[Snyk] Security upgrade request-promise from 0.4.3 to 1.0.0

Open snyk-bot opened this issue 4 years ago • 0 comments

merge advice

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: request-promise

The new version differs by 25 commits.

ca35c5f Version 1.0.0
ba7cf85 Adjusted test coverage measurement
d91340f Added comments
f31c36f Updated tests for examples
d6b5e84 Documented manual steps
f5201b0 Third part of fresh up
ff7c73e Second part of fresh up
593f3b3 Reverted disallowing streaming
f96e9f8 First part of fresh up
68777d8 Listed changes in upcoming version
3941033 Added experimental support for continuation local storage (see issue #64)
d346752 Better error handling
8164fcc Removed unneeded import
cd52b92 Wording
1a29d9b Returning headers in HEAD request (see issue #58)
841852d Reducing flakyness of tests
aa5c881 Fixed Coveralls badge
3684a1f Introduced Coveralls
b18872d Bugfix
220d505 Failed exposing now throws an error instead of just printing to the console
dc74809 Disallowed streaming
3b489f7 Removed obsolete test
a5336e9 Removed special handling of unhandled rejection - solves issue #43
485865d Added node 4

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Sep 14 '21 04:09 snyk-bot