sample-appointment-reminders-node icon indicating copy to clipboard operation
sample-appointment-reminders-node copied to clipboard

Published 20 hours ago verified publisher icon twilio-labs

[Snyk] Fix for 4 vulnerabilities

Open twilio-product-security opened this issue 1 year ago • 0 comments

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		   112  
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		   107  
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		   80  
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		   80  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"body-parser","from":"1.19.0","to":"1.20.3"},{"name":"express","from":"4.17.1","to":"4.21.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BODYPARSER-7926860","priority_score":112,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 11:22:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.86},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BODYPARSER-7926860","priority_score":112,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 11:22:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.86},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-7926867","priority_score":107,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 12:24:12 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","priority_score":80,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 11:48:01 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.42},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","priority_score":80,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 11:48:01 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.42},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SERVESTATIC-7926865","priority_score":80,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 12:14:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.42},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Cross-site Scripting"}],"prId":"4aacec65-91d9-4526-ada4-ec936771a504","prPublicId":"4aacec65-91d9-4526-ada4-ec936771a504","packageManager":"npm","priorityScoreList":[112,107,80,80],"projectPublicId":"b55ead81-813c-4687-9017-43048c0b6cde","projectUrl":"https://app.snyk.io/org/twilio-47w/project/b55ead81-813c-4687-9017-43048c0b6cde?utm_source=github-enterprise&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-JS-BODYPARSER-7926860","SNYK-JS-EXPRESS-7926867","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865"],"vulns":["SNYK-JS-BODYPARSER-7926860","SNYK-JS-EXPRESS-7926867","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

twilio-product-security avatar Sep 12 '24 00:09 twilio-product-security