Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #53

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 7, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: dynamodb-x The new version differs by 2 commits.

See the full diff

Package name: slay The new version differs by 6 commits.
  • d96b2d1 [dist] Version bump. 2.0.0
  • 059f945 [tiny] Last two stricts
  • c64dc4c [tiny] Use strict. Break-up single-line requires into multiple declarations.
  • a69d0ba No more node@4
  • 3136082 Upgrade Winston
  • 2c88d21 [dist] update readme

See the full diff

Package name: winston The new version differs by 250 commits.
  • b47d5d5 3.3.0
  • b6bc918 Prepare for v3.3.0
  • 9354721 doc: fix whitespace and trailing comma. (#1778)
  • 3d07a80 docs: add example of uncaughtRejections logging (#1780)
  • df25fa2 fix: change property of handleRejections (#1779)
  • 950cbcd Add options to request (#1777)
  • 1c75292 Update package-lock.json (#1772)
  • e7d13d5 Exclude unnecessary files from npm package (#1768)
  • 75f7edf Fix removes a logger when pass undefined transport (#1785)
  • 4b571ba This adds Node.js 14 and removes Node.js 8 as: (#1793)
  • 73ae01f Update Sentry transport `require` change (#1754)
  • 7b67eb0 Fix typo (#1750)
  • 1679c49 Fix Issue where winston removes transport on error (#1364) (#1714)
  • 0e0cf14 Fix #1690 (#1691)
  • 85a250a Node 12 is LTS now
  • bea9c34 Update README.md (#1743)
  • 319abf1 Add defaultMeta to Logger index.d.ts (#1736)
  • c719706 (typo) Missing label import in example (#1733)
  • 8944598 Update index.d.ts (#1729)
  • 7bb258c Fix `npm` logging levels on README.md (#1737)
  • 64744d7 #1567: document common transport options (#1723)
  • ae2335b Add Humio transport link to docs (#1705)
  • 785bd9e UPDATE levels on readme (http added) (#1650)
  • 4f44acb Add PostgresQL transport to list of community transports (#1697)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@sonarcloud
Copy link

sonarcloud bot commented Jul 25, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant