node-red-nodes
node-red-nodes copied to clipboard
node-red
[Snyk] Security upgrade pusher from 1.5.1 to 4.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- social/pusher/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
584/1000 Why? Has a fix available, CVSS 7.4 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: pusher
The new version differs by 92 commits.- 9e45cfc v4.0.0
- 2030ed8 Merge pull request #126 from pusher/promises
- 615d5a2 remove redundant test
- be6f369 stale bot
- 8d249f9 give the type definitions some love
- 6a4ad57 configure eslint and make it happy
- b54d23f remove depricated use of Buffer
- c070876 bump dependencies
- c0509e3 remove specific parse build
- fb0cf9f remove redundant keep-alive test
- 1626d2d readme
- 240dfa3 improve test secret
- 962beac swap request out for node-fetch and change all interfaces to return promises instead of taking callbacks
- eb255d2 prettier
- 5b098ab Remove release instructions, we have better internally
- 5459667 Release instructions
- 5e5a704 3.0.1
- 158af89 Update changelog
- 6b0c0fc Merge pull request #118 from pusher/base64-master-key
- 4ccec3f Accidental line break
- 3eab10d Merge pull request #117 from pusher/remote-tests-on-travis
- 13bc552 Accept master enc key as base64
- 4008e6b Upgrade dependencies
- fb6a33d Banish tabs
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
- :x: - login: @snyk-bot / name: Snyk bot . The commit (f6e87d5d58ddb8a8ec4f3c7820d0654ee76c1a7c) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
New PR created to update to latest available packages https://github.com/node-red/node-red-nodes/pull/974
