rudderlabs
[Snyk] Security upgrade @pyroscope/nodejs from 0.2.6 to 0.2.9
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @pyroscope/nodejs
The new version differs by 19 commits.- 9162a2f Upgrade pprof-nodejs (#59)
- 1233f5f chore: version patch 0.2.9 (#58)
- 670d780 chore(deps): bump axios from 0.26.1 to 0.28.0 (#57)
- e5d1349 chore(deps): Use axios v0.28.0 (#56)
- b14fd00 chore(deps): bump semver and @ commitlint/cli (#51)
- 132e895 chore(deps): Update required min nodejs version to v18 (#55)
- 7dbae7c chore(deps-dev): bump @ babel/traverse from 7.15.4 to 7.23.9 (#49)
- 5cc8f1e chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#48)
- da3f7fa chore(deps-dev): bump json5 from 2.2.0 to 2.2.3 (#52)
- 83a7bd4 chore(deps-dev): bump webpack from 5.52.1 to 5.76.0 (#53)
- 5a4f67e chore(deps-dev): bump tough-cookie from 4.0.0 to 4.1.3 (#54)
- beb3505 chore(deps): bump follow-redirects from 1.14.9 to 1.15.5 (#47)
- 2a46fda chore(deps-dev): bump semver from 5.7.1 to 5.7.2 (#46)
- c867613 chore(deps): bump protobufjs from 6.11.2 to 6.11.4 (#45)
- b31e385 Update README.md (#44)
- 62dbb83 chore: version patch 0.2.8 (#43)
- 30727ff fix: enable typescript declarations (#42)
- 3664b49 chore: Update package.json project metadata (#41)
- 4244d1d Fixing require/import statements in examples (#34)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Request Forgery (CSRF)
Test report for this run is available at: https://test-integrations-dev.s3.amazonaws.com/integrations-test-reports/rudder-transformer/3205/test-report.html
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 87.71%. Comparing base (
46e5797) to head (158133e). Report is 102 commits behind head on develop.
Additional details and impacted files
@@ Coverage Diff @@
## develop #3205 +/- ##
===========================================
+ Coverage 87.70% 87.71% +0.01%
===========================================
Files 550 550
Lines 29585 29616 +31
Branches 7056 7061 +5
===========================================
+ Hits 25947 25978 +31
- Misses 3302 3330 +28
+ Partials 336 308 -28
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR is considered to be stale. It has been open for 20 days with no further activity thus it is going to be closed in 7 days. To avoid such a case please consider removing the stale label manually or add a comment to the PR.
This PR is considered to be stale. It has been open for 20 days with no further activity thus it is going to be closed in 7 days. To avoid such a case please consider removing the stale label manually or add a comment to the PR.