client-js-1.4-examples icon indicating copy to clipboard operation
client-js-1.4-examples copied to clipboard

Published 20 hours ago verified publisher icon twilio

[Snyk] Security upgrade twilio from 2.11.1 to 3.41.0

Open twilio-product-security opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Remote Memory Exposure
SNYK-JS-BL-608877		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:hoek:20180212		 Yes Proof of Concept
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 Yes No Known Exploit
medium severity 576/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.1		 Uninitialized Memory Exposure
npm:tunnel-agent:20170305		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: twilio The new version differs by 250 commits.
  • 07891d5 Release 3.41.0
  • 3120c68 [Librarian] Regenerated @ b99d9f1d3667442d965805ac71bf6185ee04b82c
  • c76264e fix: remove the lock file since this is a library
  • d073d8c fix: Page JSON parsing and integration tests (#546)
  • ef0d339 fix: add overloaded TS definitions for non-required params (#545)
  • 465d158 fix: Add method overload to VoiceResponse.prototype.play (#544)
  • 747a091 fix: don't re-parse parsed JSON (#543)
  • 6266910 feat: migrate from deprecated request module to axios (#542)
  • 5249e3b [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
  • ad2e98b Release 3.40.0
  • ec54ee2 [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
  • 5a65128 docs: add url parameter documentation in twilio.webhook() (#541)
  • 6d96611 fix: proper indentation (#534)
  • 3b07aca docs: guide for enabling lazy loading (#532)
  • 25ec77d feat: Faster requiring using optional lazy loading (#526)
  • deca8ff Release 3.39.5
  • f8f368c [Librarian] Regenerated @ 59055a0e4517ecbe8ab584e0f9b38f2a70cd94a8
  • 3d0e4a1 Release 3.39.4
  • 2d7f7fa [Librarian] Regenerated @ 0d359fdcea150a7f3ec36771ffeb0bd2bf34ea1d
  • 412b484 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 1294266 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 0d96c5b [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 1286866 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 548eed3 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

twilio-product-security avatar Sep 03 '21 21:09 twilio-product-security