cloudboost
cloudboost copied to clipboard
CloudBoost
[Snyk] Fix for 1 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- data-service/package.json
- data-service/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: nodemailer-mailgun-transport
The new version differs by 28 commits.- fc80bec Merge pull request #104 from Tol1/replace-mailgun-module
- 9c6596a Replace mailgun-js with official mailgun.js
- be34bb4 Fix the vuln by forcing netmask ver 2.0.2
- f6e30b5 Merge pull request #102 from kentcdodds/patch-1
- 5f02165 docs: update domain link
- 36f36e8 release new version that add support for apiKey alias
- 97731b4 Merge pull request #99 from captaincaius/feature-mailgun-templates-2
- 95aec61 add test and document using mailgun templates
- d7b1374 Merge pull request #98 from zgid123/master
- ba1a3da bumping semver
- 1553978 fixing vulns
- 4c3fb96 support option auth.apiKey as alias of auth.api_key
- d8de62f Merge pull request #87 from EmilienD/allow-custom-message-id
- ba13216 allow custom message-id
- eebbfb3 Merge pull request #84 from framp/master
- 87204df Small refactoring
- 7c861c3 Merge pull request #78 from strix/es6-syntax
- 79f5eb8 Fixed reference to
- 5af88a4 Changed self to simply this.
- fdc108b linting cleanup
- 44a0a02 Moved resolveAttachments function outside of promise chain since it is synchronous
- 4d50b02 Fixed path the handlebars template
- d2352c1 Updated syntax to es6
- 285e420 Merge pull request #77 from perzanko/master
Package name: snyk
The new version differs by 250 commits.- 8987918 Merge pull request #1781 from snyk/fix/replace-proxy
- eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
- 8045ceb test: update proxy tests for the new proxy global-agent
- 0d0c76a feat: support lowercase http_proxy envvars
- e597846 test(proxy): acceptance test for Proxy envvar settings
- 6d67579 fix: replace vulnerable proxy dependency
- 1449c57 Merge pull request #1707 from snyk/feat/snyk-fix
- 3d872fb test: assert exact errors for unsupported
- 5ebd685 Merge pull request #1777 from snyk/feat/fix-with-version-provenance
- 17e3431 Merge pull request #1778 from snyk/feat/dont-force-https
- fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
- 165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
- 77e6665 chore: lerna release with exact version
- f14819f Merge pull request #1760 from snyk/feat/support-critical-in-sarif
- b286418 feat: v1 support for previously fixed reqs.txt
- 0384020 feat: basic pip fix -r support
- f94c558 feat: include pins optionally
- 66ca77a feat: do not skip files with -r directive
- bc44f9a refactor: fix individual reqs manifest
- 6e84322 feat: fix individual file with provenance
- 9ed99f3 Merge pull request #1764 from snyk/feat/update-code-client
- c92599b Merge pull request #1774 from snyk/refactor/change-binaries-release-script
- ca508ac test: smoke test for `snyk fix`
- c68c7da feat: add @ snyk/fix as a dep
Package name: socket.io
The new version differs by 90 commits.- f8a66fd chore(release): 3.0.5
- 752dfe3 chore: bump debug version
- bf54327 revert: restore the socket middleware functionality
- 170b739 fix: properly clear timeout on connection failure
- 230cd19 chore: bump dependencies
- a0a3481 test: fix random test failure
- f773b48 chore: update GitHub issue templates
- 292d62e docs(examples): update TypeScript example
- 178e899 docs(examples): add Angular TodoMVC + Socket.IO example
- d1bfe40 refactor: add more typing info and upgrade prettier (#3725)
- 81c1f4e chore(release): 3.0.4
- 1fba399 ci: migrate to GitHub Actions
- 4e6d404 chore: make tests work on Windows (#3708)
- 28c7cc0 style(issue-template): fix typo (#3700)
- 06a2bd3 chore(release): 3.0.3
- 85ebd35 chore: cleanup dist folder before compilation
- 9b6f971 chore(release): 3.0.2
- 43705d7 fix: merge Engine.IO options
- 118cc68 chore: add 3rd party types in the list of dependencies
- c596e54 docs(examples): update React Native example
- f7e0009 docs(examples): update TypeScript example
- e69d0ad chore: bump socket.io-client version
- 0317a07 chore(release): 3.0.1
- d00c0c0 docs(examples): update examples to Socket.IO v3
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
