plugin-rtc icon indicating copy to clipboard operation
plugin-rtc copied to clipboard

Published 20 hours ago verified publisher icon twilio-labs

[Snyk] Security upgrade @twilio/cli-core from 6.8.1 to 7.6.1

Open twilio-product-security opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @twilio/cli-core The new version differs by 40 commits.
  • 23e9e2b chore(release): set `package.json` to 7.6.1 [skip ci]
  • b3d59e9 fix: using npx instead of npm bin (#220)
  • abd04b7 oaiFix: Updated api definitions
  • 71c5a98 chore: update twilio node mvr version (#218)
  • b7f140e chore(release): set `package.json` to 7.6.0 [skip ci]
  • db7f46d oaiFeat: Updated api definitions
  • 72b9240 chore(release): set `package.json` to 7.5.3 [skip ci]
  • e57a2f0 oaiFix: Updated api definitions
  • 3a8570c chore(release): set `package.json` to 7.5.2 [skip ci]
  • 240c1b9 oaiFix: Updated api definitions
  • 783d02a chore(release): set `package.json` to 7.5.1 [skip ci]
  • 8fefe57 oaiFix: Updated api definitions
  • 345d27e chore(release): set `package.json` to 7.5.0 [skip ci]
  • 3e30a0b oaiFeat: Updated api definitions
  • ace9296 chore(release): set `package.json` to 7.4.3 [skip ci]
  • c6b6141 oaiFix: Updated api definitions
  • 2b2fbe6 chore: Update package.json
  • f1aa349 chore(release): set `package.json` to 7.4.2 [skip ci]
  • 1b99ec4 oaiFix: Updated api definitions
  • 75dc153 removing npmPublish changes
  • a60f34d set npmPublish to false
  • 3a055af chore(release): set `package.json` to 7.4.1 [skip ci]
  • 041ac0e oaiFix: Updated api definitions
  • 08cb4e6 chore(release): set `package.json` to 7.4.0 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

twilio-product-security avatar Dec 28 '23 06:12 twilio-product-security