New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade libhoney from 1.0.0-beta.2 to 1.1.2 #14

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-9fc8dd61f4b4b4f0b552881abe4ba6c2

snyk-bot commented Sep 2, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/cloud-api/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) npm:superagent:20170807	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure npm:superagent:20181108	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: libhoney

The new version differs by 43 commits.

4cceb33 1.1.2
a05bd46 test on moar nodes and mention node >= 4 in README
a63ecef Upgrade superagent to remove vulnerability ([Snyk] Security upgrade electron from 1.4.15 to 16.0.10 #26)
7636bba 1.1.1
9d05866 Update README.md ([Snyk] Security upgrade googleapis from 9.0.0 to 49.0.0 #24)
94e4449 skip_cleanup: true
244e4e3 1.1.0
8f07497 additional transmission types ([Snyk] Security upgrade googleapis from 9.0.0 to 49.0.0 #23)
84ffd0a don't stringify objects in builder.addField ([Snyk] Security upgrade electron from 1.4.15 to 12.2.1 #21)
d303950 Add support for User-Agent additions ([Snyk] Security upgrade signalfx from 3.0.1 to 6.0.1 #19)
c6fd5dc Move `addDynamicField` in `express-dynamic-fields` example out of per-request middleware ([Snyk] Security upgrade less-cache from 0.21.0 to 0.24.0 #18)
f90a4a6 1.0.0-beta.10
07ab2ff use /1/batch/<dataset> endpoint ([Snyk] Fix for 1 vulnerabilities #16)
9c06dd5 1.0.0-beta.9
fdf579f Stop `stringify`ing JS objects now that we can unroll on the server ([Snyk] Fix for 13 vulnerabilities #15)
b7f48c2 Add jsdoc about `.timestamp` on JS docs, factor out validation step ([Snyk] Security upgrade sqlite3 from 3.1.8 to 4.0.0 #13)
bab3837 Add npm publish step to .travis.yml
d7fb07e Tweak .esdoc.json to turn on esdoc experimental
dcb42d5 Update jsdoc on Libhoney constructor, add esdoc generation to .travis ([Snyk] Security upgrade atom-package-manager from 1.1.1 to 2.5.0 #12)
7ab9b80 README tweak: link to npm repo, not fury SVG
c1dd672 Add .esdoc.json
1f714c0 Tweak Libhoney config comments
f3ee3e2 Update README per Honeycomb docs URL refactor
cf7461e 1.0.0-beta.8

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: packages/cloud-api/package.json to reduce vulnerabilities

ab5c175

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:superagent:20170807
- https://snyk.io/vuln/npm:superagent:20181108

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment