Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #65

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #65

wants to merge 1 commit into from

Conversation

saurabharch
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 185 commits.
  • 5c8095e Releasing 0.16.1
  • 982183c Updating changelog
  • fa58223 Merge pull request #828 from mzabriskie/feature/return-last-request-in-redirects
  • a18f039 Merge pull request #829 from jcready/patch-3
  • df6b46c Add caret
  • 04982a2 Update follow-redirects dependency
  • 19644ba Adding documentation for Buffer data
  • 1883344 support node buffers less than 8192 bytes (#773)
  • bbfbeff Minor grammar/line length changes (#547)
  • a784774 Adding comment about header names (#778)
  • 88cc84c Adding documentation for response.request
  • 84d9a41 Adding code to assign the last request to axios response
  • e5beab0 Adding test checking the request in axios response is the last in a redirect
  • 08eb985 Merge pull request #818 from carlosromel/patch-1
  • 21b43ed Merge pull request #826 from mzabriskie/github-templates
  • 34b63f8 Adding additional instruction line
  • bb57daa Adding templates for issues and pull requests
  • 23c4dfc Update README.md
  • a8dab57 Merge pull request #741 from model3volution/Update/readme
  • 19b7948 Releasing 0.16.0
  • e6ffc52 Updating Upgrage Guide
  • 8d675bb Merge branch 'master' of github.com:mzabriskie/axios
  • 5b904d5 Updating changelog
  • efc1f11 Merge pull request #781 from TomyJaya/TomyJaya-patch-1

See the full diff

Package name: connect-session-sequelize The new version differs by 19 commits.

See the full diff

Package name: github The new version differs by 250 commits.
  • 1667120 fix(package): update follow-redirects to version 1.2.6
  • 309e66e docs(README): fixlink to promise example (#651)
  • 072a53f fix: routes.json validation for project cards and columns
  • 8973c5e test: project cards
  • 9110ae1 chore(package): @ octokit/fixtures@^5.0.0
  • be1d098 fix: TypeScript/Flow definitions
  • 733f63e chore(package): update @ octokit/fixtures to version 4.1.0
  • 4ce5ad7 test: examples
  • 2c4bdd6 docs(examples): adapt for standard and testing
  • ea9b23a docs(README): set `EXAMPLES_GITHUB_TOKEN` for testing
  • f839777 chore(gitignore): .env
  • 4870f1c chore(package): ignore nyc coverage in examples
  • c130ca9 chore(package): dotenv, glob, proxyquire
  • 03c03f7 refactor: move defines from `routes.json` into separate `definitions.json` file
  • 72bff1e chore: remove unused `Util.isFalse()`
  • d8a2903 refactor: remove `Util.isTrue`
  • db4ecd1 chore: replace `Util.toCamelCase` with `lodash/camelCase`
  • 42d4c35 chore(package): lodash
  • 59887ad chore: remove unused `upper` argument from `Util.toCamelCase`
  • 29d7ead chore: remove unused Util.escapeRegExp method
  • b646d53 chore: remove obsolete doc/apidoc.js file
  • cf91047 chore(package): generate flow/typescript definition files before releasing
  • a6ec889 refactor: move scripts from `lib/` to `scripts/` folder
  • aff85ff chore(gitignore): lib/index.d.ts, lib/index.js.flow

See the full diff

Package name: gulp-eslint The new version differs by 86 commits.

See the full diff

Package name: gulp-livereload The new version differs by 11 commits.

See the full diff

Package name: gulp-mocha The new version differs by 41 commits.

See the full diff

Package name: gulp-sourcemaps The new version differs by 2 commits.
  • 7b5e269 prep v2.0.0 release
  • 4e689ec BREAKING CHANGE is due to strip-bom 3.X. Marking 2.0.0-beta 'work in progress branch'. This will be the new master branch.

