draftjs-examples
draftjs-examples copied to clipboard
Published
20 hours ago •
rajaraodv
rajaraodv
[Snyk] Security upgrade sendgrid from 2.0.0 to 5.2.3
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3 |
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463 |
Yes | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept |
|
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-450202 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-73638 |
Yes | Proof of Concept |
|
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540 |
Yes | No Known Exploit |
|
520/1000 Why? Has a fix available, CVSS 5.9 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281 |
Yes | No Known Exploit |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MINIMIST-559764 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Internal Property Tampering SNYK-JS-TAFFYDB-2992450 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
|
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution npm:lodash:20180130 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: sendgrid
The new version differs by 200 commits.- c29a5c4 Version Bump v5.2.2: Pull #418: Fixed #417
- 8a2436d Merge pull request #418 from SPARTAN563/fix/417-update-index-ts
- 2079172 Version Bump v5.2.1: Pull #413: Handle null and undefined values in substitutions
- 3c4f82b Merge pull request #413 from zoitravel/master
- c2a03cd fix: Update TypeScript definition to correct callback arguments for API
- 59ecaa3 Merge pull request #415 from gabrielkrell/master
- 9eaadeb Add notifications badge, text
- 4d9ea56 handle null and undefined values
- eb7bce7 Version Bump 5.2.0: Pull #410: Cast substitution values to strings
- ae8a935 Merge pull request #410 from dangerismycat/patch-1
- e218c42 Cast substitution values to strings
- ac1818c Version Bump v5.1.2: PR #399: Fix type
- d2235a0 Merge pull request #399 from zoitravel/batchId-type
- 510635a fixed `batch_id` type (string)
- b29d1c6 Merge pull request #395 from sendgrid/test_hello_world
- 617e99f Remove duplicate variable declaration
- 19b36ea Updating test to reflect Hello World Example
- 9767ae6 Version Bump v5.1.1: PR #391 Return personalizations as an array of request compatible JSON.
- c68e7d7 Merge pull request #391 from hpaul/patch-1
- 7dc8567 Return personalizations as an array of request compatible JSON.
- 4af67b1 Update README.md
- 9d448b5 Version Bump v5.1.0: #325 Run prism for tests
- 5a742e2 Correctd supported versions
- 74752b3 Prism now runs local to Travis
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Command Injection 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn
