newman-reporter-html icon indicating copy to clipboard operation
newman-reporter-html copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

[Snyk] Fix for 2 vulnerabilities

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Insecure Randomness
SNYK-JS-CRYPTOJS-548472		 No No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKDOWNIT-459438		 No Proof of Concept
Commit messages
Package name: jsdoc The new version differs by 2 commits.
  • 8d0fce6 chore: bump version; update release notes
  • 91c9aa7 chore(deps): update dependencies

See the full diff

Package name: newman The new version differs by 76 commits.
  • 2f2f356 Merge branch 'release/4.6.1'
  • f608ea3 Release v4.6.1
  • a5a5e43 Merge pull request #2296 from postmanlabs/feature/update-dependencies
  • 64ecb8d Update dependencies
  • 6a35e05 fixture: update certificates
  • 1c372d1 Merge pull request #2281 from postmanlabs/greenkeeper/postman-request-2.88.1-postman.21
  • e041ba8 Merge pull request #2246 from postmanlabs/greenkeeper/postman-collection-3.6.0
  • f53d8a6 Merge pull request #2240 from aquibbaig/feature/update-contributing-docs
  • f41a334 Merge pull request #2265 from postmanlabs/dependabot/npm_and_yarn/acorn-6.4.1
  • d816647 Merge branch 'develop' into greenkeeper/postman-request-2.88.1-postman.21
  • 787304f Merge branch 'develop' of github.com:postmanlabs/newman into greenkeeper/postman-collection-3.6.0
  • ac61900 Bump acorn from 6.2.1 to 6.4.1
  • 4e211c2 Merge pull request #2248 from postmanlabs/greenkeeper/postman-collection-transformer-3.3.0
  • 675ecec Merge pull request #2268 from postmanlabs/snyk-upgrade-8192f5b7391e7737324393b21d7c1a22
  • 89d28bd Merge pull request #2269 from postmanlabs/snyk-upgrade-7c7f3a25e71a47cedf46bbfae8ec76b3
  • 70a84af Merge pull request #2272 from postmanlabs/greenkeeper/postman-runtime-7.24.0
  • a61de85 Merge pull request #2279 from postmanlabs/snyk-fix-3d0c7a240fe1c772921c531b4513264c
  • 79d4bee fix: package.json & package-lock.json to reduce vulnerabilities
  • a162a95 chore(package): update lockfile package-lock.json
  • 5e7eb89 fix(package): update postman-runtime to version 7.24.0
  • ee5664f fix: upgrade xml2js from 0.4.22 to 0.4.23
  • 1b756da fix: upgrade eslint-plugin-jsdoc from 8.3.0 to 8.7.0
  • 98c3727 chore(package): update lockfile package-lock.json
  • ede7f2b fix(package): update postman-request to version 2.88.1-postman.21

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Apr 07 '20 06:04 snyk-bot