Zooz / predator

A powerful open-source platform for load testing APIs.
https://zooz.github.io/predator/
Apache License 2.0
576 stars 109 forks source link

[Snyk] Fix for 1 vulnerabilities #658

Closed NivLipetz closed 3 months ago

NivLipetz commented 11 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **758/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3 | Improper Input Validation
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: artillery The new version differs by 250 commits.
  • f449d5d ci: release v2.0.1 of Artillery
  • 498fd09 chore: update package-lock.json
  • add1543 dep(artillery): update dependency-tree to v10
  • c163dc0 feat(fargate): update worker image version
  • b67bebb chore(telemetry): add fake-data plugin to official plugins (#2323)
  • 486ce72 docs: update README
  • 5d82798 ci: release v1.0.1 of artillery-plugin-fake-data
  • 68bb52a fix(fake-data): use correct key to look up config
  • cad8289 chore: update package-lock.json
  • 2def81d ci: publish canary releases of artillery-plugin-fake-data
  • 471bd16 feat(artillery): include artillery-plugin-fake-data
  • 2064ae3 ci: release v1.0.0 artillery-plugin-fake-data (#2320)
  • ed9565a feat(plugins): add official plugin for test data generation (#2318)
  • ecfb4ff ci: release v1.1.0 of artillery-engine-playwright
  • d6a468b ci: release v1.3.0 of artillery-plugin-ensure
  • a8bfa8e ci: release v2.9.0 of artillery-plugin-publish-metrics
  • 18186a1 Merge pull request #2319 from artilleryio/improvements-to-otel-reporter
  • c117677 ci: release v2.3.3 of artillery-plugin-expect
  • 8d8e549 refactor: set tracer only once per test
  • 93d3c90 refactor: remove duplicated attribute setting
  • 572880f ci: release v2.2.2 of @ artilleryio/int-core
  • 12670e3 ci: release v2.0.4 of @ artilleryio/int-commons
  • 642759d ci: set tag to latest explicitly when publishing to npm
  • 9277f14 ci: set latest tag explicitly for @ artilleryio/int-core
See the full diff
Package name: tedious The new version differs by 250 commits.
  • 6b8bd41 Merge pull request #1335 from tediousjs/feature/remove-azure-ms-rest-nodeauth-1238
  • ed81a16 chore(lock): update lock to remove azure auth deps
  • 406ad78 chore: remove adal-node dependency
  • 46f330f chore: remove @ azure/ms-rest-nodeauth dependency
  • 8eca444 feat: convert @ azure/ms-rest-nodeauth to identity
  • 62fd077 Merge pull request #1334 from tediousjs/arthur/specify-azure-tenant-ci
  • b49464e ci: specify azure tenant id
  • 7b4be33 Merge pull request #1333 from tediousjs/arthur/deprecate-azure-options
  • 596e575 feat: deprecate azure authentication options that will be removed
  • 78728b8 Merge pull request #1332 from tediousjs/arthur/fix-benchmarks
  • e4242ad chore: fix `RPCRequest` benchmarks
  • b100407 Merge pull request #1329 from tediousjs/arthur/update-dependencies
  • acf9966 chore: update all `commitlint` packages
  • 6aadb41 chore: update to `@ azure/identity@1.5.2`
  • ff0d009 chore: update to `@ azure/keyvault-keys@4.3.0`
  • 401b3a6 chore: update to `@ typescript-eslint/parser@4.30.0` and `@ typescript-eslint/eslint-plugin@4.30.0`
  • dce6a18 chore: update to `eslint@7.32.0`
  • 7ae2457 chore: update to `@ types/chai@4.2.21`
  • 180e102 chore: update to `node-abort-controller@3.0.0`
  • 6dc3615 chore: update to `sinon@11.1.2`
  • 7cc368e chore: update to `semantic-release@17.4.7`
  • bb1f9d4 chore: upgrade to `@ types/mocha@9.0.0`
  • e1be7ef chore: upgrade to `mocha@9.1.1`
  • 96fc3a5 chore: upgrade to `typedoc@0.21.9`
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/nivlipetz/project/a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/nivlipetz/project/a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"ca8edc2f-b445-4a15-9121-8bba27214b0f","prPublicId":"ca8edc2f-b445-4a15-9121-8bba27214b0f","dependencies":[{"name":"artillery","from":"1.7.9","to":"2.0.1"},{"name":"tedious","from":"9.2.2","to":"13.0.0"}],"packageManager":"npm","projectPublicId":"a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293","projectUrl":"https://app.snyk.io/org/nivlipetz/project/a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-FOLLOWREDIRECTS-6141137"],"upgrade":["SNYK-JS-FOLLOWREDIRECTS-6141137"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[758],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)