plugin-flex-outbound-dialpad icon indicating copy to clipboard operation
plugin-flex-outbound-dialpad copied to clipboard

Published 20 hours ago verified publisher icon twilio-labs

[Snyk] Security upgrade twilio-run from 2.1.1 to 3.4.3

Open twilio-product-security opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • dialpad-functions/package.json
    • dialpad-functions/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-FILETYPE-2958042		 Yes No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: twilio-run The new version differs by 250 commits.
  • e8fcd87 chore(release): publish %s
  • a2eb6d4 chore: remove Node 12 from Actions flow
  • 3b5d673 chore(serverless-api): turn off typedoc for now
  • 63b1319 test(serverless-api): temporarily turn off tests that use file-type
  • d6e1b42 chore(serverless-api): upgrade typescript version
  • 58cebe3 fix(twilio-run): replace listr and fix got usage
  • 970ebbd fix(serverless-api): change file-type package usage
  • b474072 chore(serverless-api): update got & file-type
  • 091b550 chore(twilio-run): update got version
  • 4cec2af chore(runtime-handler): update default twilio to 3.80.0
  • e793c65 chore: override @ types/prettier to fix build
  • fe6335d chore(release): publish %s
  • c96619a chore(release): publish %s
  • 14c33f0 chore: update node warning to 14 when running locally
  • 14cc9cf chore: two other mentions of node 12
  • e03e9b2 chore: updates default node version and messages about deploys
  • 33ca348 chore: update publish script/command
  • fe64e01 chore(release): publish %s
  • dd38dcf chore: highlight breaking Twilio CLI change
  • 38edf42 fix(twilio-run): corrects types
  • 024cad1 fix(runtime-handler): corrects types
  • 8a1c335 chore(plugin-serverless): updates @ twilio/cli-core to 6.0.0
  • c0bd842 chore(plugin-asssets): updates @ twilio/cli-core to 6.0.0
  • 3727708 chore(release): publish %s

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect

twilio-product-security avatar Aug 09 '22 02:08 twilio-product-security