DALL-E-Clone
DALL-E-Clone copied to clipboard
evildevill
[Snyk] Security upgrade cloudinary from 1.33.0 to 1.37.3
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- server/package.json
- server/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
816/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.9 |
Sandbox Escape SNYK-JS-VM2-5415299 |
No | Proof of Concept |
|
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8 |
Sandbox Escape SNYK-JS-VM2-5422057 |
No | Proof of Concept |
|
704/1000 Why? Has a fix available, CVSS 9.8 |
Improper Handling of Exceptional Conditions SNYK-JS-VM2-5426093 |
No | No Known Exploit |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JS-VM2-5537079 |
No | Proof of Concept |
|
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8 |
Sandbox Bypass SNYK-JS-VM2-5537100 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: cloudinary
The new version differs by 74 commits.- 19b8cff Version 1.37.3
- eb6862d Merge pull request #618 from cloudinary/proxy-agent-removed
- d160902 fix: test fixes
- c124a98 chore: added compiled js
- 0ce2e47 fix: native http agent used instead of an external dependency
- 8aa469c Version 1.37.2
- d01409c Merge pull request #614 from cloudinary/vm2-override-version-bump
- 846e20b chore: bumped npm override for vm2 to latest
- bb0b44a Version 1.37.1
- 93cc3ed Merge pull request #610 from cloudinary/no-optional-require-http-agent
- 7d53e56 Merge branch 'master' into no-optional-require-http-agent
- b58cf73 Merge pull request #612 from cloudinary/dtslint-pipeline-fix
- 7e2514c fix: removing ts installed with dtslint to prevent fails on older node.js
- bee3de2 Merge branch 'master' into no-optional-require-http-agent
- 4d2fad9 Merge pull request #608 from cloudinary/snyk-upgrade-46d46b7c7da01b4244e35577ab8967e5
- bfcbaf0 fix: extracted optional require for proxy agent as a function
- 3ff1361 chore: removed unnecessary log
- d441300 chore: removed unnecessary log
- 44f4c5a fix: only explicit require used
- e2a2402 fix: upgrade core-js from 3.30.1 to 3.30.2
- ab69f5c Version 1.37.0
- 8b79a60 Merge pull request #606 from cloudinary/structured-metadata-rules-api
- fa2315a fix: fixes in types definitions and ts spec
- f351972 fix: adding es5 compiled code
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
