devflow icon indicating copy to clipboard operation
devflow copied to clipboard

Published 20 hours ago verified publisher icon fiverr

[Snyk] Upgrade request from 2.67.0 to 2.88.2

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to upgrade request from 2.67.0 to 2.88.2.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 22 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-02-11.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
npm:tough-cookie:20160722		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Remote Memory Exposure
SNYK-JS-BL-608877		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Uninitialized Memory Exposure
npm:tunnel-agent:20170305		 589/1000
Why? Has a fix available, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:tough-cookie:20170905		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Remote Memory Exposure
npm:request:20160119		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: request
  • 2.88.2 - 2020-02-11
  • 2.88.0 - 2018-08-10

    2.88.0

  • 2.87.0 - 2018-05-21

    2.87.0

  • 2.86.0 - 2018-05-15

    2.86.0

  • 2.85.0 - 2018-03-12

    2.85.0

  • 2.84.0 - 2018-03-12

    2.84.0

  • 2.83.0 - 2017-09-27
  • 2.82.0 - 2017-09-19
  • 2.81.0 - 2017-03-09
  • 2.80.0 - 2017-03-04
  • 2.79.0 - 2016-11-18
  • 2.78.0 - 2016-11-03
  • 2.77.0 - 2016-11-03
  • 2.76.0 - 2016-10-25
  • 2.75.0 - 2016-09-17
  • 2.74.0 - 2016-07-22
  • 2.73.0 - 2016-07-09
  • 2.72.0 - 2016-04-17
  • 2.71.0 - 2016-04-12
  • 2.70.0 - 2016-04-05
  • 2.69.0 - 2016-01-27
  • 2.68.0 - 2016-01-27
  • 2.67.0 - 2015-11-19
from request GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

snyk-bot avatar May 12 '21 01:05 snyk-bot