browser-as-a-service icon indicating copy to clipboard operation
browser-as-a-service copied to clipboard

Published 20 hours ago verified publisher icon hfreire

[Snyk] Fix for 2 vulnerabilities

Open hfreire opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 753/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: health-checkup The new version differs by 31 commits.
  • 936da22 fix(deps): bump lodash from 4.17.20 to 4.17.21
  • 27254a9 chore(deps-dev): bump snyk from 1.456.0 to 1.457.0
  • aa90429 chore(deps-dev): bump snyk from 1.455.0 to 1.456.0
  • 9931a80 chore(deps-dev): bump eslint-plugin-jest from 24.1.4 to 24.1.5
  • d0327f8 chore(deps-dev): bump eslint-plugin-jest from 24.1.3 to 24.1.4
  • 44455d8 chore(deps-dev): bump semantic-release from 17.3.8 to 17.3.9
  • d47a5b0 chore(deps-dev): bump snyk from 1.454.0 to 1.455.0
  • f318a73 chore(deps-dev): bump snyk from 1.452.0 to 1.454.0
  • ff1aaa4 chore(deps-dev): bump snyk from 1.450.0 to 1.452.0
  • f455b4b chore(deps-dev): bump mocha from 8.2.1 to 8.3.0
  • 049aed1 chore(deps-dev): bump snyk from 1.448.0 to 1.450.0
  • 24e61f5 chore(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1
  • fde094a chore(deps-dev): bump semantic-release from 17.3.7 to 17.3.8
  • c83f1d4 chore(deps-dev): bump snyk from 1.447.0 to 1.448.0
  • 80856cf chore(deps-dev): bump snyk from 1.446.0 to 1.447.0
  • eb6b961 chore(deps-dev): bump snyk from 1.445.0 to 1.446.0
  • 0208401 chore(deps-dev): bump snyk from 1.440.5 to 1.445.0
  • 705c3b5 chore(deps-dev): bump chai from 4.2.0 to 4.3.0
  • 0ddd12f chore(deps-dev): bump snyk from 1.440.4 to 1.440.5
  • d52efe8 chore(deps-dev): bump snyk from 1.440.1 to 1.440.4
  • 023c550 chore(deps-dev): bump snyk from 1.439.3 to 1.440.1
  • 18cf468 chore(deps-dev): bump snyk from 1.439.1 to 1.439.3
  • 988ff67 chore(deps-dev): bump snyk from 1.439.0 to 1.439.1
  • b5eb69f chore(deps-dev): bump semantic-release from 17.3.6 to 17.3.7

See the full diff

Package name: lodash The new version differs by 1 commits.

See the full diff

Package name: modern-logger The new version differs by 38 commits.
  • 2df0d37 fix(deps): bump lodash from 4.17.20 to 4.17.21
  • 2372082 chore(deps-dev): bump snyk from 1.457.0 to 1.458.0
  • 724d5b2 chore(deps-dev): bump snyk from 1.456.0 to 1.457.0
  • b205ea3 chore(deps-dev): bump eslint-plugin-jest from 24.1.4 to 24.1.5
  • aa83934 chore(deps-dev): bump snyk from 1.455.0 to 1.456.0
  • b575660 fix(deps): bump rollbar from 2.20.0 to 2.21.0
  • d432512 chore(deps-dev): bump eslint-plugin-jest from 24.1.3 to 24.1.4
  • d7388b7 chore(deps-dev): bump snyk from 1.454.0 to 1.455.0
  • 43b2ed3 chore(deps-dev): bump snyk from 1.450.0 to 1.454.0
  • a064472 chore(deps-dev): bump semantic-release from 17.3.8 to 17.3.9
  • 9d2cd2c chore(deps-dev): bump mocha from 8.2.1 to 8.3.0
  • 207bd16 chore(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1
  • 0565197 chore(deps-dev): bump snyk from 1.448.0 to 1.450.0
  • 1e95a26 chore(deps-dev): bump snyk from 1.446.0 to 1.448.0
  • 3a9b2b0 chore(deps-dev): bump semantic-release from 17.3.7 to 17.3.8
  • f1bc1aa chore(deps-dev): bump snyk from 1.445.0 to 1.446.0
  • e8aa3a1 chore(deps-dev): bump snyk from 1.440.5 to 1.445.0
  • 5f43e93 chore(deps-dev): bump chai from 4.2.0 to 4.3.0
  • 349546a chore(deps-dev): bump snyk from 1.440.4 to 1.440.5
  • 0be135b chore(deps-dev): bump snyk from 1.440.1 to 1.440.4
  • 8331494 fix(deps): bump rollbar from 2.19.4 to 2.20.0
  • 55af774 chore(deps-dev): bump snyk from 1.439.3 to 1.440.1
  • 0af9e9a chore(deps-dev): bump snyk from 1.439.1 to 1.439.3
  • 43d8d51 chore(deps-dev): bump snyk from 1.439.0 to 1.439.1

See the full diff

Package name: random-http-useragent The new version differs by 30 commits.
  • 5047d7d fix(deps): bump lodash from 4.17.20 to 4.17.21
  • 8399704 chore(deps-dev): bump snyk from 1.456.0 to 1.457.0
  • 22c9db6 chore(deps-dev): bump snyk from 1.455.0 to 1.456.0
  • 5d3fca6 chore(deps-dev): bump eslint-plugin-jest from 24.1.4 to 24.1.5
  • 572df6b chore(deps-dev): bump eslint-plugin-jest from 24.1.3 to 24.1.4
  • 2f852ba chore(deps-dev): bump snyk from 1.454.0 to 1.455.0
  • 82b2c8a chore(deps-dev): bump snyk from 1.452.0 to 1.454.0
  • 39109b9 chore(deps-dev): bump semantic-release from 17.3.8 to 17.3.9
  • 5ce4171 chore(deps-dev): bump snyk from 1.450.0 to 1.452.0
  • 9cf76e2 chore(deps-dev): bump mocha from 8.2.1 to 8.3.0
  • c1f721a chore(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1
  • 4da9f1d chore(deps-dev): bump snyk from 1.448.0 to 1.450.0
  • b28c2dc chore(deps-dev): bump snyk from 1.446.0 to 1.448.0
  • 1207a28 chore(deps-dev): bump semantic-release from 17.3.7 to 17.3.8
  • e6d1668 chore(deps-dev): bump snyk from 1.445.0 to 1.446.0
  • 450b19f chore(deps-dev): bump snyk from 1.440.5 to 1.445.0
  • 25ebcba chore(deps-dev): bump chai from 4.2.0 to 4.3.0
  • 7cfe07b chore(deps-dev): bump snyk from 1.440.4 to 1.440.5
  • 2268ef4 chore(deps-dev): bump snyk from 1.440.1 to 1.440.4
  • e96941e chore(deps-dev): bump snyk from 1.439.3 to 1.440.1
  • 632f0c1 chore(deps-dev): bump snyk from 1.439.1 to 1.439.3
  • 0b23020 chore(deps-dev): bump snyk from 1.439.0 to 1.439.1
  • 2a5e0b4 chore(deps-dev): bump semantic-release from 17.3.6 to 17.3.7
  • 73c63b9 chore(deps-dev): bump snyk from 1.438.0 to 1.439.0

See the full diff

Package name: serverful The new version differs by 32 commits.
  • f688e84 fix(deps): bump lodash from 4.17.20 to 4.17.21
  • 3fb2e85 chore(deps-dev): bump snyk from 1.457.0 to 1.458.0
  • bf8ff95 chore(deps-dev): bump snyk from 1.456.0 to 1.457.0
  • d43c6d7 chore(deps-dev): bump eslint-plugin-jest from 24.1.4 to 24.1.5
  • 6796900 chore(deps-dev): bump snyk from 1.455.0 to 1.456.0
  • 678c7ec chore(deps-dev): bump eslint-plugin-jest from 24.1.3 to 24.1.4
  • ea50d8d chore(deps-dev): bump snyk from 1.454.0 to 1.455.0
  • 60b5ee2 chore(deps-dev): bump snyk from 1.452.0 to 1.454.0
  • 1a3d3f1 chore(deps-dev): bump semantic-release from 17.3.8 to 17.3.9
  • a36f44f chore(deps-dev): bump snyk from 1.450.0 to 1.452.0
  • ab7ea79 chore(deps-dev): bump snyk from 1.448.0 to 1.450.0
  • e80546f chore(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1
  • 827eb79 chore(deps-dev): bump snyk from 1.447.0 to 1.448.0
  • e22d463 chore(deps-dev): bump snyk from 1.446.0 to 1.447.0
  • a8474ec chore(deps-dev): bump semantic-release from 17.3.7 to 17.3.8
  • c59291e chore(deps-dev): bump snyk from 1.445.0 to 1.446.0
  • d827334 chore(deps-dev): bump snyk from 1.440.5 to 1.445.0
  • 4ce0d13 chore(deps-dev): bump snyk from 1.440.4 to 1.440.5
  • 90a91f4 chore(deps-dev): bump snyk from 1.440.1 to 1.440.4
  • 92507ad chore(deps-dev): bump snyk from 1.439.3 to 1.440.1
  • 75bcd35 chore(deps-dev): bump snyk from 1.439.1 to 1.439.3
  • c1585cd chore(deps-dev): bump snyk from 1.439.0 to 1.439.1
  • f09804f chore(deps-dev): bump semantic-release from 17.3.6 to 17.3.7
  • 6f806eb chore(deps-dev): bump snyk from 1.438.0 to 1.439.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

hfreire avatar Feb 23 '21 06:02 hfreire