Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #4282

Closed
wants to merge 1 commit into from
Closed

[Snyk] Fix for 1 vulnerabilities #4282

wants to merge 1 commit into from

Conversation

drmikebio
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/fixtures/qs-package/node_modules/snyk/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: debug The new version differs by 43 commits.

See the full diff

Package name: snyk-config The new version differs by 23 commits.
  • 67e3d88 Merge pull request #24 from snyk/feat/update-deps
  • dfef9d8 Merge pull request #23 from snyk/chore/travis-moar-updates
  • 091fc5e feat: update deps
  • c75676b chore: further updates to travis settings
  • cac6d11 Merge pull request #22 from snyk/chore/no-0.12
  • 51db166 chore: remove 0.12 from travis test matrix
  • 6284514 Merge pull request #21 from snyk/feat/lowercase-boolean-env-vars
  • ef8695d feat: coerce lowercase booleans in env to booleans
  • 57fe0d4 Merge pull request chore: bump lodash version #20 from snyk/docs/secret
  • 21b1a61 docs: update with secret config, fix typos
  • c7a4925 Merge pull request #19 from snyk/feat/env-var-substitution
  • de67822 feat: env var substition in config values
  • ace3a6e Merge pull request #15 from snyk/chore/semantic-release
  • df6de45 chore: semantic-release bump
  • 0a269c3 Merge pull request Include devDependencies in default 'test' #14 from snyk/fix/default-secrets-file
  • e02b13f fix: use default secrets file
  • 8c11c0b Merge pull request #11 from snyk/feat/secrets
  • a2321d6 feat: allow optional secret config
  • 2ccf6ef Merge pull request #13 from snyk/test/node-012-4
  • bde3010 test: node 0.12 and node 4
  • f79da88 Merge pull request #12 from snyk/chore/release
  • fd1d754 chore: semantic release only
  • afcac5a test: node 6 on travis

See the full diff

Package name: snyk-module The new version differs by 13 commits.
  • a556e20 Merge pull request #11 from snyk/fix/update-debug
  • 8b9c239 Merge pull request #10 from snyk/chore/travis-update
  • c550941 fix: update debug dep version
  • 188e590 chore: update travis settings
  • c9ba8ba Merge pull request #9 from snyk/fix/no-npm-validation
  • 8a912da fix: remove npm package name validation
  • f3b1a90 Merge pull request #8 from Snyk/feat/maven-support
  • 7994393 feat: added a test, removed debug message
  • 38179f5 feat: add maven support, as part of SC-2587
  • acc1957 chore: travis test with node 6 instead of 4
  • 626cc95 Merge pull request #7 from Snyk/develop
  • 7ff043d Merge pull request #6 from Snyk/fix/fix-git-username
  • d24cdaf fix: test explicity for gh and http urls

See the full diff

Package name: snyk-policy The new version differs by 36 commits.
  • 3129361 Merge pull request #22 from snyk/fix/update-deps
  • 813576f feat: update deps
  • fc9de9d Merge pull request #21 from snyk/chore/travis
  • bbb153d chore: travis settings update
  • dfd2116 Merge pull request chore: bump lodash version #20 from snyk/fix/pin-email-validator
  • 1694b5c feat: upgrade email-validator
  • cd1f2a0 Merge pull request #19 from dominykas/fix/date-tojson
  • 3ed557b fix: convert YAML automatically created date into a string
  • 6c55e32 Merge pull request saving snyk as a devdependency #18 from snyk/fix/allow-patch-policy-null
  • 83963ab fix: handle patch policies with no body
  • fc62159 Merge pull request #17 from snyk/feat/path-patched-issues
  • ab4c5cd feat: return path for patched issues
  • c4abf68 Merge pull request #16 from snyk/feat/return-ignore-path
  • a73df08 feat: return path for ignored issues
  • d3897e9 Merge pull request #15 from snyk/fix/policy-disregardIfFixable
  • 0f3d883 fix: use isUpgradable, isPatchable booleans for disregardIfFixable
  • d275ea7 Merge pull request Include devDependencies in default 'test' #14 from snyk/chore/fetch-tags-semantic-release
  • fa12f9a chore: fetch tags before semantic-release
  • ab4e18a Merge pull request #13 from snyk/feat/policy-new-ignore-rules
  • 84a22f2 feat: validate ignoredBy.email
  • 6f06ccd feat: validate reasonType when adding ignore rule
  • 21452c7 feat: new ignore property disregardIfFixable
  • b32106f Merge pull request #10 from snyk/chore/travis-node-versions
  • 919caff chore: travis settings update

See the full diff

Package name: snyk-resolve The new version differs by 6 commits.
  • f8bf2d9 Merge pull request #5 from snyk/fix/update-debug
  • 35e2f56 Merge pull request #4 from snyk/chore/travis
  • 2eb7ce7 fix: update debug dep version
  • 3cac7e3 chore: update travis settings
  • 4bd3afb chore: travis test with node 6 instead of 5
  • 9b2f89e docs: fix typo in sync readme

See the full diff

Package name: snyk-resolve-deps The new version differs by 10 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: test/fixtures/qs-package/node_modules/snyk/package.json to reduc…
ccc7276 
…e vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
@drmikebio drmikebio requested review from a team as code owners January 9, 2023 16:48
@github-actions
Copy link
Contributor

github-actions bot commented Jan 9, 2023

Warnings
⚠️

"fix: test/fixtures/qs-package/node_modules/snyk/package.json to reduce vulnerabilities" is too long. Keep the first line of your commit message under 72 characters.

Generated by 🚫 dangerJS against ccc7276

@darscan
Copy link
Contributor

darscan commented Jan 20, 2023

Test fixture

@darscan darscan closed this Jan 20, 2023
@darscan darscan deleted the snyk-fix-8be3b25a458d12bc08d91b853e032aa4 branch January 20, 2023 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darscan darscan Awaiting requested review from darscan darscan was automatically assigned from snyk/snyk-open-source

@Jdunsby Jdunsby Awaiting requested review from Jdunsby Jdunsby was automatically assigned from snyk/snyk-open-source

@JamesPatrickGill JamesPatrickGill Awaiting requested review from JamesPatrickGill JamesPatrickGill was automatically assigned from snyk/snyk-open-source

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@drmikebio @darscan @snyk-bot