discord-html-transcripts icon indicating copy to clipboard operation
discord-html-transcripts copied to clipboard

Published 20 hours ago verified publisher icon ItzDerock

[Snyk] Security upgrade undici from 5.24.0 to 5.26.2

Open ItzDerock opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 481/1000
Why? Recently disclosed, Has a fix available, CVSS 3.9		 Information Exposure
SNYK-JS-UNDICI-5962466		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: undici The new version differs by 48 commits.
  • 12a6218 Bumped v5.26.2
  • e041de3 Merge pull request from GHSA-wqq4-5wpv-mx2g
  • c8c80b1 5.26.1
  • 7bcb80c Fix node detection omfg (#2341)
  • 69ea7b9 hopefully this fixes it for good (#2338)
  • 4006aaf Bumped v5.26.0
  • df97958 fix: 🐛 fix process http2 header (#2332)
  • b9d8368 fix: 🏷️ add allowH2 to BuildOptions (#2334)
  • 06380f6 Fix stuck when using http2 POST Buffer (#2336)
  • 3a9f481 fix fetch with coverage enabled (#2330)
  • 882ff6d [StepSecurity] ci: Harden GitHub Actions (#2325)
  • 470ee38 disallow setting host header in fetch (#2322)
  • e5c9d70 fix(#2311): End stream after body sent (#2314)
  • 045d4db feat: respect `--max-http-header-size` Node.js flag (#2234)
  • af78c98 test: handle npm ignore-scripts settings (#2313)
  • 2de330f build(deps-dev): bump sinon from 15.2.0 to 16.1.0 (#2312)
  • e645012 fix: Agent.Options.factory should accept URL object or string as parameter (#2295)
  • 898040d chore: change order of the pseudo-headers (#2308)
  • fcc1e39 change default header to `node` (#2310)
  • 0fde27d use npm install instead of npm ci (#2309)
  • 5e654f3 Bumped v5.23.4
  • 7c2486d feat: disable FinalizationRegistry if NODE_V8_COVERAGE is set (#2304)
  • 4024468 Further automate publishing of undici-types using GitHub Actions workflow (#2290)
  • 5a75005 build(deps): bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#2301)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

ItzDerock avatar Oct 14 '23 14:10 ItzDerock