[Snyk] Fix for 1 vulnerabilities #730

snyk-bot · 2020-01-24T21:55:28Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/opencensus-nodejs/package.json
- packages/opencensus-nodejs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Command Injection SNYK-JS-CODECOV-543183	No	Proof of Concept

Commit messages

Package name: codecov

The new version differs by 21 commits.

fa631c3 v3.6.2
f429409 Merge pull request trace/exporters/ocagent: Retry logic check #164 from codecov/sanitize-gcov-options
2f4eff9 Sanitize gcov-args
9bde072 Merge pull request Adds metric name prefix override for [exporter-stackdriver] #151 from codecov/github-ci-1
b86eb31 Add workflow
a7014d2 Update README.md
597322c v3.6.1
4fc78f5 Merge pull request Fix export issue #146 from codecov/hotfix/semaphore
11347a9 Fix tests
4556aab Set semaphore service to just semaphore
2ed978c v3.6.0
024cced Merge pull request Fix up typos in source #135 from iansu/codebuild
24a0a76 Merge branch 'master' into codebuild
f628c33 Merge pull request Removes redundant range min/max from distributedValues #145 from fabiendem/semaphore-compat
0c57093 Rename semaphore v2 clearly in tests
5a5c489 Add retro-compatibility for Semaphore 1.x and maintain support for 2.x
a45a9b5 Revert "Updates Semaphore CI Service for 2.0 (fix: remove const enums #132)"
e2f6b81 Test improvements
3faacd4 Add support for AWS CodeBuild
8371836 Create CODE_OF_CONDUCT.md (Add Metrics APIs as per "metrics.proto" #133)
6167aa8 Updates Semaphore CI Service for 2.0 (fix: remove const enums #132)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…dejs/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CODECOV-543183

fix: packages/opencensus-nodejs/package.json & packages/opencensus-no…

ef75e4e

…dejs/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CODECOV-543183

snyk-bot requested review from draffensperger, hekike and mayurkale22 as code owners January 24, 2020 21:55

googlebot added the cla: yes label Jan 24, 2020

mayurkale22 approved these changes Feb 14, 2020

View reviewed changes

mayurkale22 merged commit 6ff5275 into master Feb 14, 2020

mayurkale22 deleted the snyk-fix-6d7e2494050510bb9accf3b7730e1f17 branch February 14, 2020 21:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities #730

[Snyk] Fix for 1 vulnerabilities #730

snyk-bot commented Jan 24, 2020

[Snyk] Fix for 1 vulnerabilities #730

[Snyk] Fix for 1 vulnerabilities #730

Conversation

snyk-bot commented Jan 24, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: