code-push-server icon indicating copy to clipboard operation
code-push-server copied to clipboard
verified publisher icon lisong

[Snyk] Security upgrade upyun from 3.3.9 to 3.4.6

Open lisong opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: upyun The new version differs by 36 commits.
  • 0634524 3.4.6
  • 201b5c3 chore(deps): update is-promise from 2.1.0 to 4.0.0
  • a989c91 chore(deps): update md5 from 2.2.1 to 2.3.0
  • bd0d985 chore(deps): update form-data from 3.0.0 to 4.0.0
  • 1a9fecd chore(deps): update base-64 from 0.1.0 to 1.0.0
  • 30e790f chore(deps): update axios from 0.19.1 to 0.26.1
  • f0dfc81 :sparkles: copy 无法在浏览器中使用
  • 814ea95 3.4.5
  • 3845efc :sparkles: multipart 支持 buffer
  • e7a68b6 :pencil: 修改 multipartUpload 和 initMultipartUpload 参数介绍
  • da2e226 3.4.4
  • dd0cd42 :bug: 针对空格做出的 url 编码优化
  • 9b55fc4 3.4.3
  • c43261e :sparkles: axios 调用方式出现异常的响应内容提供错误码
  • c2e5436 3.4.2
  • 86fe312 :bug: utils 引入新方法导致前端不兼容
  • 3e56aa0 3.4.1
  • 78fdcdf :art: remove extra semicolon
  • 918e205 :sparkles: Resolving builtins
  • 09b9b72 3.4.0
  • 0c70d08 :sparkles: copy 和 move 方法兼容状态码
  • fabd1d3 3.3.13
  • da93b43 :bug: 修复 build 中内置模块的问题
  • 4944998 :art: 修改命名格式

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

lisong avatar Jan 02 '24 14:01 lisong