Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 6 vulnerabilities #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

issaShippo
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7
Remote Memory Exposure
SNYK-JS-BL-608877
Yes Proof of Concept
high severity 584/1000
Why? Has a fix available, CVSS 7.4
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852
Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
npm:hoek:20180212
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: deployd The new version differs by 18 commits.
  • 684b596 chore(release): 1.1.3
  • e351a03 chore: update and pin dependencies (#874)
  • df72ffe Doc: add maintainance warning on README (#872)
  • e838a3e Fix big numbers being parsed into integers when it wasn't safe to do so (#873)
  • ffea84b chore(release): 1.1.2 (#854)
  • c6d8fdb fix: don't overwrite http headers with defaults (#851)
  • dcf1b62 chore(release): 1.1.1 (#839)
  • 4435a57 fix(internal-resources): namespaced resources could not be moved/renamed into other namespaces (#837)
  • 93f4c0e fix(tests): improve a minor race condition in a test (#835)
  • c4397a5 Chore: Release 1.1.0 (#834)
  • aafd3fc Update readme with some best practices (#833)
  • 4d22465 Allow specifying resources in subdirectories/namespaces. (eg. namespace/hello) (#832)
  • 4331b3c fix(tests): run tests on random mongo port and update for new mocha/npm (#831)
  • fef4b14 Chore: Release 1.0.0 🎉 (#820)
  • 2093fff Chore: remove support for node 0.12 and some unused deps (#825)
  • 5fbaa1d Chore: remove `filed` as unused dependency (#821)
  • c9d0a91 refactor(*): remove dashboard and clientlib from deployd core module (#783)
  • 626d4ad refactor: remove dpd cli from deployd core module (#776)

See the full diff

Package name: request-promise The new version differs by 34 commits.
  • 9b533b0 Version 4.0.0
  • 796b317 docs: updated for v4 release
  • 6833954 chore: updated promise-core
  • 8aa5d1a docs: updated instructions for running request tests
  • e791f17 feat: better error message for missing peer dependency
  • 8c42fda feat: inform about dropped CLS support
  • 82ed81d docs: added change for the upcoming v4 release
  • 510e272 docs: listed changes for the upcoming v4 release
  • b963290 docs: grammar
  • 1cc3202 feat: full reimplementation using (at)request/promise-core
  • 56a6fa1 Merge pull request #118 from jmm/api-opt-defaults
  • 2b1c11b Add default opt values to API docs
  • 061a6ae chore: node v6 support
  • 364ec40 chore: improved formatting
  • 7a5522f fix: typo
  • ee171f9 Merge pull request #115 from EvanCarroll/master
  • c3bb0dc updated to better differentiate json/html forms because underlying request.pm is really bad at giving a sane error here.
  • 2854e04 Version 3.0.0
  • 32d988a fix: TransformError for transform that returns rejected Promise
  • 296b08d feat: apply transform to non-200 responses also in simple mode (issue #86)
  • 0cfa8f2 feat: introduced TransformError for failed transforms
  • d678f35 refactor: error attribute assignment
  • 2ad8792 feat: better StatusCodeError.message
  • dcd18ad v3 not yet released

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants