gcp-dataprep-bigquery-twitter-stream icon indicating copy to clipboard operation
gcp-dataprep-bigquery-twitter-stream copied to clipboard

Published 20 hours ago verified publisher icon jeremylorino

[Snyk] Fix for 22 vulnerabilities

Open jeremylorino opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 No Proof of Concept
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 No No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 No Proof of Concept
medium severity 703/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 No No Known Exploit
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-JSZIP-3188562		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PARSELINKHEADER-1582783		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 Yes No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579147		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579152		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579155		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @google-cloud/logging-winston The new version differs by 103 commits.
  • 8305c92 chore: release 1.0.0 (#326)
  • a46f385 chore: remove root and samples package-lock.json (#338)
  • fc87d65 fix(deps): bump minimum required dependencies (#336)
  • 2d72bc1 chore: update @ google-cloud/common to 2.x (#331)
  • d55c939 build: remove verbose logging from test scripts (#332)
  • 2214438 build: ignore proto files in test coverage (#330)
  • 9afc5e0 chore: clean up dev dependencies (#327)
  • c83050b build: add configuration for automated doc deployment (#328)
  • 059c2a1 fix(deps): update dependency @ google-cloud/logging to v5 (#324)
  • b3d666e build: updated kokoro config for coverage and release-please (#321)
  • 6260654 build: add new kokoro config for coverage and release-please (#320)
  • 450295f fix: use immutable winston level (#319)
  • 6182968 fix(deps): update dependency google-auth-library to v4 (#317)
  • c7ab418 chore(deps): update dependency @ google-cloud/common to v1 (#318)
  • 27b41e4 chore(chore): upgrade to gts 1.0.0 (#310)
  • d466a45 build: only pipe to codecov if tests run on Node 10
  • a61911b build: allow Node 10 on presubmit to push to codecov (#316)
  • 7418f77 build: allow Node 10 to push to codecov (#315)
  • 1f3e345 build: patch Windows container, fixing Node 10 (#314)
  • 7010ee5 chore: do not run CI on grpc-js (#311)
  • 7ff405c chore(deps): update dependency eslint-plugin-node to v9 (#312)
  • c777689 build!: upgrade engines field to >=8.10.0 (#308)
  • 08631b7 chore!: drop node 6 support (#307)
  • f762657 chore: removing node6 CI (#309)

See the full diff

Package name: @google-cloud/pubsub The new version differs by 250 commits.
  • bb26010 chore: release 0.29.0 (#609)
  • c72491f refactor(subscriber): message stream retry logic (#607)
  • 46c75a2 chore(deps): update dependency jsdoc to v3.6.2 (#606)
  • ef45af3 refactor: use core grpc (#608)
  • 6415e7c fix(deps): update dependency google-gax to v1 (#604)
  • 2e669a1 fix(deps): update dependency @ google-cloud/precise-date to v1 (#603)
  • baf9d39 fix(deps): update dependency google-auth-library to v4 (#601)
  • 1ae8db9 fix: DEADLINE_EXCEEDED retry code is idempotent (#605)
  • a72df8a test: fix snapshot fixture creation (#602)
  • 39b1dac fix: DEADLINE_EXCEEDED no longer treated as idempotent and retried
  • 22dc668 build: update build config and doc comments (#593)
  • 181553a fix(deps): update dependency @ google-cloud/paginator to v1 (#592)
  • 76f5c7b build: allow Node 10 on presubmit to push to codecov (#598)
  • bbc59fa build: allow Node 10 to push to codecov (#597)
  • 397f876 build: patch Windows container, fixing Node 10 (#596)
  • a9dd7f1 chore: do not run CI on grpc-js (#586)
  • fb76bf4 chore(deps): update dependency eslint-plugin-node to v9 (#587)
  • d01d010 fix(deps): update dependency @ google-cloud/projectify to v1 (#588)
  • dad7530 fix(deps): update dependency @ google-cloud/promisify to v1 (#589)
  • 6ef6260 chore(deps): update dependency gts to v1 (#579)
  • 2116474 build!: upgrade engines field to >=8.10.0 (#584)
  • 2004351 chore: removing node6 CI (#585)
  • 4214a4f fix(deps): update dependency google-gax to ^0.26.0 (#583)
  • b5f8df2 chore: update formatting for generated code (#580)

See the full diff

Package name: @google-cloud/storage The new version differs by 250 commits.
  • 6161c63 chore: release 5.17.0 (#1744)
  • 97edb9a sample: add turbo replication samples (#1618)
  • 809bf11 fix: remove compodoc dev dependency (#1745)
  • 291e6ef feat: add support for rpo (turbo replication) metadata field when cre… (#1648)
  • 437d400 chore(deps): gcs-resumable-upload migration (#1736)
  • 00392a4 chore: add api_shortname and library_type to repo metadata (#1737)
  • 9758632 docs(badges): tweak badge to use new preview/stable language (#1314) (#1739)
  • 552ebef docs(node): support "stable"/"preview" release level (#1312) (#1738)
  • 42f4207 chore(deps): update dependency @ types/tmp to v0.2.3 (#1734)
  • 2aad922 samples: Delete setPublicAccessPreventionUnspecified.js (#1733)
  • 257f771 samples: download byte range (#1732)
  • 29f91cb samples: added samples for upload from / download into memory (#1731)
  • 8ecb70e build: add generated samples to .eslintignore (#1730)
  • 1457404 chore: create interfaces for conformance test API results (#1728)
  • 09af838 chore: release 5.16.1 (#1717)
  • 2c2510a chore: address lint issues (#1726)
  • 6490abf Revert "fix: revert skip validation (#1718)" (#1721)
  • db4e2df samples: upload without authentication (#1711)
  • d77979b fix: stop File.download from truncating output file on failure (#1720)
  • 0c75e33 fix: revert skip validation (#1718)
  • c365254 fix: change properties with function value to methods (#1715)
  • 669a34d chore(deps): update gcs-resumable-upload to ^3.6.0 (#1710)
  • 9018e17 chore: release 5.16.0 (#1709)
  • 50cdbb6 feat: improved error messages for resumable uploads (#1708)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 Open Redirect 🦉 More lessons are available in Snyk Learn

jeremylorino avatar Dec 20 '23 18:12 jeremylorino