Reeve icon indicating copy to clipboard operation
Reeve copied to clipboard

Published 20 hours ago verified publisher icon peterjoseph

[Snyk] Security upgrade supertest from 4.0.2 to 7.0.0

Open peterjoseph opened this issue 9 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: supertest The new version differs by 133 commits.
  • 2ae1c36 7.0.0
  • 225118c Merge pull request #834 from Bruception/master
  • f290431 Fix TestAgent not inheriting Agent properties
  • 1e18c20 fix: bump deps, drop Node.js v<14.16.0
  • fd571c8 6.3.4
  • bc4398a chore: bump deps, remove yarn.lock
  • c823515 chore: bump deps
  • 37017b3 Merge pull request #811 from ladjs/dependabot/npm_and_yarn/cookiejar-2.1.4
  • 6b41374 Merge pull request #814 from siddtheone/patch-1
  • 0ff9c02 Merge pull request #828 from 9renpoto/9renpoto-patch-1
  • 2cba6d4 si/visionmedia/ladjs/
  • 79a69b6 Update package.json
  • c1b8f9d Merge pull request #821 from yunnysunny/feature/ci-fix
  • 5d48749 ci: fix broken github action cache saving
  • 25920e7 Merge pull request #818 from lamweili/patch-1
  • 3767f9e docs: fixed links (for #621)
  • b81d3a4 Update README.md
  • 4b372eb Removing unused import
  • ac9327f chore(deps): bump cookiejar from 2.1.3 to 2.1.4
  • 44d5d72 Merge pull request #646 from dtom90/patch-1
  • d91ff37 Merge pull request #621 from RichieRunner/patch-1
  • ffb96df 6.3.3
  • 2910f73 chore: bump deps
  • fb4f327 6.3.2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Poisoning

peterjoseph avatar Apr 25 '24 06:04 peterjoseph