Skip to content

Bump pbkdf2 from 3.0.16 to 3.1.3 #596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from

Bump pbkdf2 from 3.0.16 to 3.1.3

30239b4
Select commit
Loading
Failed to load commit list.
Open

Bump pbkdf2 from 3.0.16 to 3.1.3 #596

Bump pbkdf2 from 3.0.16 to 3.1.3
30239b4
Select commit
Loading
Failed to load commit list.
Orca Security (US) / Orca Security - Vulnerabilities failed Jun 24, 2025 in 53s

Orca Security Scan Summary

Status Check Issues by priority
Failed Failed Vulnerabilities high 36   medium 1   low 0   info 0 View in Orca
☢️ The following Vulnerabilities (CVEs) have been detected
PACKAGE FILE CVE ID INSTALLED VERSION FIXED VERSION
critical fsevents ./yarn.lock CVE-2023-45311 1.2.4 1.2.11 View in code
critical growl ./yarn.lock CVE-2017-16042 1.8.1 1.10.0 View in code
critical ini ./yarn.lock CVE-2020-7788 1.3.5 1.3.6 View in code
critical jsonpointer ./yarn.lock CVE-2021-23807 4.0.1 5.0.0 View in code
critical lodash ./yarn.lock CVE-2019-10744 1.0.2 4.17.12 View in code
critical merge ./yarn.lock CVE-2020-28499 1.2.1 2.1.1 View in code
critical minimist ./yarn.lock CVE-2021-44906 1.2.5 1.2.6, 0.2.4 View in code
critical y18n ./yarn.lock CVE-2020-7774 3.2.1 3.2.2, 4.0.1, 5.0.5 View in code
high acorn ./yarn.lock GHSA-6chw-6frg-f759 5.6.2 5.7.4, 6.4.1, 7.1.1 View in code
high ansi-regex ./yarn.lock CVE-2021-3807 3.0.0 6.0.1, 5.0.1, 4.1.1, 3.0.1 View in code
high babel-traverse ./yarn.lock CVE-2023-45133 6.26.0 7.23.2 View in code
high cross-spawn ./yarn.lock CVE-2024-21538 5.1.0 7.0.5, 6.0.6 View in code
high css-what ./yarn.lock CVE-2022-21222 2.1.0 2.1.3 View in code
high debug ./yarn.lock CVE-2017-20165 2.0.0 3.1.0, 2.6.9 View in code
high diff ./yarn.lock GHSA-h6ch-v84p-w6p9 1.0.8 3.5.0 View in code
high dot-prop ./yarn.lock CVE-2020-8116 4.2.0 4.2.1, 5.1.1 View in code
high js-yaml ./yarn.lock GHSA-8j8c-7jfh-h6hx 3.6.1 3.13.1 View in code
high json5 ./yarn.lock CVE-2022-46175 0.5.1 2.2.2, 1.0.2 View in code
high lodash ./yarn.lock CVE-2021-23337 1.0.2 4.17.21 View in code
high minimatch ./yarn.lock CVE-2016-10540 2.0.10 3.0.2 View in code
high minimatch ./yarn.lock CVE-2022-3517 3.0.4 3.0.5 View in code
high minimatch ./yarn.lock NSWG-ECO-118 2.0.10 >=3.0.2 View in code
high ms ./yarn.lock CVE-2015-8315 0.6.2 >0.7.0 View in code
high nth-check ./yarn.lock CVE-2021-3803 1.0.1 2.0.1 View in code
high path-parse ./yarn.lock CVE-2021-23343 1.0.5 1.0.7 View in code
... ... ... ... ... ... ...

