cloudboost icon indicating copy to clipboard operation
cloudboost copied to clipboard
verified publisher icon CloudBoost

[Snyk] Security upgrade web-push from 2.2.0 to 3.0.0

Open nawazdhandala opened this issue 1 year ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • data-service/package.json
    • data-service/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 828/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7		 Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8187303		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: web-push The new version differs by 83 commits.
  • 7f520e8 Version 3.0.0
  • 4dec958 Merge pull request #229 from web-push-libs/remove_some_unneeded_dependencies
  • 3713df3 Remove some no longer used dependencies
  • 141d2c5 Merge pull request #228 from web-push-libs/drop_node_0.10_0.12
  • ccae61c Remove no longer used port-open.js file
  • bdf72de Remove no-longer needed closures
  • 8ceae6c Remove 0.10-0.12 specific checks from tests
  • e261ff0 Update 'engines' field in package.json to note that we require Node.js v4
  • 7e247a0 Remove dependencies needed to support Node.js <= 0.12
  • c7444a1 Remove shim.js
  • dbcc4d7 Stop testing on Node.js 0.10 and 0.12
  • 2a50016 Remove wires from .npmignore
  • c1c4b34 Merge pull request #227 from gauntface/cli-update
  • bd5f6dc Fixing review
  • afafe59 Fixing for node 4
  • 6b28d5e Tested on 0.10
  • d42619f Wrap test for 0.10
  • bdbaad4 Disable CLI tests on old node
  • 3a08c81 Fixing eslint errors
  • 11f40ef Adding content to readme
  • 9663a8c Extending cli and adding some tests
  • a9c198f Updating to new actions for CLI
  • 27a114f Merge pull request #224 from gauntface/readme-update
  • 00a1c8a Fixing travis and statement

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

nawazdhandala avatar Oct 18 '24 06:10 nawazdhandala