GSA / code-gov-harvester

Stand alone metadata harvester for Code.gov
Creative Commons Zero v1.0 Universal
3 stars 7 forks source link

[Snyk] Security upgrade snyk from 1.316.1 to 1.518.0 #50

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 778/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.7
Server-side Request Forgery (SSRF)
SNYK-JS-NETMASK-1089716
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk The new version differs by 250 commits.
  • 8987918 Merge pull request #1781 from snyk/fix/replace-proxy
  • eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
  • 8045ceb test: update proxy tests for the new proxy global-agent
  • 0d0c76a feat: support lowercase http_proxy envvars
  • e597846 test(proxy): acceptance test for Proxy envvar settings
  • 6d67579 fix: replace vulnerable proxy dependency
  • 1449c57 Merge pull request #1707 from snyk/feat/snyk-fix
  • 3d872fb test: assert exact errors for unsupported
  • 5ebd685 Merge pull request #1777 from snyk/feat/fix-with-version-provenance
  • 17e3431 Merge pull request #1778 from snyk/feat/dont-force-https
  • fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
  • 165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
  • 77e6665 chore: lerna release with exact version
  • f14819f Merge pull request #1760 from snyk/feat/support-critical-in-sarif
  • b286418 feat: v1 support for previously fixed reqs.txt
  • 0384020 feat: basic pip fix -r support
  • f94c558 feat: include pins optionally
  • 66ca77a feat: do not skip files with -r directive
  • bc44f9a refactor: fix individual reqs manifest
  • 6e84322 feat: fix individual file with provenance
  • 9ed99f3 Merge pull request #1764 from snyk/feat/update-code-client
  • c92599b Merge pull request #1774 from snyk/refactor/change-binaries-release-script
  • ca508ac test: smoke test for `snyk fix`
  • c68c7da feat: add @ snyk/fix as a dep
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic