kubernetes-client icon indicating copy to clipboard operation
kubernetes-client copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade qs from 6.9.1 to 6.9.7

Open decompil3d opened this issue 3 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-QS-3153490		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: qs The new version differs by 84 commits.
  • 4cd0032 v6.9.7
  • e799ba5 [Fix] `parse`: ignore `__proto__` keys (#428)
  • 02ca358 [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
  • 4a17709 [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
  • c0e13e9 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 4113a5f [Tests] clean up stringify tests slightly
  • 749a584 [Docs] add note and links for coercing primitive values (#408)
  • cce2082 [meta] fix README.md (#399)
  • c44f0c5 Revert "[meta] ignore eclint transitive audit warning"
  • e6cfd8b [actions] backport actions from main
  • f399189 [Dev Deps] backport updates from main
  • b522d2e v6.9.6
  • 47d0b83 [Fix] restore `dist` dir; mistakenly removed in d4f6c32
  • 179fafc v6.9.5
  • d4f6c32 [meta] do not publish github action workflow files
  • 66202e7 [Tests] `stringify`: add tests for #378
  • da6d249 [Dev Deps] update `eslint`, `@ ljharb/eslint-config`, `aud`, `browserify`, `object-inspect`, `tape`
  • 4e7a5a3 [Fix] `stringify`: do not encode parens for RFC1738
  • 9c60d53 [Refactor] `format`: remove `util.assign` call
  • 01aaffd [Tests] migrate tests to Github Actions
  • fcb1ef1 [Tests] run `nyc` on all tests; use `tape` runner
  • 049c9bb [meta] add "Allow Edits" workflow; update rebase workflow
  • fddf182 [actions] switch Automatic Rebase workflow to `pull_request_target` event
  • deada94 [Fix] `stringify`: fix arrayFormat comma with empty array/objects

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

decompil3d avatar Dec 04 '22 20:12 decompil3d