arweave-python-client icon indicating copy to clipboard operation
arweave-python-client copied to clipboard
verified publisher icon MikeHibbert

[Snyk] Security upgrade arweave from 1.10.23 to 1.12.3

Open MikeHibbert opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/package.json
    • test/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-AXIOS-6144788		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: arweave The new version differs by 109 commits.
  • acd31e2 1.12.3
  • d6a5df2 fix: request payload was getting double stringified in certain cases
  • 41658e1 task: remove `cross-env NODE_OPTIONS='--experimental-fetch'`
  • 0ef79a2 Merge branch 'feat/is-gateway' into fetch-node16
  • 03b3941 task: cleanup
  • e0f5190 task: remove .npmrc & cleanup package.json
  • e863221 task: remove util dependency
  • dc47ece task: remove axios dependency
  • e4826e3 task: update deps
  • 99dc8a2 Merge pull request #193 from ArweaveTeam/update-12-minor
  • 5afc775 axios => fetch api
  • e30eb07 fix: test times out
  • 97fb098 fix: engine version correction
  • 1b1dcae axios => fetch api
  • b322c4b fix: node engine-strict not being obeyed
  • 379feb4 axios => fetch api
  • 735f3e6 task: misc fix
  • c44237e Merge pull request #192 from arconnectio/fix/mv-3
  • 6e7184a fix: make cross-env work for Windows
  • 6676706 fix: test scripts for Windows
  • b2ac720 fix: some typing
  • b0d8e95 task: remove node 14 from github test action
  • 02e2b69 task: update tsconfig.node.json & package.json for node v16 with Fetch API
  • 087d315 feat: try polyfilling headers

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

MikeHibbert avatar Jan 05 '24 18:01 MikeHibbert