netlify-plugin-cypress icon indicating copy to clipboard operation
netlify-plugin-cypress copied to clipboard

Published 20 hours ago verified publisher icon cypress-io

[Snyk] Fix for 2 vulnerabilities

Open admah opened this issue 3 years ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 Yes No Known Exploit
medium severity 490/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: got The new version differs by 222 commits.
  • 5e17bb7 11.8.5
  • bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
  • 8ced192 Fix build
  • 670eb04 11.8.4
  • 20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
  • 0da732f 11.8.3
  • 9463bb6 Bump cacheable-request dependency (#1921)
  • 0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
  • f896aa5 11.8.2
  • 3bd245f Instantiate CacheableLookup only when needed (#1529)
  • a72ed84 11.8.1
  • 4c815c3 Do not throw on custom stack traces (#1491)
  • e0cb820 11.8.0
  • f65c9ef Upgrade dependencies
  • 7acd380 Fix for sending files with size `0` on `stat` (#1488)
  • 6aa86f2 Fix indentation in the readme
  • 3dd2273 `beforeRetry` allows stream body if different from original (#1501)
  • b1afa2b Fix readme example comment (#1505)
  • 390b145 Set default value for an options object (#1495)
  • 87dadd5 Fixed documentation example for `responseType` (#1494)
  • 3bf3e3b Add `lookup` option documentation (#1483)
  • c31366b Add a test for #1438 (#1469)
  • 5d62958 11.7.0
  • 88b32ea Fix a regression where body was sent after redirect

See the full diff

Package name: ramda The new version differs by 4 commits.
  • 1a5d40b Version 0.27.2
  • 4d8e8f0 Merge pull request #3212 from ramda/davidchambers/trim
  • 94d0570 Security fix for ReDoS (#3177)
  • 8ae355e update test string for trim

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Open Redirect

admah avatar Oct 05 '22 16:10 admah

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Oct 05 '22 16:10 CLAassistant

closing in favor of #325

AtofStryker avatar Feb 24 '23 18:02 AtofStryker