node-restify icon indicating copy to clipboard operation
node-restify copied to clipboard

Published 20 hours ago verified publisher icon restify

[Snyk] Security upgrade restify from 8.6.1 to 10.0.0

Open hekike opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/todoapp/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: restify The new version differs by 41 commits.
  • 2053ef6 chore(master): release 10.0.0
  • 3f94e4f chore: upgrade release-please (please work)
  • c21f6a8 chore: remove wrong link from CHANGELOG.md
  • 5795223 feat!: support v18.x
  • f384900 chore: Update example to allow downgrading to http1
  • fa52f60 feat: bump dtrace-provider version to avoid MacOS errors
  • e911d17 chore: upgrade send@^0.18.0
  • c9e5dfd chore: upgrade mime@^3.0.0
  • 15b8458 chore: upgrade semver@^7.0.0
  • 1e25d31 chore: upgrade pidusage@^3.0.0
  • 70370d9 chore: upgrade pino@^8.0.0
  • de36103 chore: upgrade lru-cache@^7.0.0
  • c944080 chore: upgrade uuid@^9.0.0
  • 50bfac7 chore: upgrade csv@^6.0.0
  • 638930c chore(examples): delete bench example in favor of the benchmark script
  • a70880e chore(examples): update socket.io
  • 23a80ae chore(examples): update todoapp
  • 7228b94 chore: bump find-my-way to ^7.2.0
  • caba351 updated package.json [ci skip]
  • bf2e42a updated CHANGELOG.md [ci skip]
  • c15111f chore: drop support for EOL Node.js versions
  • d052b7c feat: deprecate req.closed
  • 839fb4a chore: bump version of http-signature to ^1.3.6 (#1889)
  • cc483e0 chore: remove travis and update github ci (#1878)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

hekike avatar Jun 21 '23 14:06 hekike