See the full diff

Package name: sequelize The new version differs by 250 commits.
  • 0a9b8a6 5.1.0
  • 6d84ced docs: fix styling issue with long comments
  • cf5aeea chore: v5 release (#10544)
  • 1275de0 docs: remove extra entries
  • d6d9d81 5.0.0-beta.17
  • bc6c133 docs: v5.0.0-beta.17
  • 4478d74 chore: strict linting for code and jsdocs (#10535)
  • f862e6b fix(util): improve performance of classToInvokable (#10534)
  • a26193a chore: enforce stricter linting (#10532)
  • 786b19b fix(build): default null for multiple primary keys
  • ae7d4b9 feat: expose Sequelize.BaseError
  • e03a537 fix(tests): missing clock instance
  • d7241f7 fix(tests): path for instance tests
  • 69b85c3 refactor: instance tests
  • 0c68590 feat(sqlite/query-generator): support restart identity for truncate-table (#10522)
  • 3cd3891 refactor(data-types): move to classes (#10495)
  • 1b4a7bf fix(association): use minimal select for hasAssociation (#10529)
  • 7ccbb1e fix(query-interface): reject with error for describeTable (#10528)
  • 454cf48 fix(model): throw for invalid include type (#10527)
  • 0b5aa71 fix(types): allow specifying additional options for db.query and add missing retry (#10512)
  • 45648dd docs(legacy): fix N:M example (#10509)
  • 10c34e3 fix(query): don't prepare options & sql for every retry (#10498)
  • e5c0d78 feat: upgrade to tedious@6.0.0 (#10494)
  • e0fe772 build: update dependencies

See the full diff

Package name: socket.io The new version differs by 77 commits.
  • db831a3 [chore] Release 2.1.0
  • ac945d1 [feat] Add support for dynamic namespaces (#3195)
  • ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. (#2895)
  • 1f1d64b [fix] Include the protocol in the origins check (#3198)
  • f4fc517 [fix] Properly emit 'connect' when using a custom namespace (#3197)
  • be61ba0 [docs] Add link to a Dart client implementation (#2940)
  • c0c79f0 [feat] Add support for dynamic namespaces (#3187)
  • dea5214 [chore] Bump superagent and supertest versions (#3186)
  • b1941d5 [chore] Bump engine.io to version 3.2.0
  • a23007a [docs] Update license year (#3153)
  • f48a06c [feat] Add a 'binary' flag (#3185)
  • 0539a2c [test] Update travis configuration
  • c06ac07 [docs] Fix typo (#3157)
  • 52b0960 [chore] Bump debug to version 3.1.0
  • 1c108a3 [chore] Release 2.0.4
  • f333479 [test] Use npm scripts instead of gulp (#3078)
  • 3f61165 [docs] Fix a grammar mistake in the API docs (#3076)
  • e26b71c [docs] Fix typo in API docs (#3066)
  • 3386e15 [docs] Actually prevent input from having injected markup in chat example (#2987)
  • 3684d59 [docs] Use path.join instead of concatenating paths (#3014)
  • dd69abb [fix] Reset rooms object before broadcasting from namespace (#3039)
  • 1f0e64a [fix] Do not throw when receiving an unhandled error packet (#3038)
  • 9d170a7 [docs] Add io.emit in the cheat sheet (#2992)
  • 7199d1b [docs] Fix misnamed 'Object.keys' in API docs (#2979)

See the full diff

Package name: socket.io-client The new version differs by 44 commits.
  • 3eb047f [chore] Release 2.1.0
  • afb952d [docs] Add a note about reconnecting after a server-side disconnection
  • 74893d5 [feat] Add a 'binary' flag (#1194)
  • 9701611 [chore] Bump engine.io-client to version 3.2.0 (#1192)
  • 3d8f24e [test] Update travis configuration
  • e27f38b [chore] Restore unminified distribution files (#1191)
  • bb743c4 [docs] Document connected and disconnected socket properties (#1155)
  • f31837f [chore] Bump debug to version 3.1.0
  • ebb0596 [chore] Release 2.0.4
  • 57cee21 [test] Remove IE6 and IE7 tests (#1164)
  • c58ecfc [docs] Add code examples for registered events (#1139)
  • e9ebe36 [docs] Add an example with ES6 import in the README (#1138)
  • 19f2b19 [chore] Release 2.0.3
  • 83fedf5 [docs] Add explicit documentation for websocket transport (#1128)
  • c0da119 [docs] Update documentation (#1124)
  • c3c0270 [chore] Release 2.0.2
  • d864486 [chore] Bump debug to version 2.6.8 (#1123)
  • 214a57f [test] Launch browser tests on localhost by default (#1122)
  • 8091591 [fix] Do not update the opts.query reference (#1121)
  • 4f71bd2 [chore] Release 2.0.1
  • d30914d [chore] Release 2.0.0
  • 9e7b543 [chore] Bump engine.io to version 3.1.0 (#1109)
  • 442587e [chore] Bump dev dependencies (#1108)
  • ff4cb3e [feat] Move binary detection to the parser (#1103)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
ae5be97 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@saurabharch @snyk-bot