jiractl icon indicating copy to clipboard operation
jiractl copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Upgrade request-promise from 4.2.2 to 4.2.5

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to upgrade request-promise from 4.2.2 to 4.2.5.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2019-11-04.

The recommended version fixes:

Severity Issue Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-450202		 Proof of Concept
Release notes
Package name: request-promise from request-promise GitHub release notes
Commit messages
Package name: request-promise
  • fd52247 Version 4.2.5
  • a27ba86 chore: updated request-promise-core that updates lodash
  • 4e3b7ed Version 4.2.4
  • 94be6fe fix: tough-cookie version
  • 03f7030 chore: updated publish-please config
  • d831905 Version 4.2.3 (now really)
  • 37e8773 fix: updated indirect lodash dependency to fix security vulnerability
  • 229225e Version 4.2.3
  • 4f27097 chore: fix ci build for node v8+
  • c535eb6 Merge pull request #299 from aomdoa/fixToughCookieDep
  • 488947b Merge branch 'master' into fixToughCookieDep
  • 131abd7 fix: breaking change in tough-cookie v3
  • b454ddc chore: added node 8 and 10 to ci build
  • 6d11ddc fix: typo
  • 3a136ea Merge pull request #303 from lexjacobs/patch-1
  • 5e32191 docs: mention of wrapped request errors
  • 2ac4f3e Update rp.js
  • 1457338 Workaround on the cookie processing test.
  • 062d5f8 Limit the tough-cookie to 2.5 as 3.x removes node 0.10 support
  • 18c838a docs: cheat sheet for POST like HTML forms do
  • aa846b9 Merge pull request #222 from kukat/patch-1
  • 2cef645 Update README.md to correct the formData content-type

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

snyk-bot avatar Mar 21 '20 06:03 snyk-bot