Skip to content

[Snyk] Security upgrade serverless from 1.65.0 to 1.70.0#40

Closed
snyk-bot wants to merge 2 commits intomasterfrom
snyk-fix-ccbed00e54afcf084ca1899ece2e69f2
Closed

[Snyk] Security upgrade serverless from 1.65.0 to 1.70.0#40
snyk-bot wants to merge 2 commits intomasterfrom
snyk-fix-ccbed00e54afcf084ca1899ece2e69f2

Conversation

@snyk-bot
Copy link
Copy Markdown
Contributor

@snyk-bot snyk-bot commented May 8, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

✨What is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 No Proof of Concept
Commit messages
Package name: serverless The new version differs by 124 commits.
  • a49f8d4 chore: Bump dependencies
  • 254ef96 chore: Release v1.70.0
  • 9c2becd test: Fix `node-fetch` customization after it's upgrade to v2
  • 6b3a789 fix(AWS Deploy): Fix generation of custom resource lambda zip
  • df50f4c chore: Upgrade 'standard-version' to v8
  • b62cb35 chore: Upgrade 'sinon' to v8
  • 6c78e4a chore: Upgrade 'nyc' to v15
  • 3a9a67b chore: Upgrade 'yargs-parser' to v18
  • aed5d0a chore: Upgrade 'semver-regex' to v2
  • 4b8a9e9 chore: Upgrade 'node-fetch' to v2
  • 868db04 chore: Upgrade 'https-proxy-agent' to v5
  • 16237b8 chore: Upgrade get-stdin to v6
  • e1092af refactor: Drop sentry reporting as it's not used
  • 763a9a3 chore: Bump dependencies
  • 843c909 chore: Upgrade 'ci-info' to v2
  • 3a80140 Add `includeBody` param for Lambda@edge (#7667)
  • e2ccc7c chore: Register 'AWS CloudFront' commit message scope
  • 7e1dd66 fix(AWS Stream): Fix handling of configuration properties (#7682)
  • 81953ef fix(AWS API Gateway): Ensure to update stage only for deployed API's
  • 2ad7bd3 test: Temporary debug patch for randomly failing test
  • 7b98936 docs: Template improvements
  • 654d1f3 docs: Configure new contribution guidelines
  • 744b59e docs: Prettify
  • 6154a82 docs: Update list of supported regions in dashboard (#7673)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot snyk-bot mentioned this pull request Mar 25, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot @antonbabenko