Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #74

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #74

wants to merge 1 commit into from

Conversation

SibuStephen
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-QS-3153490		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: googleapis The new version differs by 210 commits.

See the full diff

Package name: pushbullet The new version differs by 15 commits.
  • 9673812 Update version to 2.0.0
  • 4db84de Update dependencies
  • e75096a Add support for SMS, clipboard and dismissal
  • ca8affe Refactor into smaller files
  • 9a922e4 Add chats functions
  • f0fd2c8 Default subscriptions to active only
  • a4ed375 Default devices to active only
  • 99151b9 Add `un/muteSubscription` functions
  • 9c3649e Add `updateDevice`, change `createDevice`
  • a2dc951 Update push functions
  • dc0137e Remove Contacts functions
  • 08a9171 Use `Access-Token` header for authentication
  • 9a54a8f Add `deleteAllPushes` function
  • 8ff8f34 Remove support for deprecated push types
  • 3f6092a Document pushing to all devices

See the full diff

Package name: request The new version differs by 250 commits.
  • fa46be4 Update changelog
  • d17b582 2.73.0
  • 290111d Merge pull request #2240 from zarenner/users/zarenner/removeConnectionErrorHandler
  • 4f0f9f1 Merge pull request #2251 from request/greenkeeper-tape-4.6.0
  • 7d823e4 Merge pull request #2225 from ArtskydJ/patch-1
  • 6dfb447 chore(package): update tape to version 4.6.0
  • 2e9aef3 Merge pull request #2203 from request/greenkeeper-browserify-13.0.1
  • fba822f chore(package): update browserify to version 13.0.1
  • e0be8e5 Merge pull request #2275 from request/greenkeeper-karma-1.1.1
  • 41c6666 Merge pull request #2204 from simov/codecov-yml
  • 7513bce chore(package): update karma to version 1.1.1
  • bf86f17 Remove connectionErrorHandler to fix feat(zigbee2mqtt): Add z2m ui link in Setup page聽GladysAssistant/Gladys#1903
  • fcab069 Remove extraneous bracket
  • 1b19c88 Merge pull request #2212 from nazieb/master
  • 3cfbece Doc: Fix link to http.IncomingMessage
  • b7de3a8 Add codecov.yml and disable PR comments
  • 8add02c Merge pull request #2208 from simov/form-data-null
  • dd3fad0 Update to form-data RC4 and pass null values to it
  • 11a1c72 Merge pull request #2207 from simov/move-aws4
  • 70cafab Move aws4 require statement to the top
  • 256268f Merge pull request #2199 from request/greenkeeper-karma-coverage-1.0.0
  • e269194 Merge branch 'master' into greenkeeper-karma-coverage-1.0.0
  • f6027e9 Merge pull request #2206 from request/greenkeeper-qs-6.2.0
  • aff937a chore(package): update qs to version 6.2.0

See the full diff

Package name: sails The new version differs by 250 commits.
  • 6d775fc 0.12.12
  • b21974a 0.12.12-3
  • b3d8fd8 Ditch Lodash chaining in blueprints hook.
  • 18fb8a0 0.12.12-2
  • bdcce2f Update changelog
  • b13c078 Crank up that saltiness -- thanks @ Plazmaz! (Note: This only affects apps which explicitly do not provide their own session secret. In production, this is always accompanied by a warning message regardless.)
  • 8c7234d Use @ sailshq/express
  • 29f983d Bump skipper version
  • 0d0f58f Remove Waterline dependency, and set sails-hook-orm dep back to 1.0.9.
  • db68dd6 prerelease with waterline update
  • 0ce0d86 0.12.11
  • 0f938d8 Update CHANGELOG.md.
  • 0cf841a 0.12.11-1
  • 5232d6a Merge pull request #3902 from Hiro-Nakamura/0.12
  • 7129304 fix mis typed variable names in badLocalDependency()
  • 31da115 Add 0.12.11 to changelog
  • 6e029ed 0.12.11-0
  • 4bfa025 pesky little bugger
  • ea842a3 lodash->sailshq/lodash to pick up the _.isFunction() I backported from JDs patch in Lodash 4. (see https://github.com/isFunction() fails on async function聽lodash/lodash#2768)
  • e5ae9ba Bump lodash version in package.json.
  • d37ee13 Remove individual per-method lodash deps (this is already done on v1.0, just backportin')
  • 223567c rebase https://github.com/balderdashy/sails/commit/aa4594fa21259b3a7482ae85ef5358c724c41b95
  • ec6be74 0.12.10
  • c97014f Bump s-h-sockets SVR to avoid relying on a prerelease build

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
a5b6c84 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-3153490
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@SibuStephen @snyk-bot