client icon indicating copy to clipboard operation
client copied to clipboard
verified publisher icon nos

[Snyk] Security upgrade @cityofzion/neon-js from 3.11.9 to 4.0.0

Open deanpress opened this issue 9 months ago • 1 comments

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9403194		   596  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

deanpress avatar Mar 26 '25 10:03 deanpress

I don’t wanna subscribed. can I cancel?

On Wed, Mar 26, 2025 at 18:35 Dean @.***> wrote:

[image: snyk-top-banner] https://camo.githubusercontent.com/80f9651f113a2343bc7ee57b8cad89ef8ac10cd036bc6c0a782780a319f07970/68747470733a2f2f72656469726563742e6769746875622e636f6d2f616e6479676f6e6765612f4f574153502d42656e63686d61726b2f6173736574732f3831383830352f63353138633432332d313666652d343437652d623637662d616435613439623564313233 Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project. Snyk changed the following file(s):

  • package.json

Vulnerabilities that will be fixed with an upgrade: Issue Score [image: medium severity] https://camo.githubusercontent.com/c901cdb10f1d2870c22d8bb9f8dedf8c9c044d596e6feaf497b4df54be81fbfd/68747470733a2f2f7265732e636c6f7564696e6172792e636f6d2f736e796b2f696d6167652f75706c6f61642f775f32302c685f32302f76313536313937373831392f69636f6e2f6d2e706e67 Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194 https://snyk.io/vuln/SNYK-JS-AXIOS-9403194 596

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: https://camo.githubusercontent.com/7c4c24b61b08fc6e2c214e67f22a8d3237466efcc44d38abedbb45db701164b0/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949354d6a457a5a546b314d4330784e5455774c5451314e544d744f47517a5a53316d4d444e6b4e5456695a5441304e7a67694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a6b794d544e6c4f5455774c5445314e5441744e4455314d7930345a444e6c4c5759774d3251314e574a6c4d4451334f434a3966513d3d 🧐 View latest project report https://app.snyk.io/org/nos/project/f6c0c335-95b4-4a70-bdf2-cfac6f2bc579?utm_source=github&utm_medium=referral&page=fix-pr 📜 Customise PR templates https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=github&utm_content=fix-pr-template 🛠 Adjust project settings https://app.snyk.io/org/nos/project/f6c0c335-95b4-4a70-bdf2-cfac6f2bc579?utm_source=github&utm_medium=referral&page=fix-pr/settings 📚 Read about Snyk's upgrade logic https://docs.snyk.io/scan-with-snyk/snyk-open-source/manage-vulnerabilities/upgrade-package-versions-to-fix-vulnerabilities?utm_source=github&utm_content=fix-pr-template

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF) https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/?loc=fix-pr

You can view, comment on, or merge this pull request online at:

https://github.com/nos/client/pull/1510 Commit Summary

File Changes

(1 file https://github.com/nos/client/pull/1510/files)

Patch Links:

  • https://github.com/nos/client/pull/1510.patch
  • https://github.com/nos/client/pull/1510.diff

— Reply to this email directly, view it on GitHub https://github.com/nos/client/pull/1510, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJLWZZTIRM6WFJ5THBNQXMD2WJ7G3AVCNFSM6AAAAABZZ5OBGGVHI2DSMVQWIX3LMV43ASLTON2WKOZSHE2DSMJRG44DIOA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

WarWarMyint avatar Mar 26 '25 14:03 WarWarMyint