sample-appointment-reminders-node icon indicating copy to clipboard operation
sample-appointment-reminders-node copied to clipboard

Published 20 hours ago verified publisher icon twilio-labs

[Snyk] Fix for 4 vulnerabilities

Open twilio-product-security opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm The new version differs by 250 commits.

See the full diff

Package name: twilio The new version differs by 47 commits.
  • 07891d5 Release 3.41.0
  • 3120c68 [Librarian] Regenerated @ b99d9f1d3667442d965805ac71bf6185ee04b82c
  • c76264e fix: remove the lock file since this is a library
  • d073d8c fix: Page JSON parsing and integration tests (#546)
  • ef0d339 fix: add overloaded TS definitions for non-required params (#545)
  • 465d158 fix: Add method overload to VoiceResponse.prototype.play (#544)
  • 747a091 fix: don't re-parse parsed JSON (#543)
  • 6266910 feat: migrate from deprecated request module to axios (#542)
  • 5249e3b [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
  • ad2e98b Release 3.40.0
  • ec54ee2 [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
  • 5a65128 docs: add url parameter documentation in twilio.webhook() (#541)
  • 6d96611 fix: proper indentation (#534)
  • 3b07aca docs: guide for enabling lazy loading (#532)
  • 25ec77d feat: Faster requiring using optional lazy loading (#526)
  • deca8ff Release 3.39.5
  • f8f368c [Librarian] Regenerated @ 59055a0e4517ecbe8ab584e0f9b38f2a70cd94a8
  • 3d0e4a1 Release 3.39.4
  • 2d7f7fa [Librarian] Regenerated @ 0d359fdcea150a7f3ec36771ffeb0bd2bf34ea1d
  • 412b484 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 1294266 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 0d96c5b [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 1286866 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
  • 548eed3 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Server-side Request Forgery (SSRF) 🦉 More lessons are available in Snyk Learn

twilio-product-security avatar Nov 25 '23 16:11 twilio-product-security