Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade superagent from 7.1.1 to 7.1.6 #282

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented May 24, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade superagent from 7.1.1 to 7.1.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 5 versions ahead of your current version.

  • The recommended version was released on 2 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
696 Proof of Concept
Release notes
Package name: superagent
  • 7.1.6 - 2022-06-01
    • chore: remove old node test stuff fa573df
    • chore: linting, bump deps (closes #1727) a7a14d3
    • Merge pull request #1682 from lance/1681-parse-json-seq-as-text d7ca5dd
    • Merge pull request #1608 from jeremyruppel/ok-err-status 8f29f52
    • Merge branch 'master' into ok-err-status 59518b0
    • Merge pull request #1630 from jimmywarting/remove-old-hacks 5c8fb1e
    • Merge branch 'master' into remove-old-hacks 764412a
    • fix: modifies the data type detection logic for json-seq 42b5231
    • revert if statement 0228b9e
    • Merge branch 'master' into remove-old-hacks 2d686df
    • RIP ActiveXObject c1ea82b
    • Preserve custom err.status from ok callback 57f779e

    v7.1.5...v7.1.6

  • 7.1.5 - 2022-06-01
    • chore: delete github yml file e7a29cf
    • Revert "chore: fixed package husky dep issue" de5cc71
    • Merge pull request #1728 from perrin4869/fix/dev-dependencies 708fa6c
    • Optional dependencies are dev dependencies 9d34958

    v7.1.4...v7.1.5

  • 7.1.4 - 2022-05-31
    • chore: fixed package husky dep issue afeb2b7
    • chore: bump deps, added configs as files instead of in pkg a9f9942
    • Merge pull request #1726 from ltxhhz/master fa123f5
    • fixed #1680 , And fix the document path. 303afad
    • Merge branch 'visionmedia:master' into master 4611a6b
    • Merge pull request #1723 from yunnysunny/feat/htt2-fix 9ed2916
    • ci: fix makefile error b8bf5e8
    • ci: fix github action b0b1f9a
    • ci: all node version will try to test on http2 44f8ae0
    • ci: remove unnecessary test 5030b83
    • ci: fix the error of express-session used in http2 bb3dc7a
    • test: fix the wrong use of statuses b6da894
    • Merge pull request #1722 from yunnysunny/feature/test-on-low-node 34c9ff4
    • ci: use separate babel config for src and test 1330634
    • ci: fix missing require lint error 38bc6cb
    • ci: ignore eslint on old node 98f3b49
    • ci: only build test files on old node 641c0ce
    • ci: add test on node 10 2fa2541
    • chore: remove commitlint to optional dependencies dba8b08
    • ci: add test for node 10 5f27a06
    • chore: remove eslint to optional dependencies 418408f
    • 1.18 fixed css path c719f0c
    • Added Chinese document (添加中文文档) 713cbe0

    v7.1.3...v7.1.4

  • 7.1.3 - 2022-04-26
    • chore: fixed linting 2c18890
    • Merge pull request #1717 from yunnysunny/feature/github-action-improve bc25a87
    • chore: bump deps c4e8c6e
    • Merge pull request #1720 from bultkrantz/feature/custom-encoder 907d14b
    • use custom encoder if it is sent in option object 04fc158
    • Merge pull request #1716 from yunnysunny/feature/fix-node14-pipe 508b9fb
    • test: only enlarge the timeout for pipe test 16c88c5
    • ci: use secret env to hide the sauce config b2b330b
    • ci: trigger ci on push and pull request b83fae3
    • ci: add slow parameter to mocha ba56f87
    • ci: fix the upload test on Windows a7cee2b
    • ci: set timeout to 15000ms 718e063
    • test: add event listener for read stream 8b68b11
    • ci: add error event listener for pipe 5e9f9d7
    • v7.1.2 633e467
    • Merge pull request #1674 from yunnysunny/feature/fix-lookup 31e0160
    • Merge pull request #1677 from yunnysunny/feature/github-action2 451cdcd
    • fix: fixed the errors of eslint (#1675) 84206c7
    • fix: fixed the broken testcases (#1676) 1fd4f90
    • feat: add github action 2704155
    • test: fixed not trigger req in lookup testcase 356e525
    • fix: fixed the error of null value of lookup 07e748f
    • Merge branch 'visionmedia:master' into master 77b052a
    • feat: add lookup method 590b1ac

    v7.1.1...v7.1.3

  • 7.1.2 - 2022-03-29
  • 7.1.1 - 2022-01-19

    v7.1.0...v7.1.1

from superagent GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade superagent from 7.1.1 to 7.1.6.

See this package in npm:
superagent

See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/0ce13118-970c-4baf-b6e9-8af241d91f94?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

guardrails bot commented May 24, 2024

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity Details
Critical pkg:npm/superagent@7.1.6 upgrade to: > 7.1.6

More info on how to fix Vulnerable Libraries in JavaScript.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants