Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade twilio from 3.60.0 to 3.76.1 #34

Merged
merged 1 commit into from
Jun 28, 2022
Merged

[Snyk] Upgrade twilio from 3.60.0 to 3.76.1 #34

merged 1 commit into from
Jun 28, 2022

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented May 3, 2022

Snyk has created this PR to upgrade twilio from 3.60.0 to 3.76.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 25 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-04-06.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Improper Input Validation
SNYK-JS-URLPARSE-2407770		 405/1000
Why? CVSS 8.1		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 405/1000
Why? CVSS 8.1		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579155		 405/1000
Why? CVSS 8.1		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152		 405/1000
Why? CVSS 8.1		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147		 405/1000
Why? CVSS 8.1		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 405/1000
Why? CVSS 8.1		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 405/1000
Why? CVSS 8.1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		 405/1000
Why? CVSS 8.1		 Proof of Concept
Arbitrary File Write
SNYK-JS-NPMCLIARBORIST-1579181		 405/1000
Why? CVSS 8.1		 No Known Exploit
Arbitrary File Write
SNYK-JS-NPMCLIARBORIST-1579165		 405/1000
Why? CVSS 8.1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 405/1000
Why? CVSS 8.1		 No Known Exploit
Command Injection
SNYK-JS-LODASH-1040724		 405/1000
Why? CVSS 8.1		 Proof of Concept
Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 405/1000
Why? CVSS 8.1		 No Known Exploit
Prototype Pollution
SNYK-JS-ASYNC-2441827		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 405/1000
Why? CVSS 8.1		 Proof of Concept
Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697		 405/1000
Why? CVSS 8.1		 Proof of Concept
Authorization Bypass
SNYK-JS-URLPARSE-2407759		 405/1000
Why? CVSS 8.1		 Proof of Concept
Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 405/1000
Why? CVSS 8.1		 Proof of Concept
Open Redirect
SNYK-JS-URLPARSE-1533425		 405/1000
Why? CVSS 8.1		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-REDIS-1255645		 405/1000
Why? CVSS 8.1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 405/1000
Why? CVSS 8.1		 Proof of Concept
Command Injection
SNYK-JS-NPMCLIGIT-1536784		 405/1000
Why? CVSS 8.1		 No Known Exploit
HTTP Header Injection
SNYK-JS-NODEMAILER-1296415		 405/1000
Why? CVSS 8.1		 Proof of Concept
Information Exposure
SNYK-JS-NODEFETCH-2342118		 405/1000
Why? CVSS 8.1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 405/1000
Why? CVSS 8.1		 Proof of Concept
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088		 405/1000
Why? CVSS 8.1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSSWHAT-1298035		 405/1000
Why? CVSS 8.1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 405/1000
Why? CVSS 8.1		 No Known Exploit
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 405/1000
Why? CVSS 8.1		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: twilio
  • 3.76.1 - 2022-04-06

    Release Notes

    Api

    • Updated provider_sid visibility to private

    Verify

    • Verify List Attempts API summary endpoint added.
    • Update PII documentation for AccessTokens factor_friendly_name property.

    Voice

    • make annotation parameter from /Calls API private

    Docs

  • 3.76.0 - 2022-03-23

    Release Notes

    Library - Chore

    Api

    • Change stream url parameter to non optional
    • Add verify-totp and verify-whatsapp-conversations-business-initiated categories to usage_record API

    Chat

    • Added v3 Channel update endpoint to support Public to Private channel migration

    Flex

    • Private Beta release of the Interactions API to support the upcoming release of Flex Conversations at the end of Q1 2022.
    • Adding channel_configs object to Flex Configuration

    Media

    • Add max_duration param to PlayerStreamer

    Supersim

    • Remove Commands resource, use SmsCommands resource instead (breaking change)

    Taskrouter

    • Add limits to split_by_wait_time for Cumulative Statistics Endpoint

    Video

    • Change recording status_callback_method type from enum to http_method (breaking change)
    • Add status_callback and status_callback_method to composition
    • Add status_callback and status_callback_method to recording

    Docs

  • 3.75.1 - 2022-03-09

    Release Notes

    Library - Chore

    Api

    • Add optional boolean include_soft_deleted parameter to retrieve soft deleted recordings

    Chat

    • Add X-Twilio-Wehook-Enabled header to delete method in UserChannel resource

    Numbers

    • Expose failure_reason in the Supporting Documents resources

    Verify

    • Add optional metadata parameter to "verify challenge" endpoint, so the SDK/App can attach relevant information from the device when responding to challenges.
    • remove beta feature flag to list atempt api operations.
    • Add ttl and date_created properties to AccessTokens.

    Docs

  • 3.75.0 - 2022-02-23

    Release Notes

    Library - Chore

    Api

    • Add uri to stream resource
    • Add A2P Registration Fee category (a2p-registration-fee) to usage records
    • Detected a bug and removed optional boolean include_soft_deleted parameter to retrieve soft deleted recordings. (breaking change)
    • Add optional boolean include_soft_deleted parameter to retrieve soft deleted recordings.

    Numbers

    • Unrevert valid_until and sort filter params added to List Bundles resource
    • Revert valid_until and sort filter params added to List Bundles resource
    • Update sorting params added to List Bundles resource in the previous release

    Preview

    • Moved web_channels from preview to beta under flex-api (breaking change)

    Taskrouter

    • Add ETag as Response Header to List of Task, Reservation & Worker

    Verify

    • Remove outdated documentation commentary to contact sales. Product is already in public beta.
    • Add optional metadata to factors.

    Twiml

    • Add new Polly Neural voices

    Docs

  • 3.74.0 - 2022-02-09

    Release Notes

    Library - Chore

    Library - Feature

    • PR #733: support required resource properties with names containing periods. Thanks to @ Hunga1!

    Api

    • Add stream resource

    Conversations

    • Fixed DELETE request to accept "sid_like" params in Address Configuration resources (breaking change)
    • Expose Address Configuration resource for sms and whatsapp

    Fax

    • Removed deprecated Programmable Fax Create and Update methods (breaking change)

    Insights

    • Rename call_state to call_status and remove whisper in conference participant summary (breaking change)

    Numbers

    • Expose valid_until filters as part of provisionally-approved compliance feature on the List Bundles resource

    Supersim

    • Fix typo in Fleet resource docs
    • Updated documentation for the Fleet resource indicating that fields related to commands have been deprecated and to use sms_command fields instead.
    • Add support for setting and reading ip_commands_url and ip_commands_method on Fleets resource for helper libraries
    • Changed sim property in requests to create an SMS Command made to the /SmsCommands to accept SIM UniqueNames in addition to SIDs

    Verify

    • Update list attempts API to include new filters and response fields.

    Docs

  • 3.73.1 - 2022-01-26

    Release Notes

    Library - Chore

    Insights

    • Added new endpoint to fetch Conference Participant Summary
    • Added new endpoint to fetch Conference Summary

    Messaging

    • Add government_entity parameter to brand apis

    Verify

    • Add Access Token fetch endpoint to retrieve a previously created token.
    • Add Access Token payload to the Access Token creation endpoint, including a unique Sid, so it's addressable while it's TTL is valid.

    Docs

  • 3.73.0 - 2022-01-12

    Release Notes

    Library - Chore

    Library - Feature

    Library - Fix

    • PR #716: done callback execution when each method limit reached. Thanks to @ Hunga1!

    Api

    • Make fixed time scheduling parameters public (breaking change)

    Messaging

    • Add update brand registration API

    Numbers

    • Add API endpoint for List Bundle Copies resource

    Video

    • Enable external storage for all customers

    Docs

  • 3.72.0 - 2021-12-15

    Release Notes

    Library - Feature

    Api

    • Add optional boolean send_as_mms parameter to the create action of Message resource (breaking change)
    • Change team ownership for call delete

    Conversations

    • Change wording for Service Webhook Configuration resource fields

    Insights

    • Added new APIs for updating and getting voice insights flags by accountSid.

    Media

    • Add max_duration param to MediaProcessor

    Video

    • Add EmptyRoomTimeout and UnusedRoomTimeout properties to a room; add corresponding parameters to room creation

    Voice

    • Add endpoint to delete archived Calls

    Docs

  • 3.71.3 - 2021-12-01

    Release Notes

    Conversations

    • Add Service Webhook Configuration resource

    Flex

    • Adding flex_insights_drilldown and flex_url objects to Flex Configuration

    Messaging

    • Update us_app_to_person endpoints to remove beta feature flag based access

    Supersim

    • Add IP Commands resource

    Verify

    • Add optional factor_friendly_name parameter to the create access token endpoint.

    Video

    • Add maxParticipantDuration param to Rooms

    Twiml

    • Unrevert Add supported SSML children to <emphasis>, <lang>, <p>, <prosody>, <s>, and <w>.
    • Revert Add supported SSML children to <emphasis>, <lang>, <p>, <prosody>, <s>, and <w>.

    Docs

  • 3.71.2 - 2021-11-17

    Release Notes

    Library - Fix

    Frontline

    • Added is_available to User's resource

    Messaging

    • Added GET vetting API

    Verify

    • Add WHATSAPP to the attempts API.
    • Allow to update config.notification_platform from none to apn or fcm and viceversa for Verify Push
    • Add none as a valid config.notification_platform value for Verify Push

    Twiml

    • Add supported SSML children to <emphasis>, <lang>, <p>, <prosody>, <s>, and <w>.

    Docs

  • 3.71.1 - 2021-11-03
  • 3.70.0 - 2021-10-18
  • 3.69.0 - 2021-10-06
  • 3.68.0 - 2021-09-22
  • 3.67.2 - 2021-09-08
  • 3.67.1 - 2021-08-25
  • 3.67.0 - 2021-08-11
  • 3.66.1 - 2021-07-28
  • 3.66.0 - 2021-07-14
  • 3.65.0 - 2021-06-30
  • 3.64.0 - 2021-06-16
  • 3.63.1 - 2021-06-02
  • 3.63.0 - 2021-05-19
  • 3.62.0 - 2021-05-05
  • 3.61.0 - 2021-04-21
  • 3.60.0 - 2021-04-07
from twilio GitHub release notes
Commit messages
Package name: twilio

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@brucebentley brucebentley merged commit 031997d into main Jun 28, 2022
@brucebentley brucebentley deleted the snyk-upgrade-410814d58bc9bf393e79a0df9a16f87a branch June 28, 2022 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@snyk-bot @brucebentley