Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade rollbar from 2.24.1 to 2.25.0 #714

Merged
merged 1 commit into from Apr 19, 2022

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Apr 16, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: rollbar The new version differs by 20 commits.
  • 0b7a65e Release 2.25.0 (#1022)
  • 2b57b62 build(deps): bump moment from 2.29.1 to 2.29.2 (#1015)
  • 0cda533 build(deps): bump minimist from 1.2.5 to 1.2.6 (#1019)
  • b645d0a fix: refactor to use current (3.x) async package (#1018)
  • 31082d7 feat: support error cause (#1012)
  • a496f0a build(deps): bump minimist from 1.2.5 to 1.2.6 (#1009)
  • a591034 build(deps): bump lodash from 4.17.15 to 4.17.21 in /examples/angular2 (#1003)
  • c06feb5 build(deps): bump url-parse from 1.4.7 to 1.5.10 in /examples/angular2 (#996)
  • cddb131 build(deps): bump follow-redirects from 1.14.4 to 1.14.8 (#987)
  • af815c4 build(deps): bump follow-redirects in /examples/angular2 (#995)
  • 0398599 fix: add CSP listener on document, not window (#1007)
  • cd277ff don't fail when body is empty (#1005)
  • 6023d6d fix: fix LocalsSettings type (#1004)
  • 4bbe9fa Merge pull request #998 from ijsnow/update-uuid
  • 1936f98 Merge branch 'master' into update-uuid
  • fc88371 Revert "Prevent error when fetch response has empty body" (#1002)
  • ce37beb Improve payload type for configuration (#997)
  • e62a297 Merge pull request #1001 from yjukaku/prevent-error-on-empty-body-with-fetch
  • fdf7a7d Prevent error when fetch response has empty body
  • 4581d53 remove uuid dependency

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

馃 Prototype Pollution

@snyk-bot snyk-bot requested a review from kilchenmann as a code owner Apr 16, 2022
@kilchenmann kilchenmann merged commit 0e90296 into main Apr 19, 2022
13 checks passed
@kilchenmann kilchenmann deleted the snyk-fix-4924c13bf0d4a8ae1e4996bbdc7ccf30 branch Apr 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants