bfe5 chore: release version v9.0.2
• 25a37c0 chore: update contributors
• 2201344 Support buffer with any byteOffset values instead of 0 (#201)
• a95b991 chore(deps-dev): bump sinon from 10.0.1 to 11.1.1 (#199)
• b58474f chore: release version v9.0.1
• cc9e03e chore: update contributors
• 54633f4 fix: types property (#195)
• 9067450 chore: update changelog with breaking change examples
• ac7da1b chore: release version v9.0.0
• 15f36bc chore: update contributors
• 7d284e4 feat: add types (Update this module to match latest libp2p (and its dependencies) ipfs-inactive/js-libp2p-ipfs-browser#189)
• aac0144 chore: release version v8.1.2
• d56cf70 chore: update contributors
• 0ac20ba fix: tell bundlers to return false for node dns module (#163)
• 1cc85e3 chore: make tsconfig valid json (Update aegir to the latest version 🚀 ipfs-inactive/js-libp2p-ipfs-browser#162)
• 967b845 chore(deps-dev): bump aegir from 28.2.0 to 29.0.1 (#158)
• 449d49b chore: release version v8.1.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)