sample-appointment-reminders-node
sample-appointment-reminders-node copied to clipboard
Published
20 hours ago •
twilio-labs
twilio-labs
[Snyk] Fix for 14 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
619/1000 Why? Has a fix available, CVSS 8.1 |
Prototype Pollution SNYK-JS-AJV-584908 |
Yes | No Known Exploit |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-INI-1048974 |
Yes | Proof of Concept |
|
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
Yes | No Known Exploit |
 |
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392 |
Yes | Proof of Concept |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536528 |
Yes | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536531 |
Yes | No Known Exploit |
 |
410/1000 Why? Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579147 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579152 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579155 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: npm
The new version differs by 250 commits.- 3b4ba65 7.0.0
- bbfc75d chore: fix weird .gitignore thing that happened somehow
- 8a2d375 docs: changelog for v7.0.0
- 365f2e7 [email protected]
- fafb348 [email protected]
- 9306c68 [email protected]
- 569cd64 [email protected]
- ac9fde7 Integration code for @ npmcli/[email protected]
- 704b9cd @ npmcli/[email protected]
- 3955bb9 [email protected]
- da240ef fix: patch config.js to remove duplicate values
- 9ae45a8 [email protected]
- 41ab36d [email protected]
- c474a15 [email protected]
- efc6786 fix: make sure publishConfig is passed through
- 1e4e6e9 docs: v7 using npm config refresh
- 5c1c2da fix: init config aliases
- 5bc7eb2 docs: v7 npm-install refresh
- 1a35d87 7.0.0-rc.4
- 7a5a557 docs: changelog for v7.0.0-rc.4
- f0cf859 chore: dedupe deps
- 0273745 [email protected]
- 7bd47ca @ npmcli/[email protected]
- 9320b8e only escape arguments, not the command name
Package name: twilio
The new version differs by 47 commits.- 07891d5 Release 3.41.0
- 3120c68 [Librarian] Regenerated @ b99d9f1d3667442d965805ac71bf6185ee04b82c
- c76264e fix: remove the lock file since this is a library
- d073d8c fix: Page JSON parsing and integration tests (#546)
- ef0d339 fix: add overloaded TS definitions for non-required params (#545)
- 465d158 fix: Add method overload to VoiceResponse.prototype.play (#544)
- 747a091 fix: don't re-parse parsed JSON (#543)
- 6266910 feat: migrate from deprecated request module to axios (#542)
- 5249e3b [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
- ad2e98b Release 3.40.0
- ec54ee2 [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
- 5a65128 docs: add url parameter documentation in twilio.webhook() (#541)
- 6d96611 fix: proper indentation (#534)
- 3b07aca docs: guide for enabling lazy loading (#532)
- 25ec77d feat: Faster requiring using optional lazy loading (#526)
- deca8ff Release 3.39.5
- f8f368c [Librarian] Regenerated @ 59055a0e4517ecbe8ab584e0f9b38f2a70cd94a8
- 3d0e4a1 Release 3.39.4
- 2d7f7fa [Librarian] Regenerated @ 0d359fdcea150a7f3ec36771ffeb0bd2bf34ea1d
- 412b484 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
- 1294266 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
- 0d96c5b [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
- 1286866 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
- 548eed3 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Insertion of Sensitive Information into Log File 🦉 More lessons are available in Snyk Learn
