node-red-nodes
node-red-nodes copied to clipboard
Published
20 hours ago •
node-red
node-red
[Snyk] Security upgrade pushbullet from 2.4.0 to 3.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- social/pushbullet/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Open Redirect SNYK-JS-NODEFORGE-2330875 |
Yes | Proof of Concept |
|
529/1000 Why? Has a fix available, CVSS 6.3 |
Prototype Pollution SNYK-JS-NODEFORGE-2331908 |
Yes | No Known Exploit |
|
494/1000 Why? Has a fix available, CVSS 5.6 |
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337 |
Yes | No Known Exploit |
 |
579/1000 Why? Has a fix available, CVSS 7.3 |
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339 |
Yes | No Known Exploit |
|
494/1000 Why? Has a fix available, CVSS 5.6 |
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341 |
Yes | No Known Exploit |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-NODEFORGE-598677 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: pushbullet
The new version differs by 18 commits.- 1f8c1fd Update to version 3.0.0
- 9186bd9 Add `createChannel()`
- ac2fe7e Deprecate `sendSMS()`
- 9b7bcda Add support for the text API
- 5f501c5 Fix some comments
- 426de2b Remove old Travis CI yaml file
- 6a0076c Update ESLint rules and apply fixes
- ebdc39e Merge branch 'github-action-tests'
- ffd626d Add GitHub action to run tests
- f68187d Add tests using nock for mocking the API
- 45a657f Remove tests for now
- 72e856e Codestyle, modernisation, misc fixes
- a899190 Update dependencies to latest versions
- dca0e34 Merge branch 'node-fetch-migration'
- 3f89158 Update changelog
- 6508617 Update README
- 6a83ef9 Replace request with node-fetch
- 0f18e80 Switch CJS requires to ESM imports
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Open Redirect 🦉 Prototype Pollution
- :x: - login: @snyk-bot / name: Snyk bot . The commit (fa440745a47caa09b7c97ffe1d2ab11246841b3d) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}