search

VoxaAI / voxa

Voxa is a framework that uses state machines to create elegant cross platform conversational experiences.
http://voxa.readthedocs.io/
MIT License
73 stars 26 forks source link

[Snyk] Security upgrade google-auth-library from 1.6.1 to 3.0.0 #347

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: google-auth-library The new version differs by 125 commits.
  • d129a76 Release google-auth-library v3.0.0 (#594)
  • 1c014d8 refactor(deps): use `gaxios` for HTTP requests instead of `axios` (#593)
  • 06da209 chore(deps): update gtoken (#592)
  • d3fb55e fix: some browser fixes (#590)
  • e8d82ca chore(deps): update dependency ts-loader to v5 (#588)
  • b1b7917 chore(deps): update dependency karma to v3 (#587)
  • d4d31be fix(deps): upgrade to gcp-metadata v0.9.3 (#586)
  • d84af7d build: check broken links in generated docs (#579)
  • cf3aedc feat: make it webpackable (#371)
  • 48db9eb docs: update bug report link (#585)
  • ae94be3 chore(deps): drop unused dep on typedoc (#583)
  • 8803dd3 build: add browser test running on Kokoro (#584)
  • 7c498a1 test: improve samples and add tests (#576)
  • 16b776f docs: clarify access and refresh token docs (#577)
  • 9a9d0cf fix: accept lowercase env vars (#578)
  • 05e7adc Release v2.0.2 (#573)
  • 9950ab4 fix(types): export GCPEnv type (#569)
  • 196a99a chore(deps): update dependency @ types/sinon to v7 (#568)
  • 502f43e refactor: use execa for install tests, run eslint on samples (#559)
  • 81e2565 chore(build): inject yoshi automation key (#566)
  • 7e0d8b6 chore: update nyc and eslint configs (#565)
  • 66825d5 chore: fix publish.sh permission +x (#563)
  • 6b623ab fix(build): fix Kokoro release script (#562)
  • d90be81 build: add Kokoro configs for autorelease (#561)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic