DAVFoundation / missioncontrol

🛰 Controls and orchestrates missions between vehicles and DAV users
MIT License
181 stars 156 forks source link

[Snyk] Security upgrade kafka-node from 2.6.1 to 4.0.0 #252

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: kafka-node The new version differs by 50 commits.
  • a5a929e 4.0.0 (#1168)
  • 3961f41 Type of message key could be string or Buffer (#1079)
  • 80f3381 List topics in Admin (#1100)
  • 9521495 Leftover zk (#1167)
  • 0fbcb76 Validation check in ConsumerGroup for empty topic array (#1166)
  • 78fd627 remove zookeeper closes #1145 (#1163)
  • 2e95f50 Use same variable name for example (#1164)
  • a8bcdd4 Add config entries and replica assignment to create topic (#1157)
  • 69ef92b Fixed issue where closed broker could be used to send metadata request closes #995 (#1160)
  • 2340ca2 Error on unsupported message formats (#1151)
  • a39bd8d Remove deprecated nsp (#1148)
  • 34d29dd add support for DescribeConfigs protocol (#1081)
  • 703b7c3 Allow specifying an encoding for ConsumerGroup (#1133)
  • e546072 add sslOptions to ConsumerGroupOptions (#1101)
  • 91e361d Multiple fixes to message ordering and compression, Fixes #298 (#1072)
  • bae641e Don't hang process on shutdown (#797)
  • 2185767 3.0.1 (#1078)
  • bfcc7ff Fix checking new partitions for topics with dots (#1076)
  • 79a49ec Use double ended queue instead of Array for message buffer (#1067)
  • 76f6939 Add test for PR #1066 (#1070)
  • 4e0477e Only set committing=true if it can be set false later (#1066)
  • fd3f578 3.0.0 (#1063)
  • 729584b Add node 10 remove node 9 (#1058)
  • 475a6bb Add kafka 2 to travis test matrix (#1061)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic