pollmommy icon indicating copy to clipboard operation
pollmommy copied to clipboard

Published 20 hours ago verified publisher icon hfreire

[Snyk] Security upgrade random-http-useragent from 1.1.32 to 1.1.33

Open hfreire opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 753/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: random-http-useragent The new version differs by 30 commits.
  • 5047d7d fix(deps): bump lodash from 4.17.20 to 4.17.21
  • 8399704 chore(deps-dev): bump snyk from 1.456.0 to 1.457.0
  • 22c9db6 chore(deps-dev): bump snyk from 1.455.0 to 1.456.0
  • 5d3fca6 chore(deps-dev): bump eslint-plugin-jest from 24.1.4 to 24.1.5
  • 572df6b chore(deps-dev): bump eslint-plugin-jest from 24.1.3 to 24.1.4
  • 2f852ba chore(deps-dev): bump snyk from 1.454.0 to 1.455.0
  • 82b2c8a chore(deps-dev): bump snyk from 1.452.0 to 1.454.0
  • 39109b9 chore(deps-dev): bump semantic-release from 17.3.8 to 17.3.9
  • 5ce4171 chore(deps-dev): bump snyk from 1.450.0 to 1.452.0
  • 9cf76e2 chore(deps-dev): bump mocha from 8.2.1 to 8.3.0
  • c1f721a chore(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1
  • 4da9f1d chore(deps-dev): bump snyk from 1.448.0 to 1.450.0
  • b28c2dc chore(deps-dev): bump snyk from 1.446.0 to 1.448.0
  • 1207a28 chore(deps-dev): bump semantic-release from 17.3.7 to 17.3.8
  • e6d1668 chore(deps-dev): bump snyk from 1.445.0 to 1.446.0
  • 450b19f chore(deps-dev): bump snyk from 1.440.5 to 1.445.0
  • 25ebcba chore(deps-dev): bump chai from 4.2.0 to 4.3.0
  • 7cfe07b chore(deps-dev): bump snyk from 1.440.4 to 1.440.5
  • 2268ef4 chore(deps-dev): bump snyk from 1.440.1 to 1.440.4
  • e96941e chore(deps-dev): bump snyk from 1.439.3 to 1.440.1
  • 632f0c1 chore(deps-dev): bump snyk from 1.439.1 to 1.439.3
  • 0b23020 chore(deps-dev): bump snyk from 1.439.0 to 1.439.1
  • 2a5e0b4 chore(deps-dev): bump semantic-release from 17.3.6 to 17.3.7
  • 73c63b9 chore(deps-dev): bump snyk from 1.438.0 to 1.439.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

hfreire avatar Feb 23 '21 00:02 hfreire