event-backend
event-backend copied to clipboard
Published
20 hours ago •
pjmolina
pjmolina
[Snyk] Fix for 2 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LODASH-6139239 |
Yes | Proof of Concept |
 |
501/1000 Why? Recently disclosed, Has a fix available, CVSS 4.3 |
Information Exposure Through Sent Data SNYK-JS-PHIN-6598077 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jimp
The new version differs by 216 commits.- d4ed418 "Bump version to: v0.22.0 [skip ci]"
- 3bdd30a Update contributors [skip ci]
- f6fa67c Update CHANGELOG.md [skip ci]
- b3b6438 Switch to fetch for url requests (#1165)
- 22f2535 switch from should to expect (#1163)
- a2dbeb5 delete CLI package (#1162)
- c5784fe Change test matching strategy to include all test files (#1161)
- 046ea0d "Bump version to: v0.21.3 [skip ci]"
- 893aad3 Update CHANGELOG.md [skip ci]
- b6f1e35 Change some exports to move towards more ESM compatibility (#1154)
- 19ba1d6 Workflow fix (#1159)
- e234232 run workflow for PRs (#1156)
- 2f7c68e "Bump version to: v0.21.1 [skip ci]"
- b9421a4 Update CHANGELOG.md [skip ci]
- 96039e9 remove export hack (#1153)
- 5b4330d "Bump version to: v0.21.0 [skip ci]"
- a0cef37 Update contributors [skip ci]
- 045621d Update CHANGELOG.md [skip ci]
- f8c4bee Babel Refactor (#1149)
- cebbdb7 "Bump version to: v0.20.2 [skip ci]"
- 333df68 Update CHANGELOG.md [skip ci]
- c4004d5 add phash to types (#1144)
- 6ff7816 "Bump version to: v0.20.1 [skip ci]"
- 0a5558e Update CHANGELOG.md [skip ci]
Package name: newrelic
The new version differs by 250 commits.- f35a229 release: 6.5.0 (2020-03-19)
- 5779e3c Updated release notes
- 435d053 Merge pull request #1969 from NodeJS-agent/ntzaperas/attribute-rename
- 3d0dbd2 Rename span error attribute
- a01821f Fix span error attributes appearing on span intrinsics
- 76e0572 Updated changelog for v6.5.0.
- cd9406c Merge pull request #1966 from NodeJS-agent/ntzaperas/lasp-span-errors
- bfb2e70 Remove span_error_attributes feature flag
- 613a285 Test span error attributes and HSM/ignore
- a4ac95b Merge pull request #1964 from NodeJS-agent/mgoin/ConvertAgentAggregatorsUnitTests
- 2de8843 Merge pull request #1959 from NodeJS-agent/mgoin/ConvertAgentsUnitTestFullyTap
- 3f53da6 Converts event-aggregator.test.js to fully use tap API.
- e339089 Use the same attributes on spans as on TransactionErrors
- 0166c8a Span error attributes should adhere to security policy
- de2658d Converts base-aggregator.test.js to fully use tap API.
- 1e036e5 Converts synthetics.test.js to fully use tap API.
- 6d75845 Converts intrinsics.test.js to fully use tap API.
- 8c43fc6 Converts agent.test.js to fully use tap API.
- ade4dc3 Merge pull request #1957 from NodeJS-agent/ntzaperas/NODE-2307-error-attrs-on-spans
- 2ce89a6 Put span error attributes behind a feature flag
- 9013e0f Tests for span error attributes
- 64c6d47 Update tests to match new error interface
- ecae7a2 Add error info to span and link to TransactionError events
- 233e48e Merge pull request #1956 from NodeJS-agent/mgoin/NODE-2314-EventHandlersNotCleaningUp
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