Annotations

Check failure on line 6307 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] fsevents (CVE-2023-45311) 

Code injection in fsevents
Severity: CRITICAL
CVSS3 Score: 9.8
Installed version: 1.2.4
Fixed version: 1.2.11

Check failure on line 6823 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] growl (CVE-2017-16042) 

nodejs-growl - Does not properly sanitize input before passing it to exec
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 1.8.1
Fixed version: 1.10.0

Check failure on line 7511 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] ini (CVE-2020-7788) 

nodejs-ini - Prototype pollution via malicious INI file
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 1.3.5
Fixed version: 1.3.6

Check failure on line 9343 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] jsonpointer (CVE-2021-23807) 

nodejs-jsonpointer - type confusion vulnerability can lead to a bypass of a previous prototype pollution fix when the pointer components are arrays
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 4.0.1
Fixed version: 5.0.0

Check failure on line 9993 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] lodash (CVE-2019-10744) 

nodejs-lodash - prototype pollution in defaultsDeep function leading to modifying properties
Severity: CRITICAL
CVSS2 Score: 6.4
CVSS3 Score: 9.1
Installed version: 1.0.2
Fixed version: 4.17.12

Check failure on line 10325 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] merge (CVE-2020-28499) 

Prototype Pollution in merge
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 1.2.1
Fixed version: 2.1.1

Check failure on line 10465 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] minimist (CVE-2021-44906) 

minimist - prototype pollution
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 1.2.5
Fixed version: 1.2.6, 0.2.4

Check failure on line 16319 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] y18n (CVE-2020-7774) 

nodejs-y18n - prototype pollution vulnerability
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 3.2.1
Fixed version: 3.2.2, 4.0.1, 5.0.5

Check failure on line 1301 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] acorn (GHSA-6chw-6frg-f759) 

Regular Expression Denial of Service in Acorn
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 5.6.2
Fixed version: 5.7.4, 6.4.1, 7.1.1

Check failure on line 1450 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] ansi-regex (CVE-2021-3807) 

nodejs-ansi-regex - Regular expression denial of service (ReDoS) matching ANSI escape codes
Severity: HIGH
CVSS2 Score: 7.8
CVSS3 Score: 7.5
Installed version: 3.0.0
Fixed version: 6.0.1, 5.0.1, 4.1.1, 3.0.1

Check failure on line 3056 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] babel-traverse (CVE-2023-45133) 

babel - arbitrary code execution
Severity: HIGH
CVSS3 Score: 8.8
Installed version: 6.26.0
Fixed version: 7.23.2

Check failure on line 4338 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] cross-spawn (CVE-2024-21538) 

cross-spawn - regular expression denial of service
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 5.1.0
Fixed version: 7.0.5, 6.0.6

Check failure on line 4487 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] css-what (CVE-2022-21222) 

css-what - ReDoS due to insecure regular expression
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 2.1.0
Fixed version: 2.1.3

Check failure on line 4703 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] debug (CVE-2017-20165) 

A vulnerability classified as problematic has been found in debug-js d ...
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 2.0.0
Fixed version: 3.1.0, 2.6.9

Check failure on line 4924 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] diff (GHSA-h6ch-v84p-w6p9) 

Regular Expression Denial of Service (ReDoS)
Severity: HIGH
Installed version: 1.0.8
Fixed version: 3.5.0

Check failure on line 5074 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] dot-prop (CVE-2020-8116) 

nodejs-dot-prop - prototype pollution
Severity: HIGH
CVSS2 Score: 7.5
CVSS3 Score: 7.3
Installed version: 4.2.0
Fixed version: 4.2.1, 5.1.1

Check failure on line 9144 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] js-yaml (GHSA-8j8c-7jfh-h6hx) 

Code Injection in js-yaml
Severity: HIGH
Installed version: 3.6.1
Fixed version: 3.13.1

Check failure on line 9329 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] json5 (CVE-2022-46175) 

json5 - Prototype Pollution in JSON5 via Parse Method
Severity: HIGH
CVSS3 Score: 8.8
Installed version: 0.5.1
Fixed version: 2.2.2, 1.0.2

Check failure on line 9993 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] lodash (CVE-2021-23337) 

nodejs-lodash - command injection via template
Severity: HIGH
CVSS2 Score: 6.5
CVSS3 Score: 7.2
Installed version: 1.0.2
Fixed version: 4.17.21

Check failure on line 10430 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[HIGH] minimatch (CVE-2016-10540) 

Minimatch is a minimal matching utility that works by converting glob  ...
Severity: HIGH
CVSS2 Score: 5
CVSS3 Score: 7.5
Installed version: 2.0.10
Fixed version: 3.0.2
View more details on Orca Security (US)