search

OpenZeppelin / defender-client

Monorepo for all defender-client npm packages
https://docs.openzeppelin.com/defender/
MIT License
56 stars 47 forks source link

[Snyk] Security upgrade @openzeppelin/defender-autotask-client from 1.54.2 to 1.54.6 #602

Open tirumerla opened 1 month ago

tirumerla commented 1 month ago

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning ``` Failed to update the yarn.lock, please update manually before merging. ```

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793		   833  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/decamelize@1.2.0 None 0 2.94 kB sindresorhus
npm/ini@1.3.8 None 0 9.3 kB isaacs
npm/isexe@2.0.0 environment, filesystem 0 11 kB isaacs
npm/isobject@3.0.1 None 0 6.93 kB doowb
npm/kind-of@6.0.3 None 0 22.8 kB doowb
npm/p-finally@1.0.0 None 0 3.11 kB sindresorhus
npm/resolve-from@4.0.0 filesystem, unsafe 0 4.64 kB sindresorhus
npm/set-blocking@2.0.0 None 0 4.22 kB bcoe

🚮 Removed packages: npm/@babel/code-frame@7.24.2, npm/@babel/helper-validator-identifier@7.24.5, npm/@babel/highlight@7.24.5, npm/@eslint-community/eslint-utils@4.4.0, npm/@eslint-community/regexpp@4.10.0, npm/@eslint/eslintrc@2.1.4, npm/@eslint/js@8.57.0, npm/@humanwhocodes/config-array@0.11.14, npm/@humanwhocodes/module-importer@1.0.1, npm/@jest/expect-utils@29.7.0, npm/@jest/schemas@29.6.3, npm/@jest/types@29.6.3, npm/@nodelib/fs.scandir@2.1.5, npm/@nodelib/fs.stat@2.0.5, npm/@nodelib/fs.walk@1.2.8, npm/@npmcli/fs@3.1.0, npm/@sinclair/typebox@0.27.8, npm/@types/glob@8.1.0, npm/@types/istanbul-lib-coverage@2.0.6, npm/@types/istanbul-lib-report@3.0.3, npm/@types/istanbul-reports@3.0.4, npm/@types/jest@29.5.12, npm/@types/json-schema@7.0.15, npm/@types/lodash@4.17.4, npm/@types/minimatch@5.1.2, npm/@types/node@16.18.97, npm/@types/semver@7.5.8, npm/@types/stack-utils@2.0.3, npm/@types/yargs-parser@21.0.3, npm/@types/yargs@17.0.32, npm/@typescript-eslint/eslint-plugin@5.62.0, npm/@typescript-eslint/parser@5.62.0, npm/@typescript-eslint/scope-manager@5.62.0, npm/@typescript-eslint/type-utils@5.62.0, npm/@typescript-eslint/types@5.62.0, npm/@typescript-eslint/typescript-estree@5.62.0, npm/@typescript-eslint/utils@5.62.0, npm/@typescript-eslint/visitor-keys@5.62.0, npm/@ungap/structured-clone@1.2.0, npm/ajv@6.12.6, npm/ansi-regex@5.0.1, npm/array-union@2.1.0, npm/balanced-match@1.0.2, npm/bl@4.1.0, npm/braces@3.0.3, npm/ci-info@3.9.0, npm/color-convert@2.0.1, npm/color-name@1.1.4, npm/concat-map@0.0.1, npm/debug@4.3.4, npm/dir-glob@3.0.1, npm/duplexer@0.1.2, npm/escalade@3.1.2, npm/eslint-scope@5.1.1, npm/eslint-visitor-keys@3.4.3, npm/eslint@8.57.0, npm/esprima@4.0.1, npm/esrecurse@4.3.0, npm/estraverse@5.3.0, npm/expect@29.7.0, npm/fast-glob@3.3.2, npm/fastq@1.17.1, npm/fill-range@7.1.1, npm/fs-constants@1.0.0, npm/get-caller-file@2.0.5, npm/glob-parent@5.1.2, npm/globby@11.1.0, npm/graphemer@1.4.0, npm/has-flag@4.0.0, npm/is-fullwidth-code-point@3.0.0, npm/is-glob@4.0.3, npm/is-number@7.0.0, npm/jest-matcher-utils@29.7.0, npm/jest-message-util@29.7.0, npm/jest-util@29.7.0, npm/js-tokens@4.0.0, npm/json5@2.2.3, npm/merge2@1.4.1, npm/micromatch@4.0.7, npm/minimist@1.2.8, npm/ms@2.1.2, npm/natural-compare-lite@1.4.0, npm/onetime@5.1.2, npm/path-type@4.0.0, npm/picocolors@1.0.1, npm/picomatch@2.3.1, npm/queue-microtask@1.2.3, npm/react-is@18.3.1, npm/readable-stream@3.6.2, npm/reusify@1.0.4, npm/run-parallel@1.2.0, npm/slash@3.0.0, npm/sprintf-js@1.0.3, npm/stack-utils@2.0.6, npm/string_decoder@1.3.0, npm/strip-bom@3.0.0, npm/through@2.3.8, npm/to-regex-range@5.0.1, npm/tsutils@3.21.0, npm/undici-types@5.26.5, npm/y18n@5.0.8, npm/yallist@4.0.0

View full report↗︎