Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade request from 2.53.0 to 2.76.0 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade request from 2.53.0 to 2.76.0 #8

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Sep 5, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 671/1000
Why? Recently disclosed, Has a fix available, CVSS 7.7		 Remote Memory Exposure
SNYK-JS-BL-608877		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: request The new version differs by 250 commits.
  • 7e87386 Update changelog
  • a29f1f8 2.76.0
  • fae254e Merge pull request #2424 from zertosh/remove-bl
  • 0d27170 Handle buffers directly instead of using "bl"
  • 8c04a23 Merge pull request #2415 from mscdex/tests-timeout-enable-travis
  • 995cc31 Merge pull request #2431 from mscdex/timeouts-accuracy
  • 3804428 Don't end response early in tests/test-pipes
  • 95b743f Use random ports for servers used in tests
  • f55c520 Re-enable tests/test-timeout on Travis
  • 285d49d Perform stricter timeout value validation
  • e759a76 Merge pull request #2428 from request/greenkeeper-qs-6.3.0
  • cb8c1f6 Merge pull request #2420 from duereg/master
  • bb8e899 Merge pull request #2426 from zertosh/remove-isfunction
  • a04f926 Merge pull request #2425 from zertosh/simplify-defermethod
  • c343ce9 chore(package): update qs to version 6.3.0
  • 092e1e6 Remove "isFunction" helper in favor of "typeof" check
  • 6af6261 Simplify "defer" helper creation
  • 73b1e56 Merge pull request #2402 from request/greenkeeper-form-data-2.1.1
  • bf8b0f7 change .on to .once, remove possible memory leaks
  • 1ef4075 Make timeouts more accurate
  • 74e9813 Do not pass timeout to http.request()
  • edf2943 chore(package): update form-data to version 2.1.1
  • 90cf8c7 Merge pull request #2393 from request/greenkeeper-form-data-2.1.0
  • e28fe83 chore(package): update form-data to version 2.1.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
ef68475 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BL-608877
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot